Security Basics mailing list archives

Re: PCIDS Standard

From: Security <security () ucw com au>
Date: Tue, 24 May 2005 09:55:02 +1000

Hi,

Go to mastercards web site and download all of the relevant documents.

They include:
Overviews
Questionares for self assesment
etc

The security standard you need to meet will vary depending on the amountof transactions you make in a month.

They have given everyone a very short time frame to play with and theyalso expect you to get a company like Verisign to peform an externalaudit (port scan) plus a few other tasks, again, depending on the amountof monthy transactions you make.

Custom software isn't a problem, as long as you have proceedures inplace. eg, all filing cabinets with card information must be locked andkey holders must sign a document.

As this is a ass covering exercise on mastercards behalf, you will onlyhave problems if your company is comprismised and card info is taken.Then mastercard will expect you to have the security standard, and ifyou dont, they charge you about $4 per card stolen or something similar.


I hope this is want you needed to know

Regards,

Todd Cummings.

Richard Piedrahita wrote:

Hello:

This note is not to question the wisdom of the Payment Card
Information Data Security Standard due to become effective on June 30
here.

What I would like to find out is if this is something that the card
companies are adopting and are pushing on down to their merchants (it
looks like it is),
or,
is this another regulation/law somewhere that needs to be tracked and
checked off as "Compliant" for all businesses that accept credit card
payments of one sort or another?

Is there any information on how to identify which business software is
in compliance with this standard (at least for small retail or
restaurant like businesses)?

Thanks,
Rick.

Richard J. Piedrahita
Information Services
WCHS, Inc.
301-790-8902


***** CONFIDENTIALITY NOTICE *****
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system.

Current thread:

PCIDS Standard Richard Piedrahita (May 23)
- Re: PCIDS Standard Security (May 24)
- <Possible follow-ups>
- RE: PCIDS Standard Roger A. Grimes (May 24)
  - RE: PCIDS Standard Anthony J Placilla (May 26)
- RE: PCIDS Standard Roger A. Grimes (May 26)