Educause Security Discussion mailing list archives
Re: PCI SSC - Special Interest Groups
From: David Pirolo <webmaster () WARNERPACIFIC EDU>
Date: Thu, 19 Jul 2012 09:36:27 -0700
Unfortunately I don't have a subscription for full access to this article. Essentially this is saying to work with your acquirer or payment brand to make the determination on how it best fits. The confusion is that our accquirer has stated that we need to follow SAQ-cvt. The issue with this is Requirement 4, which states open public network. What about the requirements for the college private networks that this may be connecting through? Based on this doc I believe that it's a mute issue for the merchant and responsibility falls to the solution provider if the device is P2PE. The merchant would just be responsible for securing the device. https://www.pcisecuritystandards.org/documents/P2PE_%20v%201-1.pdf The other issue is requirement 5-AV software. The P2PE doc doesn't appear to address that. -David On Thu, 2012-07-19 at 10:59 +0000, Davis, Thomas R wrote:
Hi David, This from Walt Conway regarding mobile devices: "Both MasterCard and Visa have issued their guidelines which I've written about at StorefrontBacktalk: http://storefrontbacktalk.com/securityfraud/mobile-pos-moves-forward-with-mastercards-blessing/ and http://storefrontbacktalk.com/securityfraud/visa-joins-mastercard-in-relegating-pci-to-an-afterthought/."
Current thread:
- PCI SSC - Special Interest Groups Davis, Thomas R (Jul 18)
- Re: PCI SSC - Special Interest Groups David R. Millar (Jul 18)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 18)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 18)
- Re: PCI SSC - Special Interest Groups Davis, Thomas R (Jul 19)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 19)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 19)
- Re: PCI SSC - Special Interest Groups John Ladwig (Jul 19)
- Re: PCI SSC - Special Interest Groups Davis, Thomas R (Jul 20)