[itdiscuss] PCI DSS
Thompson, Ken
Ken.Thompson at mtw.org
Wed Dec 10 19:39:36 EST 2008
This agrees with what we found.
Ken
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Lee, Jason
Sent: Wednesday, December 10, 2008 7:36 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] PCI DSS
As I understand the PCI standards this only applies to the credit card processor... meaning it doesn't apply to your organization if you don't actually touch the credit cards... or process the payments.
In our case all credit card processing happens thru our 3rd parties Service U and ACS. Our organization never takes the credit card number nor is any of the credit card information taken by our servers but rather a portal thru a third party ... this is all handled by the CC processor resulting in our organization not being governed by the PCI compliancy rules.
Ian is that not how you understand the guidelines?
- jason
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Julianna Hutchins
Sent: Wednesday, December 10, 2008 5:16 PM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] PCI DSS
Is this something new? We've used credit cards on line for awhile.
Do you have to pay for it and is there one place better than another for it?
Julianna Hutchins
IT Administrator
Sugar Hill United Methodist Church
4600 Nelson Brogdon Blvd
Sugar Hill, GA 30518
770-945-2845 ext 273
www.sugarhillumc.org<http://www.sugarhillumc.org>
This message may contain confidential and/or proprietary information, and is intended for the person/entity to which it was orginally addressed. Any use by others is strictly prohibited.
________________________________
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Ian Beyer
Sent: Wednesday, December 10, 2008 6:13 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] PCI DSS
It's only mandatory if you want to process credit cards. The penalties for non-compliance can be stiff, starting from getting your merchant account shut down, ranging up to stiff penalties. Check your merchant agreement for details.
Ian Beyer
Network Administrator
United Methodist Church of the Resurrection
13720 Roe Ave
Leawood KS 66224
http://www.cor.org
913-544-0288
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Julianna Hutchins
Sent: Wednesday, December 10, 2008 5:02 PM
To: 'IT Discussion Forum'
Subject: [itdiscuss] PCI DSS
Has anyone heard of having to comply with the Payment Card Industry Data Security Standards (PCI DSS). Is this mandatory? www.pcisecuritystandards.org<http://www.pcisecuritystandards.org/>
Julianna Hutchins
IT Administrator
Sugar Hill United Methodist Church
4600 Nelson Brogdon Blvd
Sugar Hill, GA 30518
770-945-2845 ext 273
www.sugarhillumc.org<http://www.sugarhillumc.org>
This message may contain confidential and/or proprietary information, and is intended for the person/entity to which it was orginally addressed. Any use by others is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20081210/64f96301/attachment.htm
More information about the discuss
mailing list