[Dataloss] Best Western Response

Jeffrey Walton noloader at gmail.com
Tue Aug 26 20:50:54 UTC 2008


> So who was the last quarterly PCI auditor for Best Western?
Sounds like Authur Andersen
[http://en.wikipedia.org/wiki/Arthur_Andersen]. Did  they re-invent
themselves...

On 8/26/08, Harris, Michael C. <HarrisMC at health.missouri.edu> wrote:
> There is something missing here, that doesn't true out with the
> expectations in the PCI standard for a level one payer.  Smaller mom and
> pop level four establishment may slip by, but the mandatory audits of
> level one folks should be forcing some change across the hospitality
> industry... Perhaps slowly.  It should have been identified as an audit
> point with a remediation plan in the quarterly or yearly PCI audit.
>
> So who was the last quarterly PCI auditor for Best Western? Is PCI that
> broken or ignored?
>
> Level One 6,000,000 transactions per year
> Annual On-site PCI Data Security Assessment and Quarterly Network Scan
> Qualified Security Assessor or Internal Audit if signed by Officer of
> the company Approved Scanning Vendor
>
> Level Two  1,000,000 to 6,000,000 transactions
> Annual On-site PCI Data Security Assessment and Quarterly Network Scan
> Merchant Approved Scanning Vendor
>
> [SNIP]


More information about the Dataloss mailing list