Educause Security Discussion mailing list archives
Re: PCI Processing Practices
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 30 Sep 2011 19:15:51 +0000
+1
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt Sent: Friday, September 30, 2011 2:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Processing Practices Hi, Our policy <http://policylibrary.columbia.edu/ecommerce-electronic-protection-credit- card-holder-information-policy> states that all PCI transactions must be outsourced, however that does not get you off the hook for PCI compliance if your University owns the MIDs for the accounts or acts as agents (enters the CC number for others - i.e. Mail order/Telephone order (MO/TO) transactions. Thanks, Joel --On Friday, September 30, 2011 6:41 PM +0000 "Paula E. Johnson" <pejohns () UARK EDU> wrote:We are reviewing our campus PCI processing practices and are curious how many of you have decided to do your own credit card processing and how may have decided to totally outsource this sort of transaction. Canyou please respond with whether you satisfy your PCI needs internally, outsourced, or a combination. Thanks in advance for your help.Paula E. Johnson Fiscal Support Supervisor IT Services University of Arkansas Fayetteville, AR 72701 479-575-5870Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Current thread:
- PCI Processing Practices Paula E. Johnson (Sep 30)
- Re: PCI Processing Practices Joel Rosenblatt (Sep 30)
- Re: PCI Processing Practices Roger A Safian (Sep 30)
- Re: PCI Processing Practices LIOTTA, KAREN (Sep 30)
- Re: PCI Processing Practices Joel Rosenblatt (Sep 30)