|
So what's Tier I, II , etc ? jim----- Original Message ----- From: "Michael Ryan" <michaelrtr@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> Sent: Friday, March 30, 2007 7:00 PM Subject: Re: data retention and encryption ala tjmaxx
I think one of the biggest issues, especially for the smaller (Tier 4) merchants, is that if customer data is compromised, you can be 'elevated' to a Tier 1 merchant...with the accompanying audits from Visa, mandatory (paid-expensive) intrusion checks, and constant monitoring. That would not be fun... On 3/30/07, DeLong, Eric <EDeLong@xxxxxxxxxxxxxxx> wrote:I think the PCI compliance is focused right now on Visa Tier I and Tier II vendors right now... Non-compliance carries stiff penalties so its worth your time to look the standards over carefully. Most of it is directly related to encryption and network security.Eric -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Jones, John (US) Sent: Friday, March 30, 2007 1:45 PM To: Midrange Systems Technical Discussion Subject: RE: data retention and encryption ala tjmaxx By accepting credit cards (Visa at a minimum but pretty much everyone else is on board) your customers have probably agreed to adhere to the Payment Card Industry Data Security Standard. https://www.pcisecuritystandards.org/ has a link to the standard itself. I haven't read it through but my understanding is that the ramifications for violating PCI can include heavy fines and loss of ability to accept credit cards. I'd urge following whatever guidelines it provides. -- John A. Jones, CISSP Americas Information Security Officer Jones Lang LaSalle, Inc. V: +1-630-455-2787 F: +1-312-601-1782 john.jones@xxxxxxxxxx -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz Sent: Friday, March 30, 2007 1:18 PM To: MIDRANGE-L@xxxxxxxxxxxx Subject: data retention and encryption ala tjmaxx With the TJ Max debacle playing out in the media, I need to make a recommendation to several customers who handle credit card trans. Is there a short & concise list of standard practices as to when to keep customer data versus when not to... I have searched the web and find that everyone seems to have a different opinion, and much of it sounds like "talking heads..". Perhaps an industry association recommendation, or something from the card processors that I can get to (that is not a 800 page manual). In one case, iSeries custom software for private (non-standard) cards in addition to major labels. Another has pc based swipe machine and settle software, but then keys the tran onto the iSeries (and I need to recommend for both iSeries and pc). None of these customers fit a "traditional" retailer model. Jim Franz -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission. We have taken precautions to minimize the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in the future then please respond to the sender to this effect.--This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing listTo post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. --This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing listTo post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.--This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing listTo post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.