Educause Security Discussion mailing list archives
Re: PCI - Third party vendors
From: Emery Rudolph <erudolph () UMD EDU>
Date: Fri, 25 Jul 2014 16:54:36 +0000
No matter how many entities are involved in the chain of process that makes up your PCI transactional flow, there are really only two: 1) The customer 2) You as their vendor. It doesn’t matter how many subcontractors there are in the mix, you are ultimately responsible for securing “your” customers data and thus you bear the responsibility for vetting proper PCI compliance from your vendor on down the line. You will not escape retribution by pointing to the vendor if a breach occurs. Very Best Regards, Emery Rudolph, MS Manager IT-ETI-PS Enterprise UNIX Services University of Maryland (301) 405-9379 http://www.umd.edu [University of Maryland] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drake, Craig Sent: Thursday, July 24, 2014 4:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI - Third party vendors We have a new coffee shop going into our library. They are completely run by an external entity not associated with the university. They want to connect their terminals to our university network (possibly wireless) to transmit their credit card transactions. What do we need to be concerned with in terms of PCI compliance with them running this through our networks? Thank you, -Craig Craig Drake University Technology Services Northeastern Illinois University 5500 North St. Louis Avenue, Chicago, IL 60625 Phone: (773) 442-4386 Email: C-Drake () neiu edu<mailto:C-Drake () neiu edu> www.neiu.edu<http://www.neiu.edu> [http://homepages.neiu.edu/~markdep/images/neiu_wordmark_color_email.png] ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com> Version: 2014.0.4716 / Virus Database: 3986/7900 - Release Date: 07/22/14
Current thread:
- Re: PCI - Third party vendors, (continued)
- Re: PCI - Third party vendors Oscar Knight (Jul 25)
- Re: PCI - Third party vendors Theresa Semmens (Jul 25)
- Re: PCI - Third party vendors Joel L. Rosenblatt (Jul 25)
- Re: PCI - Third party vendors Mike Chapple (Jul 25)
- Re: PCI - Third party vendors David James Anderson (Jul 25)
- Re: PCI - Third party vendors Peter Setlak (Jul 25)
- Re: PCI - Third party vendors Robert Lau (Jul 25)
- Re: PCI - Third party vendors Blake Penn (Jul 25)
- Re: PCI - Third party vendors Aube, Jane M. (Jul 25)