PCI Compliance for hosted merchant systems
We contract with an outside merchant who hosts a software system that is accessable through a secure login on select, internal personal computers. We contract as agents of that merchant to operate their system as a point of sale for services. Payment for those services can be by credit card and CC numbers can be hand-keyed into that secure system. The hosted system is PCI compliant and meets encription, CC number masking etc. requirements. My question is about the personal computer itself. It accesses the hosted software and other business only applications. It has all required security software installed and updated regularly. We have been told that the personal computer can only access the hosted software and if we need any other business applications like web access, email access, etc. we need to install a second computer at each desk for the other appliations because if we are going to input credit card numbers into the hosted system, we cannnot have any other business functions running on that same computer. Two PC's at every desk seems a bit of an overkill. Any thoughts?
Software/Hardware used:
SABRE Travel Booking System and Dell Latitude PC's
Software/Hardware used:
SABRE Travel Booking System and Dell Latitude PC's
ASKED:
February 8, 2012 4:47 PM
UPDATED:
February 28, 2012 3:09 PM
Answer Wiki:
Last Wiki Answer Submitted:
Be the first to answer this question.
All Answer Wiki Contributors:
Be the first to answer this question.
Michael Tidmarsh 
11,380 pts. ,
Michael Tidmarsh 0 pts.
11,380 pts. ,
Michael Tidmarsh 0 pts. To see all answers submitted to the Answer Wiki: View Answer History.
How are you getting to the CC application?
Is it with a VPN or some other method?
Are the Other Businnes Functions Internet based applications or just on your C drive?