Educause Security Discussion mailing list archives
Re: [External] [SECURITY] PCI keeping it simple
From: "Ludwig, Linda" <LUDWIGL () GRINNELL EDU>
Date: Tue, 23 Apr 2019 21:09:59 +0000
Where do you sign up for the PCI listserv? I couldn't find it among the EDUCAUSE lists. Thanks, Linda Linda Ludwig Information Security Awareness Specialist Grinnell College Information Technology Services The Forum 1119 6th Avenue Grinnell, IA 50112 641-269-9977 Technology Services Desk: 641-269-4901 grinnell.edu<https://www.grinnell.edu/> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Thierry Lechler Sent: Tuesday, April 23, 2019 3:34 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] [External] [SECURITY] PCI keeping it simple Just a side note, if you aren't on the PCI listserv, you should definitely join up. Square comes up fairly regularly. To paraphrase from the listserv: Square devices won't provide any PCI scope reduction, at least not without approval from your acquirer. There are other devices (Clover, Bluefin, cardconnect, etc.) that provide the same abilities, including a reduced PCI scope. Square just happens to be a more familiar name. I've also heard that Square is difficult to work with contractually (I've never personally tried). The security may be there, but the legal language and reduced scope might not be. Thank you, Thierry Lechler - MHR, PCIP Information Security Professional III UCF INFOSEC University of Central Florida Office: 407.823.3825 Thierry.Lechler () ucf edu<mailto:Thierry.Lechler () ucf edu> infosec.ucf.edu<https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Finfosec.ucf.edu-252F-26data-3D02-257C01-257C-257Ce465abbb03124699cb4808d61e475deb-257Cbb932f15ef3842ba91fcf3c59d5dd1f1-257C0-257C0-257C636729689187530544-26sdata-3DcAJz94V7YiSVIW8tNB8qR06btSK4-252F81Om-252B-252BKG0lsh6c-253D-26reserved-3D0&d=DwMFAg&c=HUrdOLg_tCr0UMeDjWLBOM9lLDRpsndbROGxEKQRFzk&r=3FWhhRZ86wLnJQbceVqVZiaCyjWq2cIkJzKZvEb4Ctw&m=eMytPDMmKUP0J3Bw-ULZ8QuknKJPR4SAbiMf_gxf3S4&s=2y9_xXWiRAhkAX32HtD-9Zc-NB7LMx-PAZWl3ic8cqc&e=> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Bukaweski, Dylan S Sent: Tuesday, April 23, 2019 4:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] [External] [SECURITY] PCI keeping it simple What kind of devices are being used currently? It may be that the existing devices are on the PCI council's list of validated point-to-point encryption solutions while Square is not. [https://i.imgur.com/H3DO0nn.png] Dylan Bukaweski Information Security Analyst Providence College p: 401-865-1560 m: 813-323-0817 e: dbukawes () providence edu<mailto:dbukawes () providence edu> [http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/linkedin_sig.png]<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.linkedin.com-252Fin-252Fdylan-2Dbukaweski-2D09977a105-252F-26data-3D02-257C01-257Cthierry.lechler-2540UCF.EDU-257C1fec4732bdd041e2892408d6c8283805-257Cbb932f15ef3842ba91fcf3c59d5dd1f1-257C0-257C0-257C636916472405505919-26sdata-3DcMu1QD8JJ5O-252BH0IbLppy83hjLVmCXJFOmcFBENo4fLo-253D-26reserved-3D0&d=DwMFAg&c=HUrdOLg_tCr0UMeDjWLBOM9lLDRpsndbROGxEKQRFzk&r=3FWhhRZ86wLnJQbceVqVZiaCyjWq2cIkJzKZvEb4Ctw&m=eMytPDMmKUP0J3Bw-ULZ8QuknKJPR4SAbiMf_gxf3S4&s=xvwLLstlOhhOFCt_iEgRF2lL8QmOk3p0DxPN8VGkh4g&e=> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Yost, Davis Sent: Tuesday, April 23, 2019 4:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [External] [SECURITY] PCI keeping it simple Question: So, I was just asked how is this different then the devices that our one card vendor sells us? https://squareup.com/help/us/en/article/3797-secure-data-encryption<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fsquareup.com-252Fhelp-252Fus-252Fen-252Farticle-252F3797-2Dsecure-2Ddata-2Dencryption-26data-3D02-257C01-257Cthierry.lechler-2540UCF.EDU-257C1fec4732bdd041e2892408d6c8283805-257Cbb932f15ef3842ba91fcf3c59d5dd1f1-257C0-257C0-257C636916472405515923-26sdata-3D-252FBteyKrK-252Biu9RJCB3LKEaxqsQnrhZMMhflufBRzHgi8-253D-26reserved-3D0&d=DwMFAg&c=HUrdOLg_tCr0UMeDjWLBOM9lLDRpsndbROGxEKQRFzk&r=3FWhhRZ86wLnJQbceVqVZiaCyjWq2cIkJzKZvEb4Ctw&m=eMytPDMmKUP0J3Bw-ULZ8QuknKJPR4SAbiMf_gxf3S4&s=tjKckrl5OaL9qtKEGGrFDc-2NwCzNmE47F6H14bBzug&e=> Is anyone allowing or using Square on their administration production network? Thoughts?? Thank you, Davis Yost Associate Director, Information Technology Security yost () northwood edu<mailto:yost () northwood edu> 989.837.4185 office 989.837.4184 fax Developing Leaders of a Global Free-Enterprise This email originated from outside of Providence College. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Current thread:
- PCI keeping it simple Yost, Davis (Apr 23)
- Re: PCI keeping it simple Haselhoff, Brent (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Bukaweski, Dylan S (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Ludwig, Linda (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: PCI keeping it simple Paul Chauvet (Apr 23)