Re: Cardholder security compliance - Debit cards?

["Christopher E. Cramer" <chris.cramer () DUKE EDU>]

Well, my initial comment was probably not printable in a public forum.

In PCI terminology, Mastercard and Visa are holding responsible anyone who
is dealing in cardholder data.  Cardholder data includes the "account
number."  The account number is the payment card number: either a credit
card number or a debit card number.

FWIW, we continue to encounter a variety of merchants and vendors who
either haven't heard of CISP/PCI or claim not to have.  Their general goal
seems to be to get the university to pay for their compliance efforts,
"you're the only one requesting this."  To date we've been able to get
them all to see things our way :-)

good luck
-c

--
Christopher E. Cramer, Ph.D.
University Information Technology Security Officer
Duke University,  Office of Information Technology
334 Blackwell St., Suite 2106, Durham, NC 27701
PH: 919-660-7003  FAX: 919-668-2953  CELL: 919-210-0528

On Tue, 28 Jun 2005, Theresa M Rowe wrote:

> We have an ID card system that is linked to a credit
> union "one card" program.  We store the ISO numbers that
> provide the account for debit card purposes.  The credit
> card system folks "had never heard of" the cardholder
> security program and so far say it does not apply to a
> MasterCard debit card.
>
> Comments???
> Theresa Rowe
> Assistant Vice President
> University Technology Services
> www.oakland.edu/uts - the latest news from University Technology Services