Re: PCI SSC - Special Interest Groups

[David Pirolo <webmaster () WARNERPACIFIC EDU>]

Lowe and behold, a new SAQ for P2PE devices...
https://www.pcisecuritystandards.org/documents/PCI_SAQ_P2PE-HW_v2.pdf 

This may answer a few of my questions.

On Thu, 2012-07-19 at 09:36 -0700, David Pirolo wrote:
> Unfortunately I don't have a subscription for full access to this
> article.
>
> Essentially this is saying to work with your acquirer or payment brand
> to make the determination on how it best fits.  The confusion is that
> our accquirer has stated that we need to follow SAQ-cvt.  The issue with
> this is Requirement 4, which states open public network.  What about the
> requirements for the college private networks that this may be
> connecting through?  Based on this doc I believe that it's a mute issue
> for the merchant and responsibility falls to the solution provider if
> the device is P2PE.  The merchant would just be responsible for securing
> the device.
> https://www.pcisecuritystandards.org/documents/P2PE_%20v%201-1.pdf
>
> The other issue is requirement 5-AV software.  The P2PE doc doesn't
> appear to address that.
>
> -David
>
>
>
> On Thu, 2012-07-19 at 10:59 +0000, Davis, Thomas R wrote:
> > Hi David,
> >
> > This from Walt Conway regarding mobile devices:
> >
> > "Both MasterCard and Visa have issued their guidelines which I've written about at StorefrontBacktalk: 
> > http://storefrontbacktalk.com/securityfraud/mobile-pos-moves-forward-with-mastercards-blessing/  and 
> > http://storefrontbacktalk.com/securityfraud/visa-joins-mastercard-in-relegating-pci-to-an-afterthought/.";