Educause Security Discussion mailing list archives
Re: PCI compliance question
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Thu, 8 Jul 2010 15:08:17 -0400
On 7/8/2010 3:01 PM, Lazarus, Carolann wrote:
My issue with this is that he said the machines transmit the CC to the server. I'm not an expert, but I believe any transmission of CC falls under PCI, even if the transaction is rejected. The transmission has to be secure. IMO
Along a similar vein... I caught the tail-end of a committee meeting request to put a "Red Box"-like machine on campus to rent DVDs and video games. It takes [real] credit cards. They wanted an "Internet" connection from us. Is the PCI responsibility on the box-owner/vendor, or will we become the unwilling participant in a PCI network by providing such a connection? Not sure where "the buck stops" with respect to a turnkey appliance sort of device, nor exactly how it technically differs from a user doing CC transactions from their own computer (over our network). Jeff
Current thread:
- Re: PCI compliance question, (continued)
- Re: PCI compliance question Hudson, Edward (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Lazarus, Carolann (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Michael Benedetto (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Sarazen, Daniel (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Kevin Hayes (Jul 08)
- Re: PCI compliance question Eric C. Lukens (Jul 08)
- Re: PCI compliance question Lazarus, Carolann (Jul 08)
- Re: PCI compliance question Jeff Kell (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Jon Hanny (Jul 08)
- Re: PCI compliance question Marley, Tim (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Paul Kendall (Jul 09)
- Re: PCI compliance question Joel Rosenblatt (Jul 09)