Educause Security Discussion mailing list archives
Re: PCI keeping it simple
From: Paul Chauvet <chauvetp () NEWPALTZ EDU>
Date: Tue, 23 Apr 2019 20:36:37 +0000
Since as far as I'm aware Square's devices aren't on the PCI validated list of P2PE (Point-to-Point Encrypted) technologies - it is mostly an issue of compliance with PCI. If you are using only validated P2PE devices, you can fill out the shorter P2PE SAQ for these. If it isn't validated but is still P2PE - then you can still use those for scope reduction - which is still helpful. You still need the more expansive SAQ C (assuming these are your only devices on the merchant ID) though. Note: Not a PCI QSA - so don't take anything I say as gospel. Paul Chauvet, CISSP Information Security Officer State University of New York at New Paltz 845-257-3828 chauvetp () newpaltz edu<mailto:chauvetp () newpaltz edu> [emlogo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Yost, Davis Sent: Tuesday, April 23, 2019 4:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI keeping it simple Question: So, I was just asked how is this different then the devices that our one card vendor sells us? https://squareup.com/help/us/en/article/3797-secure-data-encryption Is anyone allowing or using Square on their administration production network? Thoughts?? Thank you, Davis Yost Associate Director, Information Technology Security yost () northwood edu<mailto:yost () northwood edu> 989.837.4185 office 989.837.4184 fax Developing Leaders of a Global Free-Enterprise
Current thread:
- PCI keeping it simple Yost, Davis (Apr 23)
- Re: PCI keeping it simple Haselhoff, Brent (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Bukaweski, Dylan S (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Ludwig, Linda (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: PCI keeping it simple Paul Chauvet (Apr 23)