Re: PCI Compliance for external e-commerce vendors

["j.price" <j.price () DOMAIL MARICOPA EDU>]

Kim,

When you are using a third party vendor,  you request verification from
them that they are PCI compliant. We request that of our vendors and
make sure there is language in our contract that states who is
responsible if there is a breach.

Janet

Kim Cary wrote:

> Hi folks,
>
> I'm trying to settle what we should do for PCI compliance with big
> external e-commerce vendors, e.g. Verisign.
>
> PCI compliance scanning:
> Do you scan their site (as you would an internal one)? Seems like a
> violation of their terms.
> Do you scan the page you use to link to them (the one with NO CC
> inputs)?
>
> PCI compliance documentation:
> Are you certifying PCI compliance for the external e-commerce vendor
> if the only thing you are getting back from them is the masked CCN &
> a transaction ID?
>
> Kim Cary, Ed. D.
> Infrastructure Security Administrator
> M-F 7-4 ~ 310 506 6655


--
Janet Price
Maricopa Online
Student Self Services
2411 W 14th St
Tempe Arizona, 85281
(480)731-8730

100 years from now, it will not matter what my bank account was, how big my house was, or what kind of car I drove. But 
the world may be a little better, because I was important, in the life of a child.
-Forest Witcraft