Educause Security Discussion mailing list archives
PCI Compliance for external e-commerce vendors
From: Kim Cary <Kim.Cary () PEPPERDINE EDU>
Date: Mon, 12 Feb 2007 15:03:20 -0800
Hi folks, I'm trying to settle what we should do for PCI compliance with big external e-commerce vendors, e.g. Verisign. PCI compliance scanning: Do you scan their site (as you would an internal one)? Seems like a violation of their terms. Do you scan the page you use to link to them (the one with NO CC inputs)? PCI compliance documentation: Are you certifying PCI compliance for the external e-commerce vendor if the only thing you are getting back from them is the masked CCN & a transaction ID? Kim Cary, Ed. D. Infrastructure Security Administrator M-F 7-4 ~ 310 506 6655
Current thread:
- PCI Compliance for external e-commerce vendors Kim Cary (Feb 12)
- <Possible follow-ups>
- Re: PCI Compliance for external e-commerce vendors j.price (Feb 12)
- Re: PCI Compliance for external e-commerce vendors Theresa M Rowe (Feb 13)