Re: PCI compliance questions
- From: no@xxxxxxxxxx
- Date: Thu, 23 Apr 2009 14:02:48 -0600
<i>
1- Details on what?s considered as sensitive data and what?s not: from
a Merchant perspective is provided by Visa on page of
https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf;
however, i could not find any as for the Acquirer/Issuer/Service
Provider perspective; any pointers?</i>
Sensitive data is account name, PAN, CVV/CVV2.
<i>2- what are the deadlines/fines for non compliance, for
Merchants/Acquirers/Issuers/Service Providers respectively?</i>
Universal deadlines are bogus. Listen to those with whom you have a contractual relationship. For you, that would be the card brands themselves. For merchants, it would be the acquiring bank.
<i>3- being an issuer/acquirer (bank for ex), am i required to comply
with PCI DSS? if so, what are the requirements?</i>
Yes, you are required to comply. "DSS" stands for Data Security Standard. The DSS <i>is</i> the requirement. Read the DSS to understand what your requirements are.
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
- Prev by Date: Re: Cyberspies hacked into $300 billion U.S. fighter
- Next by Date: re: Cyberspies hacked into $300 billion U.S. fighter
- Previous by thread: Re: PCI compliance questions
- Next by thread: Re: PCI compliance questions
- Index(es):
Relevant Pages
|
