Home page logo
/

educause logo Educause Security Discussion mailing list archives

PCI Compliance for external e-commerce vendors
From: Kim Cary <Kim.Cary () PEPPERDINE EDU>
Date: Mon, 12 Feb 2007 15:03:20 -0800

Hi folks,

I'm trying to settle what we should do for PCI compliance with big
external e-commerce vendors, e.g. Verisign.

PCI compliance scanning:
Do you scan their site (as you would an internal one)? Seems like a
violation of their terms.
Do you scan the page you use to link to them (the one with NO CC
inputs)?

PCI compliance documentation:
Are you certifying PCI compliance for the external e-commerce vendor
if the only thing you are getting back from them is the masked CCN &
a transaction ID?

Kim Cary, Ed. D.
Infrastructure Security Administrator
M-F 7-4 ~ 310 506 6655

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault