[itdiscuss] PCI DSS

Mark Burleson mark at markburleson.com
Wed Dec 10 23:46:04 EST 2008 

RHEMA just went through PCI compliance.  They do store CC numbers for a
short time to do batch processing.  Depending on the level of your business
flow will determine which Questionnaire you must do.


On Wed, Dec 10, 2008 at 7:05 PM, Ian Beyer <Ian.Beyer at cor.org> wrote:

>  It also applies to the software you use to process the cards (such as
> PC-Charge, which only recently became fully PCI-compliant). General rule of
> thumb, if any of your applications store credit card data, they need to be
> PCI-compliant (and as of – I think—January 1, the systems the software lives
> on need to meet PCI standards). If you're only transmitting card data via a
> terminal, the terminal needs to be compliant, but that's not an area you
> have to be worried about.
>
>
>
> If you have any POS systems, check with your vendor on PCI compliance,
> they'll be able to tell you.
>
>
>
> Ian Beyer
>
> Network Administrator
>
> United Methodist Church of the Resurrection
>
> 13720 Roe Ave
>
> Leawood KS 66224
>
> http://www.cor.org
>
> 913-544-0288
>
>
>
> *From:* discuss-bounces at itdiscuss.org [mailto:
> discuss-bounces at itdiscuss.org] *On Behalf Of *Lee, Jason
> *Sent:* Wednesday, December 10, 2008 6:36 PM
>
> *To:* IT Discussion Forum
> *Subject:* Re: [itdiscuss] PCI DSS
>
>
>
> As I understand the PCI standards this only applies to the credit card
> processor… meaning it doesn't apply to your organization if you don't
> actually touch the credit cards… or process the payments.
>
>
>
> In our case all credit card processing happens thru our 3rd parties
> Service U and ACS.  Our organization never takes the credit card number nor
> is any of the credit card information taken by our servers but rather a
> portal thru a third party … this is all handled by the CC processor
> resulting in our organization not being governed by the PCI compliancy
> rules.
>
>
>
> Ian is that not how you understand the guidelines?
>
>
>
> - jason
>
>
>
> *From:* discuss-bounces at itdiscuss.org [mailto:
> discuss-bounces at itdiscuss.org] *On Behalf Of *Julianna Hutchins
> *Sent:* Wednesday, December 10, 2008 5:16 PM
> *To:* 'IT Discussion Forum'
> *Subject:* Re: [itdiscuss] PCI DSS
>
>
>
> Is this something new?  We've used credit cards on line for awhile.
>
>
>
> Do you have to pay for it and is there one place better than another for
> it?
>
>
>
> Julianna Hutchins
>
> IT Administrator
>
> Sugar Hill United Methodist Church
>
> 4600 Nelson Brogdon Blvd
>
> Sugar Hill, GA 30518
>
> 770-945-2845 ext 273
>
> www.sugarhillumc.org
>
> This message may contain confidential and/or proprietary information, and
> is intended for the person/entity to which it was orginally addressed.  Any
> use by others is strictly prohibited.
>
>
>
>
>   ------------------------------
>
> *From:* discuss-bounces at itdiscuss.org [mailto:
> discuss-bounces at itdiscuss.org] *On Behalf Of *Ian Beyer
> *Sent:* Wednesday, December 10, 2008 6:13 PM
> *To:* IT Discussion Forum
> *Subject:* Re: [itdiscuss] PCI DSS
>
>
>
> It's only mandatory if you want to process credit cards. The penalties for
> non-compliance can be stiff, starting from getting your merchant account
> shut down, ranging up to stiff penalties. Check your merchant agreement for
> details.
>
>
>
> Ian Beyer
>
> Network Administrator
>
> United Methodist Church of the Resurrection
>
> 13720 Roe Ave
>
> Leawood KS 66224
>
> http://www.cor.org
>
> 913-544-0288
>
>
>
> *From:* discuss-bounces at itdiscuss.org [mailto:
> discuss-bounces at itdiscuss.org] *On Behalf Of *Julianna Hutchins
> *Sent:* Wednesday, December 10, 2008 5:02 PM
> *To:* 'IT Discussion Forum'
> *Subject:* [itdiscuss] PCI DSS
>
>
>
> Has anyone heard of having to comply with the Payment Card Industry Data
> Security Standards (PCI DSS).   Is this mandatory?
> www.pcisecuritystandards.org
>
>
>
>
>
> Julianna Hutchins
>
> IT Administrator
>
> Sugar Hill United Methodist Church
>
> 4600 Nelson Brogdon Blvd
>
> Sugar Hill, GA 30518
>
> 770-945-2845 ext 273
>
> www.sugarhillumc.org
>
> This message may contain confidential and/or proprietary information, and
> is intended for the person/entity to which it was orginally addressed.  Any
> use by others is strictly prohibited.
>
>
>
>
>
>
>
> _______________________________________________
> it discuss mailing list: discuss at itdiscuss.org
> Mailing List: http://itdiscuss.org/discuss
> Web Discussion Board: http://itdiscuss.org/discuss-forum
> Wiki: http://itdiscuss.org/wiki
> Internet Relay Chat: irc://irc.freenode.net/citrt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20081210/e74607a8/attachment.htm

More information about the discuss mailing list