BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best Western Response

From: "Jeffrey Walton" <noloader () gmail com>
Date: Tue, 26 Aug 2008 16:50:54 -0400
So who was the last quarterly PCI auditor for Best Western?

Sounds like Authur Andersen
[http://en.wikipedia.org/wiki/Arthur_Andersen]. Did  they re-invent
themselves...

On 8/26/08, Harris, Michael C. <HarrisMC () health missouri edu> wrote:

There is something missing here, that doesn't true out with the
expectations in the PCI standard for a level one payer.  Smaller mom and
pop level four establishment may slip by, but the mandatory audits of
level one folks should be forcing some change across the hospitality
industry... Perhaps slowly.  It should have been identified as an audit
point with a remediation plan in the quarterly or yearly PCI audit.

So who was the last quarterly PCI auditor for Best Western? Is PCI that
broken or ignored?

Level One 6,000,000 transactions per year
Annual On-site PCI Data Security Assessment and Quarterly Network Scan
Qualified Security Assessor or Internal Audit if signed by Officer of
the company Approved Scanning Vendor

Level Two  1,000,000 to 6,000,000 transactions
Annual On-site PCI Data Security Assessment and Quarterly Network Scan
Merchant Approved Scanning Vendor

[SNIP]

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: