× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2007

Re: data retention and encryption ala tjmaxx

Its based on volume - both dollars and transactions. Download the PCI
specs - it outlines it.

On 3/30/07, Jim Franz <franz400@xxxxxxxxxxxx> wrote:

So what's Tier I, II , etc ?

jim


----- Original Message -----
From: "Michael Ryan" <michaelrtr@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Friday, March 30, 2007 7:00 PM
Subject: Re: data retention and encryption ala tjmaxx


>I think one of the biggest issues, especially for the smaller (Tier 4)
> merchants, is that if customer data is compromised, you can be
> 'elevated' to a Tier 1 merchant...with the accompanying audits from
> Visa, mandatory (paid-expensive) intrusion checks, and constant
> monitoring. That would not be fun...
>
> On 3/30/07, DeLong, Eric <EDeLong@xxxxxxxxxxxxxxx> wrote:
>> I think the PCI compliance is focused right now on Visa Tier I and Tier
>> II vendors right now...  Non-compliance carries stiff penalties so its
>> worth your time to look the standards over carefully.  Most of it is
>> directly related to encryption and network security.
>>
>> Eric
>>
>> -----Original Message-----
>> From: midrange-l-bounces@xxxxxxxxxxxx
>> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Jones, John (US)
>> Sent: Friday, March 30, 2007 1:45 PM
>> To: Midrange Systems Technical Discussion
>> Subject: RE: data retention and encryption ala tjmaxx
>>
>>
>> By accepting credit cards (Visa at a minimum but pretty much everyone
>> else is on board) your customers have probably agreed to adhere to the
>> Payment Card Industry Data Security Standard.
>> https://www.pcisecuritystandards.org/ has a link to the standard itself.
>>
>>
>> I haven't read it through but my understanding is that the ramifications
>> for violating PCI can include heavy fines and loss of ability to accept
>> credit cards.  I'd urge following whatever guidelines it provides.
>>
>> --
>> John A. Jones, CISSP
>> Americas Information Security Officer
>> Jones Lang LaSalle, Inc.
>> V: +1-630-455-2787 F: +1-312-601-1782
>> john.jones@xxxxxxxxxx
>>
>> -----Original Message-----
>> From: midrange-l-bounces@xxxxxxxxxxxx
>> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
>> Sent: Friday, March 30, 2007 1:18 PM
>> To: MIDRANGE-L@xxxxxxxxxxxx
>> Subject: data retention and encryption ala tjmaxx
>>
>> With the TJ Max debacle playing out in the media, I need to make a
>> recommendation to several customers who handle credit card trans.
>> Is there a short & concise list of standard practices as to when to keep
>> customer data versus when not to...
>> I have searched the web and find that everyone seems to have a different
>> opinion, and much of it sounds like "talking heads..".
>> Perhaps an industry association recommendation, or something from the
>> card processors that I can get to (that is not a 800 page manual).
>> In one case, iSeries custom software for private (non-standard) cards in
>> addition to major labels. Another has pc based swipe machine and settle
>> software, but then keys the tran onto the iSeries (and I need to
>> recommend for both iSeries and pc).
>> None of these customers fit a "traditional" retailer model.
>> Jim Franz
>>
>> --
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
>> unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
>> moment to review the archives at http://archive.midrange.com/midrange-l.
>>
>>
>> This email is for the use of the intended recipient(s) only.  If you have
>> received this email in error, please notify the sender immediately and
>> then delete it.  If you are not the intended recipient, you must not
>> keep, use, disclose, copy or distribute this email without the author's
>> prior permission.  We have taken precautions to minimize the risk of
>> transmitting software viruses, but we advise you to carry out your own
>> virus checks on any attachment to this message.  We cannot accept
>> liability for any loss or damage caused by software viruses.  The
>> information contained in this communication may be confidential and may
>> be subject to the attorney-client privilege. If you are the intended
>> recipient and you do not wish to receive similar electronic messages from
>> us in the future then please respond to the sender to this effect.
>>
>> --
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list
>> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/midrange-l.
>>
>>
>>
>> --
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list
>> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/midrange-l.
>>
>>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.