Educause Security Discussion
mailing list archives
PCI Compliance for external e-commerce vendors
From: Kim Cary <Kim.Cary () PEPPERDINE EDU>
Date: Mon, 12 Feb 2007 15:03:20 -0800
I'm trying to settle what we should do for PCI compliance with big
external e-commerce vendors, e.g. Verisign.
PCI compliance scanning:
Do you scan their site (as you would an internal one)? Seems like a
violation of their terms.
Do you scan the page you use to link to them (the one with NO CC
PCI compliance documentation:
Are you certifying PCI compliance for the external e-commerce vendor
if the only thing you are getting back from them is the masked CCN &
a transaction ID?
Kim Cary, Ed. D.
Infrastructure Security Administrator
M-F 7-4 ~ 310 506 6655
- PCI Compliance for external e-commerce vendors Kim Cary (Feb 12)