Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI compliance question

From: "Nangle, Shea" <nangle () ILLINOIS EDU>
Date: Thu, 8 Jul 2010 14:03:00 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jul 8, 2010, at 1:46 PM, Smith, Bob wrote:


We are struggling with a PCI compliance issue and have been asked to query this list.  We have vending machines 
(drink, snack, laundry, etc.) on our network that are being setup for use with our university “one card” system.  The 
readers on these machines will transmit and process our cards just fine.  However, when someone uses a CC it is 
transmitted to the card system/server, but the system ignores it and does not process the transaction.
 
The big question:  are the vending machines considered in-scope for PCI?  If so, that means a lot of other things 
will be too.


It's my understanding that in this case, the vending machines, card system/server, and network would all be in scope 
(due to the fact that the card data is accepted by the vending machines, transmitted via the network, and received 
(albeit not stored) on the card system/server).


- --
Shea Nangle 
Security Standards And Compliance Officer
Office of Privacy and Information Assurance 
University of Illinois at Urbana-Champaign 
<nangle () illinois edu> 
217-244-7374

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkw2IOQACgkQ5wo47DByVsdEtACfVG2o4IOxB9cUqWTeTD55QV/z
8HQAnR9duwB2I89PO2eszsBgZATO1pAA
=JddP
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: