Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

PCI Compliance for external e-commerce vendors

From: Kim Cary <Kim.Cary () PEPPERDINE EDU>
Date: Mon, 12 Feb 2007 15:03:20 -0800
Hi folks,

I'm trying to settle what we should do for PCI compliance with big
external e-commerce vendors, e.g. Verisign.

PCI compliance scanning:
Do you scan their site (as you would an internal one)? Seems like a
violation of their terms.
Do you scan the page you use to link to them (the one with NO CC
inputs)?

PCI compliance documentation:
Are you certifying PCI compliance for the external e-commerce vendor
if the only thing you are getting back from them is the masked CCN &
a transaction ID?

Kim Cary, Ed. D.
Infrastructure Security Administrator
M-F 7-4 ~ 310 506 6655
Previous By Date Next
Previous By Thread Next

Current thread: