Security Basics mailing list archives
Re: Is PCI Compliance Mandatory
From: "Jason Thompson" <securitux () gmail com>
Date: Sun, 13 Jan 2008 23:50:05 -0500
If any credit card data passes through your information systems, then yes. For example I just did an app assessment for an organization that had all their transactions processed by a CC processing vendor however their web application took the CC data and forwarded it, therefore they were under PCI DSS.
From the PCI DSS 1.1:
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply. -J On 12 Jan 2008 10:31:45 -0000, <global.infosec () gmail com> wrote:
Recently our organisation decided not to store credit card numbers in our databases of our retail outlets. Do we still need to comply to PCI DSS?
Current thread:
- Is PCI Compliance Mandatory global . infosec (Jan 12)
- RE: Is PCI Compliance Mandatory Craig Wright (Jan 14)
- Re: Is PCI Compliance Mandatory J. Lion (Jan 14)
- RE: Is PCI Compliance Mandatory Palmer, Mark (Jan 14)
- Re: Is PCI Compliance Mandatory Chad Loder (Jan 14)
- RE: Is PCI Compliance Mandatory Abimbola, Abiola (Jan 14)
- Re: Is PCI Compliance Mandatory Jason Thompson (Jan 14)
- <Possible follow-ups>
- Re: Is PCI Compliance Mandatory cstubbs (Jan 14)
- Re: RE: Is PCI Compliance Mandatory marc . massar (Jan 14)
- Re: Is PCI Compliance Mandatory evilwon12 (Jan 14)