On 12/16/2009 10:28 PM, Tom Jedrzejewicz arranged the binary bits such
that:
On Wed, Dec 16, 2009 at 8:06 PM, Roger Vicker, CCP <rv-tech@xxxxxxxxxx>wrote:


Tom,

Actually A and C are the same company. Unless by "shared files" you mean
the MS Office type documents which are on the Y's local server. Or,
unless you mean C is the company that gives the merchant account. A/C
has their own web site that the Y users do all their business work through.



Using my definitions .. the Y itself is A. They don't need to submit their
network for the audit unless they have transaction or cardholder info on
their server. But getting the auditor to believe that no cardholder info
ends up stored locally is a long putt. And don't forget about email ..
almost certainly this data ends up in email somehow.


That long put seems to be one that even Tiger could never make.

And yes A/C is the one that is saying "not us" but they are the biggest
target of attackers as they store the credit card information and
transmit them to the credit card network upon instructions from the Y.



The Y needs to give C an ultimatum .. demonstrate PCI compliance or lose the
Y as a customer. If they can't, the Y is taking a huge risk having them
handle member credit cards! If C has as their own audit demonstrating PCI
compliance, that should be sufficient for the Y auditors.

BTW .. out of curiosity how are you involved in this? I hope that you are
billing them your highest rate for the time and effort.

Second problem is there really aren't that many sources of
services/software tailored to Ys.

As their only technically proficient person. Fortunately, so far I
haven't really had to do anything much extra but try and point out where
the questions aren't squarely aimed at the right target.

Roger


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.