Home page logo

basics logo Security Basics mailing list archives

Re: PCI compliance questions
From: no () thanks org
Date: Thu, 23 Apr 2009 14:02:48 -0600

1- Details on what?s considered as sensitive data and what?s not: from
a Merchant perspective is provided by Visa on page of
however, i could not find any as for the Acquirer/Issuer/Service
Provider perspective; any pointers?</i>

Sensitive data is account name, PAN, CVV/CVV2.

<i>2- what are the deadlines/fines for non compliance, for
Merchants/Acquirers/Issuers/Service Providers respectively?</i>

Universal deadlines are bogus.  Listen to those with whom you have a contractual relationship.  For you, that would be 
the card brands themselves.  For merchants, it would be the acquiring bank.

<i>3- being an issuer/acquirer (bank for ex), am i required to comply
with PCI DSS? if so, what are the requirements?</i>

Yes, you are required to comply.  "DSS" stands for Data Security Standard.  The DSS <i>is</i> the requirement.  Read 
the DSS to understand what your requirements are.

This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]