|
On Wed, Dec 16, 2009 at 8:06 PM, Roger Vicker, CCP <rv-tech@xxxxxxxxxx>wrote:That long put seems to be one that even Tiger could never make.
Tom,
Actually A and C are the same company. Unless by "shared files" you mean
the MS Office type documents which are on the Y's local server. Or,
unless you mean C is the company that gives the merchant account. A/C
has their own web site that the Y users do all their business work through.
Using my definitions .. the Y itself is A. They don't need to submit their
network for the audit unless they have transaction or cardholder info on
their server. But getting the auditor to believe that no cardholder info
ends up stored locally is a long putt. And don't forget about email ..
almost certainly this data ends up in email somehow.
Second problem is there really aren't that many sources of
And yes A/C is the one that is saying "not us" but they are the biggest
target of attackers as they store the credit card information and
transmit them to the credit card network upon instructions from the Y.
The Y needs to give C an ultimatum .. demonstrate PCI compliance or lose the
Y as a customer. If they can't, the Y is taking a huge risk having them
handle member credit cards! If C has as their own audit demonstrating PCI
compliance, that should be sufficient for the Y auditors.
BTW .. out of curiosity how are you involved in this? I hope that you are
billing them your highest rate for the time and effort.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.