Re: PCI compliance

["Hatala, Jeffrey" <hatala_j () SUNYBROOME EDU>]

Hello Lee,

 

Depending on how you are capturing your CC#s you may see different parts
eliminated from the compliancy list.  We use
http://www.securitymetrics.com/   The fee is $699.00, however since we
are an M&T Bank customer and they have a fee break with Security
Metrics, our costs is $139.00 per year.  This gives us 4 automatic scan
audits on our web server, (one way we capture).  We can also log in to
their website and run scans any time. There is the PCI self
questionnaire on their website that needs to be filled out.  These are
the questions you need to ask your Department and IT staff.  All the
info resides on Security Metrics and THEY now act as our liaison to the
PCI group that our college reports to.    

 

Hope this helps. 

Make it a great day!
Jeff Hatala

CISSP - "want to be"

 

 

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lee Weers
Sent: Wednesday, March 26, 2008 9:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PCI compliance

 

We discovered a department on campus that is still processing credit
cards, and I am looking for a contact who would be willing to discuss
the steps we need to perform to become PCI compliant.  I am looking the
questions we need to ask from the department, and then the initial basic
steps we need to perform now, until we get all of the documentation
found and filled out.

Thank you, 
  
Lee Weers 
Assistant Director for Network Services 
Central College IT Services 
(641) 628-7675