The company where I work for has a legacy X25 network for pin/atm transactions.
Access to this X25 is based on Closed User Group(CUG), but we are aware that the transactions over this X25 network are unencrypted.
We have equipement is place, such as PAD switches and x25 management tools.
We currently busy to migration the legacy x25 network to an IP based network, but this project take years and the PCI-audit is in october 2009.
My question is, does somebody experience with PCI DSS audits and X25 networks and to cope with the requirements from PCI-DSS.
Particulary on the security part of the X.25 equipment and management tools who should be PCI DSS compliant.