[itdiscuss] PCI DSS
Ian Beyer
Ian.Beyer at cor.org
Wed Dec 10 20:05:25 EST 2008
It also applies to the software you use to process the cards (such as
PC-Charge, which only recently became fully PCI-compliant). General rule
of thumb, if any of your applications store credit card data, they need
to be PCI-compliant (and as of - I think-January 1, the systems the
software lives on need to meet PCI standards). If you're only
transmitting card data via a terminal, the terminal needs to be
compliant, but that's not an area you have to be worried about.
If you have any POS systems, check with your vendor on PCI compliance,
they'll be able to tell you.
Ian Beyer
Network Administrator
United Methodist Church of the Resurrection
13720 Roe Ave
Leawood KS 66224
http://www.cor.org
913-544-0288
From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Lee, Jason
Sent: Wednesday, December 10, 2008 6:36 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] PCI DSS
As I understand the PCI standards this only applies to the credit card
processor... meaning it doesn't apply to your organization if you don't
actually touch the credit cards... or process the payments.
In our case all credit card processing happens thru our 3rd parties
Service U and ACS. Our organization never takes the credit card number
nor is any of the credit card information taken by our servers but
rather a portal thru a third party ... this is all handled by the CC
processor resulting in our organization not being governed by the PCI
compliancy rules.
Ian is that not how you understand the guidelines?
- jason
From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Julianna Hutchins
Sent: Wednesday, December 10, 2008 5:16 PM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] PCI DSS
Is this something new? We've used credit cards on line for awhile.
Do you have to pay for it and is there one place better than another for
it?
Julianna Hutchins
IT Administrator
Sugar Hill United Methodist Church
4600 Nelson Brogdon Blvd
Sugar Hill, GA 30518
770-945-2845 ext 273
www.sugarhillumc.org
This message may contain confidential and/or proprietary information,
and is intended for the person/entity to which it was orginally
addressed. Any use by others is strictly prohibited.
________________________________
From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Ian Beyer
Sent: Wednesday, December 10, 2008 6:13 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] PCI DSS
It's only mandatory if you want to process credit cards. The penalties
for non-compliance can be stiff, starting from getting your merchant
account shut down, ranging up to stiff penalties. Check your merchant
agreement for details.
Ian Beyer
Network Administrator
United Methodist Church of the Resurrection
13720 Roe Ave
Leawood KS 66224
http://www.cor.org
913-544-0288
From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Julianna Hutchins
Sent: Wednesday, December 10, 2008 5:02 PM
To: 'IT Discussion Forum'
Subject: [itdiscuss] PCI DSS
Has anyone heard of having to comply with the Payment Card Industry Data
Security Standards (PCI DSS). Is this mandatory?
www.pcisecuritystandards.org <http://www.pcisecuritystandards.org/>
Julianna Hutchins
IT Administrator
Sugar Hill United Methodist Church
4600 Nelson Brogdon Blvd
Sugar Hill, GA 30518
770-945-2845 ext 273
www.sugarhillumc.org
This message may contain confidential and/or proprietary information,
and is intended for the person/entity to which it was orginally
addressed. Any use by others is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://optimus.thompsonic.com/pipermail/discuss/attachments/20081210/bc4a1914/attachment.html>
More information about the discuss
mailing list