Educause Security Discussion
mailing list archives
Re: PCI Compliance for external e-commerce vendors
From: "j.price" <j.price () DOMAIL MARICOPA EDU>
Date: Mon, 12 Feb 2007 16:13:10 -0700
When you are using a third party vendor, you request verification from
them that they are PCI compliant. We request that of our vendors and
make sure there is language in our contract that states who is
responsible if there is a breach.
Kim Cary wrote:
I'm trying to settle what we should do for PCI compliance with big
external e-commerce vendors, e.g. Verisign.
PCI compliance scanning:
Do you scan their site (as you would an internal one)? Seems like a
violation of their terms.
Do you scan the page you use to link to them (the one with NO CC
PCI compliance documentation:
Are you certifying PCI compliance for the external e-commerce vendor
if the only thing you are getting back from them is the masked CCN &
a transaction ID?
Kim Cary, Ed. D.
Infrastructure Security Administrator
M-F 7-4 ~ 310 506 6655
Student Self Services
2411 W 14th St
Tempe Arizona, 85281
100 years from now, it will not matter what my bank account was, how big my house was, or what kind of car I drove. But
the world may be a little better, because I was important, in the life of a child.