No keyloggers on those PCs then?
Jethro.
On Wed, 19 Jun 2013, Richard Rankin wrote:
> Dan,
>
> Thanks - as I understand our setup once the student indicates that they
> wish to pay by credit/debit card then they are transferred to a page on
> the WorldPay server were the exchange of details takes place so from
> what you are saying we would apper to be in the clear
>
> Ricky
>
> Tel: o289o973955
> Information Services
> The McClay Library
> Queen's University Belfast
> Belfast BT7 1LP
>
>
> -----Original Message-----
> From: Dan Martin [mailto:[log in to unmask]]
> Sent: 19 June 2013 15:49
> To: Richard Rankin; [log in to unmask]
> Subject: RE: PCIDSS
>
> Hello Ricky,
>
> If you capture card data (numbers, CCV etc.) on a page on your domain, you are responsible for assuring PCI-DSS compliance. What that actually means for you depends on your setup and the configuration with Worldpay. Basically there are lots of compliance rules so unfortunately it's not always simple.
>
> If the card data capture happens on another domain, e.g. Worldpay's, then that is their responsibility.
>
> Hope that helps.
>
> Best,
> Dan
>
>
> Dan Martin · Strategy Director
> Direct: +44 (0) 20 7332 6363
> Mobile: +44 (0) 774 838 6217
> Twitter: @danm605
>
> WINNER 2012 IMA Outstanding Award for design of Mind's Memory Space Top 100 agency in Marketing magazine's Digital Agency League 2012
>
> Main: +44 (0) 207 332 6360 · Fax: +44 (0) 8700 941980
> Web: www.chameleon.eu · Twitter: @chameleon_eu Company registration number: 3653962
>
>
> -----Original Message-----
> From: Managing institutional Web services [mailto:[log in to unmask]] On Behalf Of Richard Rankin
> Sent: 19 June 2013 09:24
> To: [log in to unmask]
> Subject: PCIDSS
>
> Apologies for cross posting
>
> Sorry this is off topic but hoping someone on list can shed some light
>
> We allow payments on webpages using debit/credit cards using WorldPay as PSP
>
> When we first looked into this we assumed that we were passing our obligations to conform to PCIDSS legalisation to WorldPay
>
> Someone from Finance was at a meeting recently were a speaker suggested that this was not the case and we still had to conform to PCIDSS
>
> Would be interested to hear others views - and if we have to conform, what do we need to do
>
> Ricky
>
> Tel: o289o973955
> Information Services
> The McClay Library
> Queen's University Belfast
> Belfast BT7 1LP
>
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
|