Educause Security Discussion mailing list archives
PCI- DSS Scope ?
From: Bill Badertscher <wdc8 () GEORGETOWN EDU>
Date: Fri, 12 Jun 2009 12:00:32 -0400
Is it correct to conclude that a university identification card becomes a financial transaction card when an ISO compliant primary account number is encoded on track 2 by the university to facilitate financial transactions? Further, do university systems become part of "merchant" systems by virtue of storing account numbers? It is not clear to me that outsourcing to a third party for payment processing exempts a university from PCI-DSS compliance. I'd be interested in university related case law that addresses the issue. Many thanks. -- William D. Badertscher Senior Engineer Facilities and Safety Control Systems Georgetown University, Information Services 3300 Whitehaven Street, N.W. Suite 2000, Room 2007 Office: 202-687-3541 Mobile: 202-731-2758 Fax: 202-687-1505 URL: http://www.georgetown.edu/
Attachment:
wdc8.vcf
Description:
Current thread:
- PCI- DSS Scope ? Bill Badertscher (Jun 12)
- <Possible follow-ups>
- Re: PCI- DSS Scope ? Jason Testart (Jun 12)
- Re: PCI- DSS Scope ? Ken Rowe (Jun 12)
- Re: PCI- DSS Scope ? Megan Carney (Jun 15)
- Re: PCI- DSS Scope ? Michael Johnson (Jun 15)
- Re: PCI- DSS Scope ? Allison Dolan (Jun 15)