Security Basics mailing list archives
Re: PCI compliance questions
From: Adam Pal <pal_adam () gmx net>
Date: Wed, 22 Apr 2009 21:27:59 +0200
Hello Abo, 1- according to my understanding, cardholder data is sensitive data. 2- the deadlines are usualy mentioned within the standards (eg. "you should address major findings within x days") 3- sorry, no idea -- Best regards, Adam Pal Wednesday, April 22, 2009, 12:01:54 PM, you wrote: <==============Original message text=============== AS> Hello list, AS> I'm going through some PCI material, and i have the following questions please: AS> 1- Details on what’s considered as sensitive data and what’s not: from AS> a Merchant perspective is provided by Visa on page of AS> https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf; AS> however, i could not find any as for the Acquirer/Issuer/Service AS> Provider perspective; any pointers? AS> 2- what are the deadlines/fines for non compliance, for AS> Merchants/Acquirers/Issuers/Service Providers respectively? AS> 3- being an issuer/acquirer (bank for ex), am i required to comply AS> with PCI DSS? if so, what are the requirements? AS> Thanks, AS> -A/S. AS> ------------------------------------------------------------------------ AS> This list is sponsored by: InfoSec Institute AS> Learn all of the latest penetration testing techniques in InfoSec AS> Institute's Ethical Hacking class. AS> Totally hands-on course with evening Capture The Flag (CTF) AS> exercises, Certified Ethical Hacker and Certified Penetration AS> Tester exams, taught by an expert with years of real pen testing experience. AS> http://www.infosecinstitute.com/courses/ethical_hacking_training.html AS> ------------------------------------------------------------------------ <===========End of original message text===========
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- PCI compliance questions Abo Sous (Apr 22)
- Re: PCI compliance questions Adam Pal (Apr 24)
- Re: PCI compliance questions Mark Loeser (Apr 24)
- Re: PCI compliance questions Jason (Apr 24)
- <Possible follow-ups>
- Re: PCI compliance questions no (Apr 24)
- Re: PCI compliance questions sfmailsbm (Apr 24)