Educause Security Discussion mailing list archives
Re: PCI compliance question
From: "Nangle, Shea" <nangle () ILLINOIS EDU>
Date: Thu, 8 Jul 2010 14:03:00 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 8, 2010, at 1:46 PM, Smith, Bob wrote:
We are struggling with a PCI compliance issue and have been asked to query this list. We have vending machines (drink, snack, laundry, etc.) on our network that are being setup for use with our university “one card” system. The readers on these machines will transmit and process our cards just fine. However, when someone uses a CC it is transmitted to the card system/server, but the system ignores it and does not process the transaction. The big question: are the vending machines considered in-scope for PCI? If so, that means a lot of other things will be too.
It's my understanding that in this case, the vending machines, card system/server, and network would all be in scope (due to the fact that the card data is accepted by the vending machines, transmitted via the network, and received (albeit not stored) on the card system/server). - -- Shea Nangle Security Standards And Compliance Officer Office of Privacy and Information Assurance University of Illinois at Urbana-Champaign <nangle () illinois edu> 217-244-7374 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkw2IOQACgkQ5wo47DByVsdEtACfVG2o4IOxB9cUqWTeTD55QV/z 8HQAnR9duwB2I89PO2eszsBgZATO1pAA =JddP -----END PGP SIGNATURE-----
Current thread:
- Re: PCI compliance question, (continued)
- Re: PCI compliance question Jon Hanny (Jul 08)
- Re: PCI compliance question Marley, Tim (Jul 08)
- Re: PCI compliance question Michael Benedetto (Jul 08)
- Re: PCI compliance question Joel Rosenblatt (Jul 08)
- Re: PCI compliance question Sam Hooker (Jul 08)
- Re: PCI compliance question Daniel Robert Adinolfi (Jul 09)
- Re: PCI compliance question Paul Kendall (Jul 09)
- Re: PCI compliance question Joel Rosenblatt (Jul 09)
- Re: PCI compliance question Paul Kendall (Jul 09)
- Re: PCI compliance question Sarazen, Daniel (Jul 08)
- Re: PCI compliance question Nangle, Shea (Jul 08)
- Re: PCI compliance question Marcum, Chad A (Jul 08)
- Re: PCI compliance question Croke, John (Jul 08)
- Re: PCI compliance question Kelley Bogart (Jul 08)
- Re: PCI compliance question Paul Kendall (Jul 08)
- W2 forms online Barrera, Connie (Jul 09)
- Re: PCI compliance question Kelley Bogart (Jul 08)
- PCI compliance question Smith, Bob (Jul 13)
- Presenting annual brief summaries Plesco, Todd (Jul 16)
- Re: Presenting annual brief summaries Ben Woelk (Jul 16)
- Presenting annual brief summaries Plesco, Todd (Jul 16)