Educause Security Discussion mailing list archives

Re: VISA Net audit?

From: Willis Marti <wmarti () TAMU EDU>
Date: Fri, 3 Jun 2005 14:38:55 -0500

Our Loans Receivables group called a couple of days ago to alert me
to an audit requirement that has been imposed by Visa(Net), for whom
we are a "merchant."   The process involves a self-assessment,
together with a "Quarterly Network Security Scan" that must be
conducted by a Visa-certified third party.

Have any of you received the same notification? And how did you deal
with what we are told is a June 30 compliance date?


The standard changed in January. Best explanation is
 http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html

Key point is defining the "merchant". Your credit card volume determines exact
requirements. Fortunately all ours are Level 4. It's a pain but we're
treating the deadline as real. Installing firewalls and documenting
network connected CC processing systems.
--
Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University

Current thread:

VISA Net audit? Doug Sandford (Jun 03)
- <Possible follow-ups>
- Re: VISA Net audit? Theresa M Rowe (Jun 03)
- Re: VISA Net audit? Austin Winkleman (Jun 03)
- Re: VISA Net audit? Willis Marti (Jun 03)
- Re: VISA Net audit? Lanham, Sean (Jun 03)
- Re: VISA Net audit? Info (Jun 03)
- Re: VISA Net audit? David Todd (Jun 03)
- Re: VISA Net audit? Mike Iglesias (Jun 03)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Willis Marti (Jun 10)