Security Basics mailing list archives

Re: Is PCI Compliance Mandatory

From: "Jason Thompson" <securitux () gmail com>
Date: Sun, 13 Jan 2008 23:50:05 -0500

If any credit card data passes through your information systems, then
yes. For example I just did an app assessment for an organization that
had all their transactions processed by a CC processing vendor however
their web application took the CC data and forwarded it, therefore
they were under PCI DSS.

From the PCI DSS 1.1:


PCI DSS requirements are applicable if a Primary Account Number (PAN)
is stored, processed, or
transmitted. If a PAN is not stored, processed, or transmitted, PCI
DSS requirements do not apply.

-J

On 12 Jan 2008 10:31:45 -0000,  <global.infosec () gmail com> wrote:

Recently our organisation decided not to store credit card numbers in our databases of our retail outlets.

Do we still need to comply to PCI DSS?

Current thread:

Is PCI Compliance Mandatory global . infosec (Jan 12)
- RE: Is PCI Compliance Mandatory Craig Wright (Jan 14)
- Re: Is PCI Compliance Mandatory J. Lion (Jan 14)
- RE: Is PCI Compliance Mandatory Palmer, Mark (Jan 14)
- Re: Is PCI Compliance Mandatory Chad Loder (Jan 14)
- RE: Is PCI Compliance Mandatory Abimbola, Abiola (Jan 14)
- Re: Is PCI Compliance Mandatory Jason Thompson (Jan 14)
- <Possible follow-ups>
- Re: Is PCI Compliance Mandatory cstubbs (Jan 14)
- Re: RE: Is PCI Compliance Mandatory marc . massar (Jan 14)
- Re: Is PCI Compliance Mandatory evilwon12 (Jan 14)