Educause Security Discussion mailing list archives
Re: PCI SSC - Special Interest Groups
From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Thu, 19 Jul 2012 21:17:14 +0000
Well, that'll be nice for a very limited set of my merchants. *very* limited. Once you can actually buy the gear and services, that is. -jml -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Pirolo Sent: Thursday, July 19, 2012 3:34 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI SSC - Special Interest Groups Lowe and behold, a new SAQ for P2PE devices... https://www.pcisecuritystandards.org/documents/PCI_SAQ_P2PE-HW_v2.pdf This may answer a few of my questions. On Thu, 2012-07-19 at 09:36 -0700, David Pirolo wrote:
Unfortunately I don't have a subscription for full access to this article. Essentially this is saying to work with your acquirer or payment brand to make the determination on how it best fits. The confusion is that our accquirer has stated that we need to follow SAQ-cvt. The issue with this is Requirement 4, which states open public network. What about the requirements for the college private networks that this may be connecting through? Based on this doc I believe that it's a mute issue for the merchant and responsibility falls to the solution provider if the device is P2PE. The merchant would just be responsible for securing the device. https://www.pcisecuritystandards.org/documents/P2PE_%20v%201-1.pdf The other issue is requirement 5-AV software. The P2PE doc doesn't appear to address that. -David On Thu, 2012-07-19 at 10:59 +0000, Davis, Thomas R wrote:Hi David, This from Walt Conway regarding mobile devices: "Both MasterCard and Visa have issued their guidelines which I've written about at StorefrontBacktalk: http://storefrontbacktalk.com/securityfraud/mobile-pos-moves-forward-with-mastercards-blessing/ and http://storefrontbacktalk.com/securityfraud/visa-joins-mastercard-in-relegating-pci-to-an-afterthought/."
Current thread:
- PCI SSC - Special Interest Groups Davis, Thomas R (Jul 18)
- Re: PCI SSC - Special Interest Groups David R. Millar (Jul 18)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 18)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 18)
- Re: PCI SSC - Special Interest Groups Davis, Thomas R (Jul 19)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 19)
- Re: PCI SSC - Special Interest Groups David Pirolo (Jul 19)
- Re: PCI SSC - Special Interest Groups John Ladwig (Jul 19)
- Re: PCI SSC - Special Interest Groups Davis, Thomas R (Jul 20)