What they're trying to get at is that you should be using strong cryptography, but pay attention to any export restrictions and patents/licensing. They don't want someone to be able to say, "Sure it's illegal, but Visa made me do it."
Also, they'd rather keep your business instead of seeing you shut down due to prosecution for infringement. It's just a cover-your-ass statement. On 8/8/03 9:38 AM, "Waitman C. Gobble, II" <[EMAIL PROTECTED]> wrote: > Hello, > > I have been reviewing the Visa CISP questionnaire. It is about 90 > questions > relating to the security and storage of credit card account information. > Visa > intends to have compliance from all active merchants by the first > quarter of 2004. > > (My guess is that one shall not be an active merchant after 1q04 if > one fails to comply). > > Question number 10 goes like this: > > > "Does your cryptographic solution conform to applicable > international and national standards as well as legal > and regulatory controls?" > > > Sheesh, to me that appears to be a stab at openssl, > but I am not sure what to make of it. > > Any comments/suggestions? > > The questionnaire is available at the following URL: > > http://usa.visa.com/media/business/cisp/ComplianceQuestionnaire.pdf > > Thank you. > > Waitman Gobble > EMK Design > Telephone (714) 522-2528 > Toll Free (877) 290-2768 > http://emkdesign.com > > ....................................... > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
