|
By accepting credit cards (Visa at a minimum but pretty much everyone
else is on board) your customers have probably agreed to adhere to the
Payment Card Industry Data Security Standard.
https://www.pcisecuritystandards.org/ has a link to the standard itself.
I haven't read it through but my understanding is that the ramifications
for violating PCI can include heavy fines and loss of ability to accept
credit cards. I'd urge following whatever guidelines it provides.
--
John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787 F: +1-312-601-1782
john.jones@xxxxxxxxxx
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
Sent: Friday, March 30, 2007 1:18 PM
To: MIDRANGE-L@xxxxxxxxxxxx
Subject: data retention and encryption ala tjmaxx
With the TJ Max debacle playing out in the media, I need to make a
recommendation to several customers who handle credit card trans.
Is there a short & concise list of standard practices as to when to keep
customer data versus when not to...
I have searched the web and find that everyone seems to have a different
opinion, and much of it sounds like "talking heads..".
Perhaps an industry association recommendation, or something from the
card processors that I can get to (that is not a 800 page manual).
In one case, iSeries custom software for private (non-standard) cards in
addition to major labels. Another has pc based swipe machine and settle
software, but then keys the tran onto the iSeries (and I need to
recommend for both iSeries and pc).
None of these customers fit a "traditional" retailer model.
Jim Franz
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.
This email is for the use of the intended recipient(s) only. If you have
received this email in error, please notify the sender immediately and
then delete it. If you are not the intended recipient, you must not keep,
use, disclose, copy or distribute this email without the author's prior
permission. We have taken precautions to minimize the risk of
transmitting software viruses, but we advise you to carry out your own
virus checks on any attachment to this message. We cannot accept
liability for any loss or damage caused by software viruses. The
information contained in this communication may be confidential and may be
subject to the attorney-client privilege. If you are the intended
recipient and you do not wish to receive similar electronic messages from
us in the future then please respond to the sender to this effect.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.