AIS is investigating. Please contact me directly with details, rather than using the public forum, and I will pass the info on to the MSU PCI DSS Team. Thanks, Gene on 8/16/2011 9:28 AM Thomas A Gish said the following: > On top of that, trying to connect to https://shop.msu.edu fails so it > doesn't even appear to be an option. > > -T > > Quoting "Rytlewski, Jamie" <[log in to unmask]>: > >> So while I was looking at how shop.msu.edu does their forms I found > a >> few very interesting details. >> >> >> 1) There is no forced security when checking out >> >> 2) You can see all your data, including Credit Card > information >> (of course I did not submit my actual information). >> >> >> This is a very huge security risk and with how much the University >> has cracked down on other departments for being PCI compliant, how > is >> that shop.msu.edu is getting away with it being so insecure? Also, > if >> the university wants us to use CASHnet so much, why is shop.msu.edu >> not using it? >> >> Jamie R. Rytlewski >> Information Technologist I >> Michigan State University >> 517-884-1671 >> [log in to unmask] >> >> -- Gene Willacker RHS Information Services Security Administrator Michigan State University 100 University Housing Building East Lansing, MI 48824-1231 /517-353-1694, FAX: 517-884-0248/