Educause Security Discussion mailing list archives
Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution?
From: "Erlenbeck, Philip" <perlenbe () UMFLINT EDU>
Date: Mon, 22 Feb 2016 15:22:21 +0000
At a conference I attended earlier this year a similar topic came up. The consensus was that if the kiosk is in close proximity to a payment office then it is automatically considered in scope based on proximity alone even if that is not the purpose. If the intended purpose is for payment then it would certainly be in scope as far as PCI. ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Kevin Reedy [KReedy () EXCELSIOR EDU] Sent: Monday, February 22, 2016 9:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Mandi, While admittedly no a PCI expert, I think I know it pretty well. I'm a bit confused as to what it is you are looking for. If the payment page is securely hosted, and the CDN is properly protected, then a kiosk machine on your network is no different from a student user a computer at home to make the same payment. This kiosk would have to be pretty tightly controlled to ensure no physical or software key loggers are installed, and routinely malware/virus scanned. I'd lock it down with GPO or a specialized software to ensure integrity. I assume there are other machines on your network where employees are able to enter CC#, isn't this the same basic concept? I guess I'm missing the part of PCI you are looking to satisfy aside from those listed above? -Kevin From: Mandi Witkovsky <witkovsm () IPFW EDU> To: SECURITY () LISTSERV EDUCAUSE EDU, Date: 02/18/2016 11:52 AM Subject: [SECURITY] Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> We have a strong desire by administration to provide a payment terminal/kiosk for students to may payments. We have always had issues providing a compliant kiosk, and in fact have stripped them out of our environment because we don’t have the manpower to maintain it. Is anyone using (or know of) hardware/service to outsource this functionality? Thanks, mandi This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.
Current thread:
- Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Mandi Witkovsky (Feb 18)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Bruce Curtis (Feb 19)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Kevin Reedy (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Erlenbeck, Philip (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? David Sheryn (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Kevin Reedy (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? David Sheryn (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Sprague, Randy (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Giesige, Rich (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Kevin Reedy (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Brian Griffith (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Brian Epstein (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? David Curry (Feb 22)
- Re: Anyone have a PCI/DSS 3.1 Compliant Unattended Payment Terminal Solution? Giesige, Rich (Feb 22)