Educause Security Discussion mailing list archives
Re: PCI DSS - VDI (vmware) SAQ-C-VT question
From: Mike Osterman <ostermmg () WHITMAN EDU>
Date: Tue, 7 May 2013 12:21:38 -0700
On May 7, 2013, at 12:16 PM, Jessica Odom <odom () LCLARK EDU> wrote:
I know, I know, if we would just listen to our users and allow 'square' all would be OK :)My QSA reports that devices that use the audio jack for the data (ie: Square) are not PCI compliant. That type converts sound to data and writes it (ie: PAN) in plain text to the device. I haven't validated this, but I've been told to pick the ones that use the data port (ie: Verifone).
This obviously requires deeper validation than a tech blog post, but it's my understanding that the Square reader now comes with hardware encryption: http://mobile.theverge.com/2012/3/28/2909699/square-dongle-hardware-encryption
Current thread:
- PCI DSS - VDI (vmware) SAQ-C-VT question Oscar Knight (May 03)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Mike Osterman (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Everett, Alex D (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question John Ladwig (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Rich Graves (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)