Security Basics mailing list archives

RE: PCIDS Standard

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Mon, 23 May 2005 17:59:51 -0400

I don't know the answer to any of your questions, but I wanted to
comment...if you are a computer security person it may pay to take a
look at the PCIDSS documentation. It's an excellent example of a general
ecommerce security policy. I've reviewed it a few times, even
volunteered to help particpate in its creation, and it is a great
example of a general security policy. 

Anyone have the link handy?? (I'm offsite at the moment)

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: Richard Piedrahita [mailto:piedrahr () wchsys org] 
Sent: Monday, May 23, 2005 12:33 PM
To: security-basics () securityfocus com
Subject: PCIDS Standard

Hello:

This note is not to question the wisdom of the Payment Card Information
Data Security Standard due to become effective on June 30 here.

What I would like to find out is if this is something that the card
companies are adopting and are pushing on down to their merchants (it
looks like it is), or, is this another regulation/law somewhere that
needs to be tracked and checked off as "Compliant" for all businesses
that accept credit card payments of one sort or another?

Is there any information on how to identify which business software is
in compliance with this standard (at least for small retail or
restaurant like businesses)?

Thanks,
Rick.

Richard J. Piedrahita
Information Services
WCHS, Inc.
301-790-8902


***** CONFIDENTIALITY NOTICE *****
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system.

Current thread:

PCIDS Standard Richard Piedrahita (May 23)
- Re: PCIDS Standard Security (May 24)
- <Possible follow-ups>
- RE: PCIDS Standard Roger A. Grimes (May 24)
  - RE: PCIDS Standard Anthony J Placilla (May 26)
- RE: PCIDS Standard Roger A. Grimes (May 26)