Educause Security Discussion
mailing list archives
Re: PCI Compliance Policies
From: "Penn, Blake" <pennb () UWW EDU>
Date: Thu, 19 Jul 2007 12:55:11 -0500
30 June 2005 was the *compliance* deadline (back with the "old" 1.0
requirements). 1.1 requirements are in effect now. September is when VISA
is mandating *validation* (as opposed to compliance) for level 2 merchants.
MasterCard is not requiring validation for level 2 merchants until the end
of 2008, though. Every merchant level is currently required to comply with
all the requirements, however.
Blake Penn, CISSP
Information Security Officer
University of Wisconsin-Whitewater
(p) 262-472-7792 (f) 262-472-1285
pennb () uww edu | http://www.uww.edu/security
From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU]
Sent: Thursday, July 19, 2007 12:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI Compliance Policies
At 12:14 PM 7/19/2007, Theresa M Rowe put fingers to keyboard and wrote:
Is ANYONE going to be compliant by the September deadline?? Did you use a
consultant to get there?
What is the September deadline? I thought compliance was supposed to start
FWIW, we're still working on compliance...it's pretty time consuming.
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058 (voice)
(847) 467-6500 (Fax) "You're never too old to have a great childhood!"