Educause Security Discussion mailing list archives
Re: PCI Processing Practices
From: "LIOTTA, KAREN" <KLiotta () CNM EDU>
Date: Fri, 30 Sep 2011 13:47:54 -0600
Here at Central New Mexico Community College, we have moved to a totally outsourced environment. Our policy is to not bring credit card processing back into our network. This lowers our risk and the PCI certification process is a much simpler. Now we are doing a SAQ B and validating that all of our vendors are PCI-DSS and PA-DSS compliant. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt Sent: Friday, September 30, 2011 1:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Processing Practices Hi, Our policy <http://policylibrary.columbia.edu/ecommerce-electronic-protection-credit-card-holder-information-policy> states that all PCI transactions must be outsourced, however that does not get you off the hook for PCI compliance if your University owns the MIDs for the accounts or acts as agents (enters the CC number for others - i.e. Mail order/Telephone order (MO/TO) transactions. Thanks, Joel --On Friday, September 30, 2011 6:41 PM +0000 "Paula E. Johnson" <pejohns () UARK EDU> wrote:
We are reviewing our campus PCI processing practices and are curious how many of you have decided to do your own credit card processing and how may have decided to totally outsource this sort of transaction. Can you please respond with whether you satisfy your PCI needs internally, outsourced, or a combination. Thanks in advance for your help. Paula E. Johnson Fiscal Support Supervisor IT Services University of Arkansas Fayetteville, AR 72701 479-575-5870
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- PCI Processing Practices Paula E. Johnson (Sep 30)
- Re: PCI Processing Practices Joel Rosenblatt (Sep 30)
- Re: PCI Processing Practices Roger A Safian (Sep 30)
- Re: PCI Processing Practices LIOTTA, KAREN (Sep 30)
- Re: PCI Processing Practices Joel Rosenblatt (Sep 30)