Re: VISA Net audit?

[Info <info () COMPLYGUARDNETWORKS COM>]

Any one that collects, stores, or transmits card holder data must meet the
PCI security requirements. The good news is once you are complaint, all the
cards (VISA, Amex, Discover, JCB, and MasterCard) are covered.

Here is the VISA link:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_merchan
ts.html?it=l2|/business/accepting_visa/ops_risk_management/cisp_service_prov
iders%2Ehtml|Merchants

The requirements are based on transaction volume (not revenue) that
determine what each merchant must do to be compliant. June 30 is the
deadline or the risk of fines and penalties are possible, up and including
the loss of the ability to use cards as a form of payment.

Please contact me off list if you would like more information. Your
questions are welcomed.

Michael  Johnson
ComplyGuard Networks
mjohnson () complyguardnetworks com

-----Original Message-----
From: Doug Sandford [mailto:dsandfor () SEEBECK UA EDU]
Sent: Friday, June 03, 2005 3:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] VISA Net audit?


Our Loans Receivables group called a couple of days ago to alert me
to an audit requirement that has been imposed by Visa(Net), for whom
we are a "merchant."   The process involves a self-assessment,
together with a "Quarterly Network Security Scan" that must be
conducted by a Visa-certified third party.

Have any of you received the same notification? And how did you deal
with what we are told is a June 30 compliance date?

Regards, and thanks in advance.




Doug Sandford
Information Security Officer
University of Alabama
Seebeck Computer Center
doug () ua edu

This email is intended only for the person to whom it is
addressed.  Any review or other use of this information by
persons or entities other than the intended recipient or any
retransmission without the consent of the sender is prohibited.