Educause Security Discussion mailing list archives
Re: Credit Card Authorization
From: Chad McDonald <chad.mcdonald () GCSU EDU>
Date: Fri, 20 May 2005 09:47:14 -0400
For those of you not on the CIO listserve, the following may be of interest: NACUBO is sponsoring a webcast on this very topic next Tuesday, May 24. See http://www.nacubo.org/x6156.xml Afterward, we hope to formulate a more comprehensive strategy. Don ______________________________________ Don Volz Interim Director, Technology Resources Texas State University-San Marcos Email: <mailto:don.volz () txstate edu> don.volz () txstate edu Voice: 512-245-2501 FAX: 512-245-8597 _____ From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Argo Sent: Tuesday, May 17, 2005 10:16 AM To: CIO () LISTSERV EDUCAUSE EDU Subject: [CIO] Cardholder Information Security Program (CISP) Compliance Recently we received a payment card industry (PCI) self-assessment questionnaire to complete in demonstrating our compliancy with CISP. I am interested in hearing from others who have been involved with this compliance issue and what methods you used to meet compliancy. What qualified scan vendor are you using and how did you determine that choice? Here is some information about the program: CISP compliance is required of all merchants and service providers that store, process, or transmit Visa cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. To achieve compliance with CISP, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. The standard is a result of a collaboration between Visa and MasterCard and is designed to create common industry security requirements, incorporating the CISP requirements. It appears that the Payment Card Industry Data Security Standard as of January 2005 has been adopted as a joint standard for all the credit card companies. Also as part of the compliancy includes running internal and external network vulnerability scans at least quarterly. Additionally the external vulnerability scans must be performed by a scan vendor qualified by the payment card industry. Thanks! Mike Argo Security and Compliance Officer Information Technology Services Mississippi State University mikeargo () its msstate edu Phone: 662-325-9311 Fax: 662-717-4011 Thanks, Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University 478.445.4473 Office 478.454.8250 Cell 478.445.1202 Fax _____ From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chad McDonald Sent: Thursday, May 19, 2005 12:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Credit Card Authorization We are looking for recomendations for vendors that provide credit card services, particularly in relations to university alumni. The solutions that we have been presented with to date require that credit card information be stored on local resources, a practice that makes me particularly wary. If any of your institutions have had success in implementing an alumni oriented portal or donation system that securely authorizes credit cards and does not store any credit information locally, I would appreciate any information that you could provide. Thanks, Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University 478.445.4473 Office 478.454.8250 Cell 478.445.1202 Fax ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Credit Card Authorization Chad McDonald (May 19)
- <Possible follow-ups>
- Re: Credit Card Authorization Wood, Anne M (wood) (May 19)
- Re: Credit Card Authorization Paul R DeStefano (May 19)
- Re: Credit Card Authorization George Koszegi (May 19)
- Re: Credit Card Authorization Chad McDonald (May 20)