Educause Security Discussion mailing list archives

Re: PCI and banks that use Akamai

From: "Daniel, Jack" <jdaniel () CONCORDANT COM>
Date: Mon, 14 Jun 2010 15:56:55 -0400

A lot of banks do "get it" and just about ALL larger banks have to be PCI compliant.  It's not just the merchants but 
the service providers.  The banks have to ensure their merchants are compliant as well as ensure that they are 
compliant as a service provider.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeffrey 
Schiller
Sent: Monday, June 14, 2010 3:39 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI and banks that use Akamai

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/14/2010 03:33 PM, John Ladwig wrote:

Hm.  No reason a bank *would* use a PCI service, regardless of how
reasonable a thing that'd be from an infosec perspective.

And I think step 1 would still be 'understand Akamai's PCI service
offering and its relevance to the problem at hand," if it were cited
by a bank.


We should also be a bit careful here. In general PCI is all about
accepting credit cards as a form of payment. In particular PCI is
focused on credit card merchants. It is not really oriented toward
banks and generic banking transactions. I am not even sure that a bank
has to *be* PCI compliant.

I do not have any familiarity with Akamai's PCI service offerings, but
I suspect it is a high performance payment system, probably not a
generic "secure" platform.

- From my experience, I would expect that some banks "get it" when it
comes to IT security, and others do not. In particular I would be
concerned about small credit unions.

                      -Jeff

- --
========================================================================
Jeffrey I. Schiller
MIT Network Manager/Security Architect
PCI Compliance Officer
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
http://jis.qyv.name
========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFMFoVG8CBzV/QUlSsRAm8nAKC6Zi2t8DyJePWHksPazbM/KmgDlwCgjGUN
sZFi+albvWaooDxdJvDt/LA=
=+ayn
-----END PGP SIGNATURE-----

Current thread:

PCI and banks that use Akamai Flynn, Gary (Jun 14)
- Re: PCI and banks that use Akamai Daniel Robert Adinolfi (Jun 14)
- Re: PCI and banks that use Akamai Valdis Kletnieks (Jun 14)
  - Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
    - Re: PCI and banks that use Akamai John Ladwig (Jun 14)
    - Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
    - Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
    - Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
    - Re: PCI and banks that use Akamai John Ladwig (Jun 14)
    - Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
    - Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
    - Re: PCI and banks that use Akamai John Ladwig (Jun 14)
    - Re: PCI and banks that use Akamai Michael Johnson (Jun 14)
    - Re: PCI and banks that use Akamai Joel Rosenblatt (Jun 14)
- <Possible follow-ups>
- PCI and banks that use Akamai Allison Dolan (Jun 23)