Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI compliance question

From: "Croke, John" <jcroke1 () PROVIDENCE EDU>
Date: Thu, 8 Jul 2010 15:36:50 -0400
My understanding is if your one card  is also a credit card and is subject to PCI then all hardware that accept the 
card must be compliant.  This would include vending door access and laundry.

John Croke
Systems Analyst
400 Harkins Hall
Providence College
Providence, RI 02918
401.865.1173
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Smith, 
Bob
Sent: Thursday, July 08, 2010 2:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PCI compliance question

We are struggling with a PCI compliance issue and have been asked to query this list.  We have vending machines (drink, 
snack, laundry, etc.) on our network that are being setup for use with our university "one card" system.  The readers 
on these machines will transmit and process our cards just fine.  However, when someone uses a CC it is transmitted to 
the card system/server, but the system ignores it and does not process the transaction.

The big question:  are the vending machines considered in-scope for PCI?  If so, that means a lot of other things will 
be too.

Thanks.

Bob Smith
AVP IITS & Information Security Officer
Longwood University
Previous By Date Next
Previous By Thread Next

Current thread: