[Dataloss] OT? PCI Education Steak & Shake
Clint P. Garrison MBA, CISSP, QSA
garrison.clint at gmail.com
Tue May 8 20:42:36 UTC 2007
Actually that is not correct...
Visa and AmEx allows Level 1 merchants' internal auditors perform the
PCI assessment, but a company officer has to sign off on it.
Mastercards' Level 1 merchants have to have a QSA perform the
assessment.
If you are referring to the quarterly (external) scans, you would be
correct. They have to be done by an ASV.
Clint P. Garrison
On 5/8/07, Kehoe, Matt <Matt.Kehoe at sephora.com> wrote:
> Having just gone through this, the biggest gotcha is that tier 1
> retailers need a "3rd party assessment" which means you cant just
> execute compliance from within....
>
> PCI standards still leave much to be desired, but it's a good step
> forward for retailing in general...
>
> -----Original Message-----
> From: dataloss-bounces at attrition.org
> [mailto:dataloss-bounces at attrition.org] On Behalf Of Al Mac
> Sent: Tuesday, May 08, 2007 8:48 AM
> To: Data Loss Incidents
> Subject: [Dataloss] OT? PCI Education Steak & Shake
>
> OT because we have no info on any cyber security incident, but of
> interest what is considered to be state-of-art when it comes to
> preventing certain kinds of incidents.
>
> Steak & Shake restaurant chain has had to beef up its computer security
> because a rapid increase in their credit card transaction volume has
> taken them to more stingent tiers of PCI standards. The article shows
> us what hoops the chain had to jump through to meet the standards.
>
> What we do not see here is a perspective on security rules enforcement
> to avoid more incidents like TJX. There are also some statements in the
> article that I would take issue with. They imply stronger security than
> my understanding of reality.
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&
> articleId=291415&source=rss_topic17
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss Tracking more than 207 million compromised
> records in 649 incidents over 7 years.
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 207 million compromised records in 649 incidents over 7 years.
>
More information about the Dataloss
mailing list