Educause Security Discussion mailing list archives

Re: VISA Net audit?

From: "Lanham, Sean" <slanham () UTA EDU>
Date: Fri, 3 Jun 2005 14:40:36 -0500

The compliance date and tasks depend on the defined level for your
institution, which is based upon the number of yearly transactions.

Check this link -->
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_mer
chants.html?it=search


-----Original Message-----
From: Doug Sandford [mailto:dsandfor () SEEBECK UA EDU] 
Sent: Friday, June 03, 2005 2:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] VISA Net audit?

Our Loans Receivables group called a couple of days ago to alert me 
to an audit requirement that has been imposed by Visa(Net), for whom 
we are a "merchant."   The process involves a self-assessment, 
together with a "Quarterly Network Security Scan" that must be 
conducted by a Visa-certified third party. 

Have any of you received the same notification? And how did you deal 
with what we are told is a June 30 compliance date?

Regards, and thanks in advance.




Doug Sandford
Information Security Officer
University of Alabama
Seebeck Computer Center
doug () ua edu

This email is intended only for the person to whom it is
addressed.  Any review or other use of this information by 
persons or entities other than the intended recipient or any
retransmission without the consent of the sender is prohibited.

Current thread:

VISA Net audit? Doug Sandford (Jun 03)
- <Possible follow-ups>
- Re: VISA Net audit? Theresa M Rowe (Jun 03)
- Re: VISA Net audit? Austin Winkleman (Jun 03)
- Re: VISA Net audit? Willis Marti (Jun 03)
- Re: VISA Net audit? Lanham, Sean (Jun 03)
- Re: VISA Net audit? Info (Jun 03)
- Re: VISA Net audit? David Todd (Jun 03)
- Re: VISA Net audit? Mike Iglesias (Jun 03)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Willis Marti (Jun 10)