[oagitm] Re: PCI Compliance

• From: Michael Soots <msoots@xxxxxxxxxxxxxxxxxx>
• To: "'Brad.WELCH@xxxxxxxxxxxxx'" <Brad.WELCH@xxxxxxxxxxxxx>, "oagitm@xxxxxxxxxxxxx" <oagitm@xxxxxxxxxxxxx>
• Date: Thu, 20 Feb 2014 16:10:24 +0000

Tillamook County has gone through the steps to obtain PCI compliance. We have 
several departments that accept credit cards, and their operations would be 
severely curtailed if we did not accept the responsibility of PCI compliance. 
However, we do not retain credit card data on our system, but simply pass-thru 
the CC data to the processer.

We already have CJIS and HiPPA standards to meet, and network/Computer security 
is a big topic here, so meeting the requirement for PCI/DSS gives us another 
level of "certification" to show we are serious about data security. The PCI 
requirements complement our other security efforts by requiring periodic scans, 
reviews, computer user training, and policies which are not covered by other 
standards.

Yes, the PCI requirements apply even with hosted solutions, but in that case 
the certification is more or less only to certify that someone else has the 
data. The PCI requirements apply with an analog swipe machine also. We found 
ourselves being charged a "PCI Compliance fee" for each swipe machine.

The control measures and security requirements are not so onerous as to be 
frightening, but should be looked at as "best Practices", with a bit of 
reporting.

Michael Soots
Tillamook County
I.S. Director
503-842-3406 x3478

Visit Tillamook County on the web at http://www.co.tillamook.or.us

From: oagitm-bounce@xxxxxxxxxxxxx [mailto:oagitm-bounce@xxxxxxxxxxxxx] On 
Behalf Of WELCH Brad
Sent: Friday, February 14, 2014 5:05 PM
To: oagitm@xxxxxxxxxxxxx
Subject: [oagitm] PCI Compliance

I would like to hear from you on how your jurisdiction has approached PCI 
compliance for any computer based processing of credit cards by staff, i.e. 
accepting public payments from your desk or front counter.    Lane County's 
mission is to be fully PCI compliant in all our processing of credit cards.  
Our research and consulting advice have all indicated that any card processing 
from a pc on our network places significant security requirements and control 
measures on our IT infrastructure.    These requirements appear to apply even 
in the case of web hosted solutions such as virtual terminals or a web based 
point of sales systems.

Please tell me of any computer based or hosted card solutions your staff use 
and how you interpreted and approached PCI compliance for your computers and 
infrastructure.

Thanks for your time and input.


Brad Welch

Business Applications Manager
Lane County Information Services
541-682-4117

brad.welch@xxxxxxxxxxxxx<mailto:brad.welch@xxxxxxxxxxxxx>

• References:
  • [oagitm] PCI Compliance
    • From: WELCH Brad

Other related posts:

• » [oagitm] PCI Compliance- WELCH Brad
• » [oagitm] Re: PCI Compliance- HOFFERT Steven
• » [oagitm] Re: PCI Compliance- Mark Decker
• » [oagitm] Re: PCI Compliance - Michael Soots

1. Home
2. oagitm
3. Archive
4. 02-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---