AIS is investigating. Please contact me directly with details,
rather than using the public forum, and I will pass the info on to
the MSU PCI DSS Team.
Thanks, Gene
on 8/16/2011 9:28 AM Thomas A Gish said the following:
[log in to unmask]"
type="cite">On top of that, trying to connect to
https://shop.msu.edu fails so it doesn't even appear to be an
option.
-T
Quoting "Rytlewski, Jamie" <[log in to unmask]>:
So while I was looking at how shop.msu.edu
does their forms I found
a
few very interesting details.
1) There is no forced security when checking out
2) You can see all your data, including Credit Card
information
(of course I did not submit my actual
information).
This is a very huge security risk and with how much the
University has cracked down on other departments for being PCI
compliant, how
is
that shop.msu.edu is getting away with it
being so insecure? Also,
if
the university wants us to use CASHnet so
much, why is shop.msu.edu not using it?
Jamie R. Rytlewski
Information Technologist I
Michigan State University
517-884-1671
[log in to unmask]
--
Gene
Willacker
RHS Information Services Security Administrator
Michigan State University
100 University Housing Building
East Lansing, MI 48824-1231
517-353-1694, FAX: 517-884-0248