Educause Security Discussion mailing list archives
Re: PCI and banks that use Akamai
From: "Daniel, Jack" <jdaniel () CONCORDANT COM>
Date: Mon, 14 Jun 2010 15:56:55 -0400
A lot of banks do "get it" and just about ALL larger banks have to be PCI compliant. It's not just the merchants but the service providers. The banks have to ensure their merchants are compliant as well as ensure that they are compliant as a service provider. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeffrey Schiller Sent: Monday, June 14, 2010 3:39 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI and banks that use Akamai -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/14/2010 03:33 PM, John Ladwig wrote:
Hm. No reason a bank *would* use a PCI service, regardless of how reasonable a thing that'd be from an infosec perspective. And I think step 1 would still be 'understand Akamai's PCI service offering and its relevance to the problem at hand," if it were cited by a bank.
We should also be a bit careful here. In general PCI is all about accepting credit cards as a form of payment. In particular PCI is focused on credit card merchants. It is not really oriented toward banks and generic banking transactions. I am not even sure that a bank has to *be* PCI compliant. I do not have any familiarity with Akamai's PCI service offerings, but I suspect it is a high performance payment system, probably not a generic "secure" platform. - From my experience, I would expect that some banks "get it" when it comes to IT security, and others do not. In particular I would be concerned about small credit unions. -Jeff - -- ======================================================================== Jeffrey I. Schiller MIT Network Manager/Security Architect PCI Compliance Officer Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu http://jis.qyv.name ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFMFoVG8CBzV/QUlSsRAm8nAKC6Zi2t8DyJePWHksPazbM/KmgDlwCgjGUN sZFi+albvWaooDxdJvDt/LA= =+ayn -----END PGP SIGNATURE-----
Current thread:
- PCI and banks that use Akamai Flynn, Gary (Jun 14)
- Re: PCI and banks that use Akamai Daniel Robert Adinolfi (Jun 14)
- Re: PCI and banks that use Akamai Valdis Kletnieks (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai John Ladwig (Jun 14)
- Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
- Re: PCI and banks that use Akamai John Ladwig (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
- Re: PCI and banks that use Akamai John Ladwig (Jun 14)
- Re: PCI and banks that use Akamai Michael Johnson (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai Joel Rosenblatt (Jun 14)
- <Possible follow-ups>
- PCI and banks that use Akamai Allison Dolan (Jun 23)