RE: Faxing and PCI DSS compliance

From: Philip Cox (phil.cox@systemexperts.com)
Date: Fri Nov 30 2007 - 02:35:26 EST

• Next message: Siim Põder: "Re: PHP Exploitation"
• Previous message: brian.l.johnson@gmail.com: "Re: small hardware (pc, hub) for hidden pen-testing"
• In reply to: cwright@bdosyd.com.au: "Faxing and PCI DSS compliance"
• Next in thread: Nervous: "Re: Faxing and PCI DSS compliance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> For example, if you have a customer who insists on faxing
> full credit card info on their regular fax machine to a
> company that is utilizing a service that converts that fax to
> PDF and emails it to you?

Who is the "you" it emails to? What is the intent of the PDF? Does it have
the CVC2/CID/CVV2 on it?

>From a compliance standpoint, there could be some very interesting problems.

Phil
--------------------------------------------
SystemExperts Corporation
Philip C. Cox, CISSP, PCI QSA, CISM, NSA IAM/IEM

Author of Windows 2000 Security Handbook
http://www.systemexperts.com/win2k.html

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Siim Põder: "Re: PHP Exploitation"
• Previous message: brian.l.johnson@gmail.com: "Re: small hardware (pc, hub) for hidden pen-testing"
• In reply to: cwright@bdosyd.com.au: "Faxing and PCI DSS compliance"
• Next in thread: Nervous: "Re: Faxing and PCI DSS compliance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT