Dana Mitchell wrote: >Rex, anything that touches cardholder data is in scope: <snip>
True, unless the data is encrypted in the actual terminal (the swipey part), as it might be with Voltage SecureData. The POS terminal would then never touch actual card data, and thus be out of scope. Or maybe they have compensating controls in place (not that I can imagine what those might be!) that allow use of XP... -- ...phsiii Phil Smith III Senior Architect & Product Manager, Mainframe & Enterprise Distinguished Technologist ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
