Educause Security Discussion mailing list archives

Re: Visa CISP

From: "Appel, John" <jappel () MC CC MD US>
Date: Mon, 30 Jun 2003 11:28:41 -0400

Our credit card processor contacted us regarding compliance, 
as a merchant, with Visa's Cardholder Information Security 
Program.  What information does anyone have on this program?  
How have you approached this issue?  Any information would be 
much appreciated.


I encountered this in the commercial arena.  Up until about this time
last year, Visa had a fairly detailed document available which included
a number of fairly specific guidelines and required controls.  They've
pulled it from their public site, but I believe that it forms the basis
for the "checklist" used by the examiners and implementation partners.
Perhaps someone may have a copy of it they can share?

FWIW, MasterCard has a similar program.  When I last looked, compliance
with it was voluntary while Visa requires compliance with their program.

John

John Appel, CISSP
IT Security Analyst
Montgomery College
jappel () mc cc md us
240-314-3142

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

Visa CISP Steven R. Smith (Jun 30)
- <Possible follow-ups>
- Re: Visa CISP Julia Allen (Jun 30)
- Re: Visa CISP Appel, John (Jun 30)
- Re: Visa CISP Bruhn, Mark S. (Jun 30)
- Re: Visa CISP Herbert Baines III (Jun 30)