Educause Security Discussion mailing list archives
Re: Cardholder security compliance - Debit cards?
From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Tue, 28 Jun 2005 15:40:02 -0400
Well, my initial comment was probably not printable in a public forum. In PCI terminology, Mastercard and Visa are holding responsible anyone who is dealing in cardholder data. Cardholder data includes the "account number." The account number is the payment card number: either a credit card number or a debit card number. FWIW, we continue to encounter a variety of merchants and vendors who either haven't heard of CISP/PCI or claim not to have. Their general goal seems to be to get the university to pay for their compliance efforts, "you're the only one requesting this." To date we've been able to get them all to see things our way :-) good luck -c -- Christopher E. Cramer, Ph.D. University Information Technology Security Officer Duke University, Office of Information Technology 334 Blackwell St., Suite 2106, Durham, NC 27701 PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528 On Tue, 28 Jun 2005, Theresa M Rowe wrote:
We have an ID card system that is linked to a credit union "one card" program. We store the ISO numbers that provide the account for debit card purposes. The credit card system folks "had never heard of" the cardholder security program and so far say it does not apply to a MasterCard debit card. Comments??? Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology Services
Current thread:
- Cardholder security compliance - Debit cards? Theresa M Rowe (Jun 28)
- <Possible follow-ups>
- Re: Cardholder security compliance - Debit cards? Christopher E. Cramer (Jun 28)