RHEMA just went through PCI compliance. They do store CC numbers for a short time to do batch processing. Depending on the level of your business flow will determine which Questionnaire you must do.<div><br></div><div><br>
<br><div class="gmail_quote">On Wed, Dec 10, 2008 at 7:05 PM, Ian Beyer <span dir="ltr"><<a href="mailto:Ian.Beyer@cor.org">Ian.Beyer@cor.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p><span style="font-size:11.0pt;color:#1F497D">It also applies to the software you use to process the cards (such
as PC-Charge, which only recently became fully PCI-compliant). General rule of
thumb, if any of your applications store credit card data, they need to be
PCI-compliant (and as of – I think—January 1, the systems the software lives on
need to meet PCI standards). If you're only transmitting card data via a
terminal, the terminal needs to be compliant, but that's not an area you have
to be worried about. </span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span style="font-size:11.0pt;color:#1F497D">If you have any POS systems, check with your vendor on PCI
compliance, they'll be able to tell you. </span></p><div class="Ih2E3d">
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<p><span style="font-size:10.0pt;color:#1F497D">Ian Beyer</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">Network Administrator</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">United Methodist Church of the Resurrection</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">13720 Roe Ave</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">Leawood KS 66224</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D"><a href="http://www.cor.org" target="_blank">http://www.cor.org</a></span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">913-544-0288</span><span style="color:#1F497D"></span></p>
</div>
<p><span style="color:#1F497D"> </span><span style="font-size:11.0pt;color:#1F497D"></span></p>
</div><div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt">
<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a> [mailto:<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a>] <b>On
Behalf Of </b>Lee, Jason<br>
<b>Sent:</b> Wednesday, December 10, 2008 6:36 PM<div><div></div><div class="Wj3C7c"><br>
<b>To:</b> IT Discussion Forum<br>
<b>Subject:</b> Re: [itdiscuss] PCI DSS</div></div></span></p>
</div>
</div><div><div></div><div class="Wj3C7c">
<p> </p>
<p><span style="font-size:11.0pt;color:#1F497D">As I understand the PCI standards this only applies to the
credit card processor… meaning it doesn't apply to your organization if you
don't actually touch the credit cards… or process the
payments. </span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span style="font-size:11.0pt;color:#1F497D">In our case all credit card processing happens thru our 3<sup>rd</sup>
parties Service U and ACS. Our organization never takes the credit card
number nor is any of the credit card information taken by our servers but
rather a portal thru a third party … this is all handled by the CC processor
resulting in our organization not being governed by the PCI compliancy rules.</span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span style="font-size:11.0pt;color:#1F497D">Ian is that not how you understand the guidelines?</span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<p><span style="font-size:11.0pt;color:#1F497D">- jason</span></p>
</div>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt">
<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a> [mailto:<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a>] <b>On
Behalf Of </b>Julianna Hutchins<br>
<b>Sent:</b> Wednesday, December 10, 2008 5:16 PM<br>
<b>To:</b> 'IT Discussion Forum'<br>
<b>Subject:</b> Re: [itdiscuss] PCI DSS</span></p>
</div>
</div>
<p> </p>
<p><span style="font-size:10.0pt;color:navy">Is this something new? We've used credit cards on line for
awhile. </span></p>
<p><span style="font-size:10.0pt;color:navy"> </span></p>
<p><span style="font-size:10.0pt;color:navy">Do you have to pay for it and is there one place better than
another for it?</span></p>
<p><span style="font-size:10.0pt;color:navy"> </span></p>
<div>
<p><span style="font-size:10.0pt;color:navy">Julianna Hutchins</span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:navy">IT Administrator</span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:navy">Sugar Hill United Methodist Church</span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:navy">4600 Nelson Brogdon Blvd</span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:navy">Sugar Hill, GA 30518</span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:navy">770-945-2845 ext 273</span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:navy"><a href="http://www.sugarhillumc.org" target="_blank">www.sugarhillumc.org</a></span><span style="color:navy"></span></p>
<p><span style="font-size:10.0pt;color:red">This
message may contain confidential and/or proprietary information, and is
intended for the person/entity to which it was orginally addressed. Any
use by others is strictly prohibited. </span><span style="color:navy"></span></p>
<p><span style="color:navy"> </span></p>
<p><span style="color:navy"> </span></p>
</div>
<div>
<div align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt">
<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a> [mailto:<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a>] <b>On
Behalf Of </b>Ian Beyer<br>
<b>Sent:</b> Wednesday, December 10, 2008 6:13 PM<br>
<b>To:</b> IT Discussion Forum<br>
<b>Subject:</b> Re: [itdiscuss] PCI DSS</span></p>
</div>
<p> </p>
<p><span style="font-size:11.0pt;color:#1F497D">It's only mandatory if you want to process credit cards. The penalties
for non-compliance can be stiff, starting from getting your merchant account
shut down, ranging up to stiff penalties. Check your merchant agreement for
details.</span></p>
<p><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<p><span style="font-size:10.0pt;color:#1F497D">Ian Beyer</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">Network Administrator</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">United Methodist Church of the Resurrection</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">13720 Roe Ave</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">Leawood KS 66224</span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D"><a href="http://www.cor.org" target="_blank">http://www.cor.org</a></span><span style="color:#1F497D"></span></p>
<p><span style="font-size:10.0pt;color:#1F497D">913-544-0288</span><span style="color:#1F497D"></span></p>
</div>
<p><span style="color:#1F497D"> </span><span style="font-size:11.0pt;color:#1F497D"></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt">
<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a> [mailto:<a href="mailto:discuss-bounces@itdiscuss.org" target="_blank">discuss-bounces@itdiscuss.org</a>] <b>On
Behalf Of </b>Julianna Hutchins<br>
<b>Sent:</b> Wednesday, December 10, 2008 5:02 PM<br>
<b>To:</b> 'IT Discussion Forum'<br>
<b>Subject:</b> [itdiscuss] PCI DSS</span></p>
</div>
</div>
<p> </p>
<p><span style="font-size:10.0pt">Has
anyone heard of having to comply with the Payment Card Industry Data Security
Standards (PCI DSS). Is this mandatory? <a href="http://www.pcisecuritystandards.org/" target="_blank">www.pcisecuritystandards.org</a></span></p>
<p><span style="font-size:10.0pt"> </span></p>
<p><span style="font-size:10.0pt"> </span></p>
<p><span style="font-size:10.0pt">Julianna
Hutchins</span></p>
<p><span style="font-size:10.0pt">IT
Administrator</span></p>
<p><span style="font-size:10.0pt">Sugar
Hill United Methodist Church</span></p>
<p><span style="font-size:10.0pt">4600
Nelson Brogdon Blvd</span></p>
<p><span style="font-size:10.0pt">Sugar
Hill, GA 30518</span></p>
<p><span style="font-size:10.0pt">770-945-2845
ext 273</span></p>
<p><span style="font-size:10.0pt"><a href="http://www.sugarhillumc.org" target="_blank">www.sugarhillumc.org</a></span></p>
<p><span style="font-size:10.0pt;color:red">This
message may contain confidential and/or proprietary information, and is
intended for the person/entity to which it was orginally addressed. Any
use by others is strictly prohibited. </span></p>
<p> </p>
<p> </p>
<p> </p>
</div></div></div>
</div>
<br>_______________________________________________<br>
it discuss mailing list: <a href="mailto:discuss@itdiscuss.org">discuss@itdiscuss.org</a><br>
Mailing List: <a href="http://itdiscuss.org/discuss" target="_blank">http://itdiscuss.org/discuss</a><br>
Web Discussion Board: <a href="http://itdiscuss.org/discuss-forum" target="_blank">http://itdiscuss.org/discuss-forum</a><br>
Wiki: <a href="http://itdiscuss.org/wiki" target="_blank">http://itdiscuss.org/wiki</a><br>
Internet Relay Chat: irc://<a href="http://irc.freenode.net/citrt" target="_blank">irc.freenode.net/citrt</a><br>
<br></blockquote></div><br></div>