Educause Security Discussion mailing list archives

Re: [External] [SECURITY] PCI keeping it simple

From: "Ludwig, Linda" <LUDWIGL () GRINNELL EDU>
Date: Tue, 23 Apr 2019 21:09:59 +0000

Where do you sign up for the PCI listserv? I couldn't find it among the EDUCAUSE lists.

Thanks,
Linda


Linda Ludwig
Information Security Awareness Specialist

Grinnell College
Information Technology Services
The Forum
1119 6th Avenue
Grinnell, IA 50112

641-269-9977
Technology Services Desk: 641-269-4901
grinnell.edu<https://www.grinnell.edu/>




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Thierry Lechler
Sent: Tuesday, April 23, 2019 3:34 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [External] [SECURITY] PCI keeping it simple

Just a side note, if you aren't on the PCI listserv, you should definitely join up. Square comes up fairly regularly. 
To paraphrase from the listserv:

Square devices won't provide any PCI scope reduction, at least not without approval from your acquirer. There are other 
devices (Clover, Bluefin, cardconnect, etc.) that provide the same abilities, including a reduced PCI scope. Square 
just happens to be a more familiar name. I've also heard that Square is difficult to work with contractually (I've 
never personally tried).

The security may be there, but the legal language and reduced scope might not be.

Thank you,

Thierry Lechler - MHR, PCIP
Information Security Professional III
UCF INFOSEC
University of Central Florida
Office: 407.823.3825
Thierry.Lechler () ucf edu<mailto:Thierry.Lechler () ucf edu>
infosec.ucf.edu<https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Finfosec.ucf.edu-252F-26data-3D02-257C01-257C-257Ce465abbb03124699cb4808d61e475deb-257Cbb932f15ef3842ba91fcf3c59d5dd1f1-257C0-257C0-257C636729689187530544-26sdata-3DcAJz94V7YiSVIW8tNB8qR06btSK4-252F81Om-252B-252BKG0lsh6c-253D-26reserved-3D0&d=DwMFAg&c=HUrdOLg_tCr0UMeDjWLBOM9lLDRpsndbROGxEKQRFzk&r=3FWhhRZ86wLnJQbceVqVZiaCyjWq2cIkJzKZvEb4Ctw&m=eMytPDMmKUP0J3Bw-ULZ8QuknKJPR4SAbiMf_gxf3S4&s=2y9_xXWiRAhkAX32HtD-9Zc-NB7LMx-PAZWl3ic8cqc&e=>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Bukaweski, Dylan S
Sent: Tuesday, April 23, 2019 4:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] [External] [SECURITY] PCI keeping it simple

What kind of devices are being used currently? It may be that the existing devices are on the PCI council's list of 
validated point-to-point encryption solutions while Square is not.

[https://i.imgur.com/H3DO0nn.png]

Dylan Bukaweski

Information Security Analyst

Providence College

p:

401-865-1560  m: 813-323-0817

e:

dbukawes () providence edu<mailto:dbukawes () providence edu>

[http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/linkedin_sig.png]<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.linkedin.com-252Fin-252Fdylan-2Dbukaweski-2D09977a105-252F-26data-3D02-257C01-257Cthierry.lechler-2540UCF.EDU-257C1fec4732bdd041e2892408d6c8283805-257Cbb932f15ef3842ba91fcf3c59d5dd1f1-257C0-257C0-257C636916472405505919-26sdata-3DcMu1QD8JJ5O-252BH0IbLppy83hjLVmCXJFOmcFBENo4fLo-253D-26reserved-3D0&d=DwMFAg&c=HUrdOLg_tCr0UMeDjWLBOM9lLDRpsndbROGxEKQRFzk&r=3FWhhRZ86wLnJQbceVqVZiaCyjWq2cIkJzKZvEb4Ctw&m=eMytPDMmKUP0J3Bw-ULZ8QuknKJPR4SAbiMf_gxf3S4&s=xvwLLstlOhhOFCt_iEgRF2lL8QmOk3p0DxPN8VGkh4g&e=>




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Yost, Davis
Sent: Tuesday, April 23, 2019 4:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [External] [SECURITY] PCI keeping it simple

Question:

So, I was just asked how is this different then the devices that our one card vendor sells us?

https://squareup.com/help/us/en/article/3797-secure-data-encryption<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fsquareup.com-252Fhelp-252Fus-252Fen-252Farticle-252F3797-2Dsecure-2Ddata-2Dencryption-26data-3D02-257C01-257Cthierry.lechler-2540UCF.EDU-257C1fec4732bdd041e2892408d6c8283805-257Cbb932f15ef3842ba91fcf3c59d5dd1f1-257C0-257C0-257C636916472405515923-26sdata-3D-252FBteyKrK-252Biu9RJCB3LKEaxqsQnrhZMMhflufBRzHgi8-253D-26reserved-3D0&d=DwMFAg&c=HUrdOLg_tCr0UMeDjWLBOM9lLDRpsndbROGxEKQRFzk&r=3FWhhRZ86wLnJQbceVqVZiaCyjWq2cIkJzKZvEb4Ctw&m=eMytPDMmKUP0J3Bw-ULZ8QuknKJPR4SAbiMf_gxf3S4&s=tjKckrl5OaL9qtKEGGrFDc-2NwCzNmE47F6H14bBzug&e=>

Is anyone allowing or using Square on their administration production network?

Thoughts??

Thank you,

Davis Yost
Associate Director, Information Technology Security
yost () northwood edu<mailto:yost () northwood edu>

989.837.4185 office
989.837.4184 fax
Developing Leaders of a Global Free-Enterprise

This email originated from outside of Providence College. Do not click links or open attachments unless you recognize 
the sender and know the content is safe.

Current thread:

PCI keeping it simple Yost, Davis (Apr 23)
- Re: PCI keeping it simple Haselhoff, Brent (Apr 23)
- Re: [External] [SECURITY] PCI keeping it simple Bukaweski, Dylan S (Apr 23)
  - Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
    - Re: [External] [SECURITY] PCI keeping it simple Ludwig, Linda (Apr 23)
    - Re: [External] [SECURITY] PCI keeping it simple Thierry Lechler (Apr 23)
- Re: PCI keeping it simple Paul Chauvet (Apr 23)