Re: PCI compliance questions

[Adam Pal <pal_adam () gmx net>]

Hello Abo,

1- according to my understanding, cardholder data is sensitive data.

2- the deadlines are usualy mentioned within the standards (eg. "you
should address major findings within x days")

3- sorry, no idea

-- 
Best regards,
 Adam Pal   

Wednesday, April 22, 2009, 12:01:54 PM, you wrote:

<==============Original message text===============
AS> Hello list,

AS> I'm going through some PCI material, and i have the following questions please:

AS> 1- Details on what’s considered as sensitive data and what’s not: from
AS> a Merchant perspective is provided by Visa on page of
AS> https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf;
AS> however, i could not find any as for the Acquirer/Issuer/Service
AS> Provider perspective; any pointers?
AS> 2- what are the deadlines/fines for non compliance, for
AS> Merchants/Acquirers/Issuers/Service Providers respectively?
AS> 3- being an issuer/acquirer (bank for ex), am i required to comply
AS> with PCI DSS? if so, what are the requirements?

AS> Thanks,
AS> -A/S.

AS> ------------------------------------------------------------------------
AS> This list is sponsored by: InfoSec Institute

AS> Learn all of the latest penetration testing techniques in InfoSec
AS> Institute's Ethical Hacking class. 
AS> Totally hands-on course with evening Capture The Flag (CTF)
AS> exercises, Certified Ethical Hacker and Certified Penetration
AS> Tester exams, taught by an expert with years of real pen testing experience.

AS> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
AS> ------------------------------------------------------------------------

<===========End of original message text===========

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature