Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PCI - Visa / MC / Amex merchant security standards

from [Andre Ludwig] Network Security [Permanent Link]
Subject: Re: PCI - Visa / MC / Amex merchant security standards
Date: Wed, 9 Feb 2005 11:27:24 -0500 
It should be noted that there CAN be differences in the PCI standard
due to the fact that it is based off the SDP and CISP programs from
master card and visa.  Since each VISA region is separate and
independent there can be instances of where VISA asia sees something
one way and VISA EU has a different spin on it.  So just be aware of
that, make sure if you are trying to figure out the standard that
applies to you you take a look at that regions documentation from the
CISP program.  Since the master card SDP program is global there isn't
any issue with the portions of the PCI that came from that standard.

/rant

Andre


On Thu, 10 Feb 2005 00:06:33 +1100, Andrew van der Stock
<vanderaj@greebo.net> wrote:

Visa seems to be having some difficulties with that URL - it was fine for me
earlier - I literally cut and pasted it. However, that doesn't work right
now, hopefully Visa will have it back soon.

The overall CISP program is here:

http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html?it
=c|/business/accepting_visa/index%2Ehtml|Cardholder%20Information%20Security
%20Program%20(CISP)

(URL wrapped - please concatenate on one line)

If you are in the Asia Pacific Region (like me!), this link would serve you
better:

http://www.visa-asia.com/secured/

There are many more PDF documents in that URL, including how to conduct an
audit, what an audit should contain, FAQ's, and advice for larger processors
(ie merchants like eBay or major retailers).

Also, I see you work for a bank. The above guidelines, although good solid
security controls, do not really apply to issuing institutions. You need to
contact your card services people (if it is not you :) and talk to them
about the controls. Many of the controls should be adopted - particularly
the change management and patch management ones, code reviews, regular
auditing, etc. However, some of them, like not storing cc #'s and ccv's
can't apply to issuing institutions as you generate these values for card
holders.

Good luck!

Thanks,
Andrew

________________________________________
From: Murli [mailto:obscured]
Sent: Wednesday, 9 February 2005 11:06 PM
To: Andrew van der Stock
Subject: RE: PCI - Visa / MC / Amex merchant security standards

Hi andrew - thank you for the info. I tried accessing the
link you had provided but it threw up an error. Could you
pls recheck the link and confirm.

Thanks
Murli
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: secure storage of sensitive data in J2EE, Michael Silk
Next by Date:  RE: secure storage of sensitive data in J2EE, Michael Howard
Previous by Thread:  RE: PCI - Visa / MC / Amex merchant security standards, Andrew van der Stock
Next by Thread:  RE: PCI - Visa / MC / Amex merchant security standards, Lyal Collins
Indexes:  [Date] [Thread] [Top] [All Lists]