You don't fit in there is nothing you need to do or provide besides maybe your consulting services. It's their merchant service provider and them that needs to ensure communication between the terminal and them is encrypted all the way. You just provide them with the road and it's their responsibility to use the seat belt in the car driving down yours and all other road owner to get from a to b. The big thing is for them to secure the physical access to the terminals and prevent outside internet access to the terminal (would keep them on a separate network segment preventing any access to that segment that wasn't a request initiated from that network).
/Eje Sent via BlackBerry from T-Mobile -----Original Message----- From: RickG <rgunder...@gmail.com> Date: Fri, 2 Apr 2010 21:43:34 To: WISPA General List<wireless@wispa.org> Subject: Re: [WISPA] PCI Compliance Attached is the PowerPoint that BK corporate sent him. Interesting. I have some self interest in this because I have a few fast food restaurants on my service. I want to know, as their ISP how I fit into the picture. On Fri, Apr 2, 2010 at 5:39 PM, Eje Gustafsson <e...@wisp-router.com> wrote: > Any firewall configuration that locks down all unnecessary ports and service > especially those that is a major threat and any ports that are open has to > have secure software with no remote exploits known. Web applications are > extensively tested to ensure that no sql injection, cross site scripting and > other remote exploits can be done as well prohibits/limit data enclosure of > any type. Say if you are running with a sql database any error messages > should NEVER disclose anything database releated not even so much as > possibly hinting what type of database or sql query that might been > executed. Things that does not prohibit PCI compliance but are flagged as > possible PCI compliance issues are "silly" things like robots.txt files > (could provide information disclosure on where administration pages etc are > located). If a web page that looks like it handles logins can be access > without SSL cert it will be flagged and could possible give you a PCI > compliance failure. > > Most of the things to become PCI compliant involves securing servers, access > to servers and whom can access the data on the servers. Ensure servers and > web apps are patched and secure, that minimal data information can be > retrieved from server or web application. That you have written policies > stating whom is allowed to do what, not using manufacture default passwords, > each user has their own username/password and finally written policy what to > do in case of a breach. Most of this is all "obvious" security measures > anyone should do but you have to answer a ton of questions and sign that you > answered them truthfully and an external audit of the servers been done and > passed. > > / Eje > > -----Original Message----- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Josh Luthman > Sent: Friday, April 02, 2010 9:00 AM > To: WISPA General List > Subject: Re: [WISPA] PCI Compliance > > That would satisfy the firewall. Though I have to wonder what > firewall config satsifies for compliance. > > On 4/2/10, RickG <rgunder...@gmail.com> wrote: >> Correct, no storage. I'm thinking an RB750? >> >> On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman >> <j...@imaginenetworksllc.com> wrote: >>> No experience just thoughts. >>> >>> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >>> >>> Would make sense to use a MT, put a nice firewall template (hence the >>> first requirement) and then the other generic things everyone should >>> do. I would have to guess BK doesn't store card information. >>> Processing security relies on the card processor, would it not? >>> >>> On 4/2/10, RickG <rgunder...@gmail.com> wrote: >>>> Email from my brother: >>>> >>>> Just got a letter from our credit card processor and we need to become >>>> pci compliant. I noticed these routers I'm using from Qwest dont have >>>> a firewall. Do I go software,hardware or both? Here is the link for >>>> our routers. >>>> > http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347insta > llation.html >>>> >>>> He handles IT for 27 BK's in Denver. Thoughts? >>>> >>>> >>>> > ---------------------------------------------------------------------------- > ---- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> > ---------------------------------------------------------------------------- > ---- >>>> >>>> WISPA Wireless List: wireless@wispa.org >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>> >>> >>> -- >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> “Success is not final, failure is not fatal: it is the courage to >>> continue that counts.” >>> --- Winston Churchill >>> >>> >>> > ---------------------------------------------------------------------------- > ---- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> > ---------------------------------------------------------------------------- > ---- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> > ---------------------------------------------------------------------------- > ---- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > ---------------------------------------------------------------------------- > ---- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -- > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > “Success is not final, failure is not fatal: it is the courage to > continue that counts.” > --- Winston Churchill > > > ---------------------------------------------------------------------------- > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ---------------------------------------------------------------------------- > ---- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
