Hello all,
I recall seeing some discussions of PCI issues on the list and I'm
hoping someone might have some clues for me. I work at a small
non-profit. We use a payment processor (Authorize.net) in conjunction
with Wufoo forms to accept payments online for various types of
transactions. No payment card data ever touches our systems.
Now recently we received an online questionnaire from "ControlScan".
Our bank tells us it is legitimate (I was suspicious, as every third
page tries to sell us something, but anyway...). Within the first few
questions we were able to assert that we never touch payment card data.
Nevertheless, as we got further into the (very long) survey we were
asked lots of questions about our network infrastructure, firewalls,
IDS, wifi and antivirus policies, even scanning our network... lots of
things that seem more appropriate for (say) Authorize.net than for our
pokey little shop. It really left me wondering if we had been sent the
wrong survey. Anyway I guess I'm just looking for a sanity check before
we finish and submit this. Any thoughts?
Thanks much!
Roy
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
