The PCI Security Standards Council. Jeremy King European Director
|
|
- Annabella Rice
- 8 years ago
- Views:
Transcription
1 The PCI Security Standards Council Jeremy King European Director
2 Agenda How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure? How can you be involved?
3 PCI Security Standards Protection of Cardholder Payment Data Manufacturers PCI PTS Pin Entry Devices Software Developers PCI PA-DSS Payment Applications Merchants & Service Providers PCI DSS Secure Environments PCI Security & Compliance P2PE Ecosystem of payment devices, applications, infrastructure and users
4 About the Council Open, global forum Founded 2006 Responsible for PCI Security Standards Development Management Education Awareness
5 Global Representation Board of Advisors RSA, The Security Division of EMC TSYS VeriFone Systems, Inc. Wal-Mart Stores, Inc. Starbucks Barclaycard British Airways Cartes Bancaires European Payments Council IATA Ingenico Tesco Stores Limited Cisco Citi First Data Corporation Heartland Payment Systems JPMorgan Chase&Co. McDonald s Corporation Cielo Woolworths Limited
6 Continued and Sustained Growth PCI SSC Community Meetings Total Attendees PO Attendees QSA/ASV/PTS Lab Attendees
7 Agenda How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure? How can you be involved?
8 The Five Stages of Grief Denial It doesn t apply to me PCI compliance is mandatory de ni al 1. : refusal to satisfy a request or desire 2. a (1) : refusal to admit the truth or reality (as of a statement or charge) (2) : assertion that an allegation is false b : refusal to acknowledge a person or a thing : disavowal 3. : the opposing by the defendant of an allegation of the opposite party in a lawsuit Source:
9 The Five Stages of Grief Anger It isn t fair PCI applies to all parties in the payment process an ger transitive verb : to make angry <he was angered by the decision> intransitive verb : to become angry Source:
10 The Five Stages of Grief Bargaining I ll do some of it Compliance is pass / fail bar gain ing 1. :an agreement between parties settling what each gives or receives in a transaction between them or what course of action or policy each pursues in respect to the other 2. : something acquired by or as if by bargaining; especially : an advantageous purchase <at that price the car is a bargain> 3. : a transaction, situation, or event regarded in the light of its results <a bad bargain> Source:
11 The Five Stages of Grief Depression I ll never get there Many merchants already have de pres sion 1. (1) : a state of feeling sad : dejection (2) : a psychoneurotic or psychotic disorder marked especially by sadness, inactivity, difficulty in thinking and concentration, a significant increase or decrease in appetite and time spent sleeping, feelings of dejection and hopelessness, and sometimes suicidal tendencies 2. (1) : a reduction in activity, amount, quality, or force (2) : a lowering of vitality or functional activity Source:
12 The Five Stages of Grief Acceptance It ll be OK PCI doesn t introduce any new, alien concepts ac cept ance 1. : an agreeing either expressly or by conduct to the act or offer of another so that a contract is concluded and the parties become legally bound Source:
13 What About EMV? Council released guidance on EMV within an overall data security framework defined by the PCI Data Security Standard The guidance clearly highlights the benefits both systems bring to tackling fraud. EMV While EMV does help prevent some types of fraud, in order for a merchant to secure their payment data they must also adopt all elements of the PCI DSS. In today s EMV market, PCI DSS must be adopted and implemented in order to protect cardholder data.
14 EMV Transaction Auth Track data PIN block J c King PAN Expiry icvv/ icvc Auth Track data PIN block Auth Track data PIN block
15 Agenda How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure? How can you be involved?
16 Website
17 Resources for Merchants and Others
18 Special Resources for Small Merchants
19 2012 Training Highlights PCI SSC Internal Security Assessor (ISA) Program Helps security professionals improve their organizations understanding or PCI DSS and validate and maintain ongoing compliance Check out our Training Webinar! PCI Awareness Training Offers general PCI training across your business to ensure a universal understanding of PCI compliance Training Schedule ISA: London, UK April, 2012 QSA: London, UK April, 2012 PA-QSA: London, UK April, 2012 PCI Awareness Training online anytime!
20 Internal Security Assessor (ISA) Program A comprehensive PCI DSS training and qualification program for eligible internal audit security professionals Objective PCI SSC Internal Security Assessor (ISA) Program Now offered in new hybrid model: online prerequisite course followed by two day instructor-led session! Focus Help security professionals improve their organizations understanding or PCI DSS and validate and maintain ongoing compliance How does this benefit my organization? Opportunity to develop internal security expert for driving and maintaining PCI compliance Increase internal understanding of PCI standards and controls May reduce compliance costs by encouraging development of ongoing security process before and beyond the annual validation Improving understanding of PCI standards and compliance through: Enhancing the quality, reliability, and consistency of internal PCI- DSS self-assessments Supporting the consistent and proper application of PCI-DSS measures and controls Effectively facilitating interactions with QSAs
21 PCI Awareness Training Who should attend? Open to anyone who is interested in learning more about PCI, with a focus on those individuals working for organizations that must meet compliance with the PCI DSS or have a vested interest in the Payment Card Industry What does it cover? Key topics: What is PCI and what does it mean to a company that must meet compliance with the PCI DSS? Roles and responsibilities of the key actors in the compliance process How the credit card brands differ in their requirements for PCI reporting and validation Overview of the infrastructure used by organizations to accept payment cards and communicate with the verifications and payment facilities Real world examples of PCI challenges and successes How can I sign up? This course is offered both online and as a one day instructor-led session. Please visit the PCI SSC Awareness Training page on the Council website for an up-to-date schedule of courses and registration details: Awareness Training available online! Dates & Cost Fees: $ per individual (plus VAT where applicable) Online: (per company) 1-24 people $495; people $395; 100+ people $295
22 PCI DSS Prioritized Approach Prioritized Approach Tools
23 Fact Sheets
24 Skimming Prevention Guidance
25 New Guidance EMV Telephone-based Payment Card Data Virtualization Tokenization Wireless PA-DSS and Mobile
26 New Guidance Information Supplement: Telephone-based Payment Card Data Key Recommendations: Identifies risks and considerations specific to telephonebased payment card data Provides a step-by-step flowchart to help determine PCI DSS controls for voice recordings Specific guidance addressing capture of SAD Identifies several applicable PCI DSS requirements with recommendations specific to call recording environments Provides sample questions that merchants can ask call center providers to determine how their solution supports PCI DSS compliance
27 New Guidance Information Supplement: Virtualization Key Recommendations: Perform thorough evaluation of the technology and the impact on PCI DSS Specific security considerations for virtual environments Recommends all virtualization components meet PCI DSS requirements Defense in depth approach across both physical and logical layers
28 New Guidance Information Supplement: Virtualization Cloud-based architectures Responsibility will vary according to the specific cloud service and/or implementation Considerations for public cloud environments include: Added complexity Dynamic boundaries Often limited visibility or control over underlying infrastructure
29 New Guidance Information Supplement: Tokenization Key Recommendations: Tokenization does not eliminate the need for PCI DSS Primary goal is to replace sensitive PAN values with non-sensitive token values Tokenization may affect PCI DSS scope by limiting systems that store, process or transmit cardholder data Tokenization can contribute to a layered approach to cardholder data security
30 New Guidance Information Supplement: Tokenization Scoping Principles: Segment out of scope systems from the tokenization system and the CDE Scoping considerations will vary for each solution Tips for maximizing scope reduction: Limit PAN to point of capture and the card data vault Combine with P2PE Ensure PAN is not retrievable Securely delete PAN and other cardholder data from source systems
31 New Guidance Information Supplement: Wireless Overview: Updated guidance aligns with PCI DSS v2.0 Incorporates Bluetooth technologies Recommendations for securing wireless technologies Expanded guidance Includes updates per PCI DSS Requirement11.1
32 New Guidance PCI SSC Update June 2011 Mobile Update & FAQ on applicability of PA-DSS to mobile payment acceptance applications Category 1 and 2 applications are eligible for PA-DSS Category 3 applications are pending development of further guidance and/or standards Category 1 PTS Approved PED Devices Category 2 Purpose Built POS Devices Category 3 General Purpose Smart Device
33 New Guidance PCI SSC Update June 2011 Mobile Addressing Category 3 Applications via Two Scenarios Scenario 1: Cardholder data is only input using an encrypted solution and transmitted encrypted through a mobile device Device never accesses clear-text PAN New PTS approval class for Secure Card Readers + P2PE is applicable Scenario 2: Cardholder data is input using a nonencrypted solution and transmitted through a mobile device Device has access to clear-text PAN Guidance/best practices for protecting clear-text PAN within mobile applications under development
34 New Program P2PE Hardware/Hardware Point-to-Point Encryption (P2PE) The Basics: P2PE does not replace PCI DSS Allows merchants to reduce their validation scope Merchant environment is isolated from clear-text account data P2PE incorporates all PCI standards, including elements from: PTS for the Point of Interaction (POI) devices PA-DSS for applications within POI PCI PIN for cryptographic key management PCI DSS for P2PE Solution Provider environment
35 New Program P2PE Hardware/Hardware Point-to-Point Encryption (P2PE) P2PE Program Schedule Hardware/Hardware Initial Release Validation Requirements September 2011 Final release Validation Requirements with detailed testing procedures Early 2012 P2PE assessor qualification process and solution listings Q1 2012
36 Council Resources Security standards Quick Reference Searchable List of approved and supporting Guide Frequently Asked QSAs, ASVs, PA- documents Questions QSAs, PED Labs Education and outreach - e.g., fact sheets, webinars Participating membership, meetings, collaboration A global voice for the industry
37 Agenda How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure? How can you be involved?
38 Get Involved PCI security landscape and standards are maturing globally
39 Get Involved Join the PCI Braintrust! Chief Security Officers Information Security Professionals Compliance Officers Join! Become a Participating Organization today Forensic Investigators Technologists IT Managers Risk Managers Chief Information Officers Legal Experts Data Security Experts
40 Special Interest Groups (SIGS) Guidance & Alignment on Risk Assessment Level 3 and Level 4 E-Commerce Merchants Cloud (Virtualization Phase 2) sigs@pcisecuritystandards.org Projects commenced January 2012
41 Community Meetings Orlando, Florida, USA September 12 14, 2012 Dublin, Ireland October 22 24, 2012 Join us as a Participating Organization to get involved in setting global PCI standards!
42 Provide Feedback to the Council Implementation Feedback Formal Feedback Draft Revisions Feedback
43 How the Process Works Where elements of cardholder data must be protected when stored in conjunction with PAN, can we get some clarification on what in-conjunction means? Technical Working Group Board of Advisors Technical Working Group Standards Issued Technical Working Group Participating Organizations
44 Summary Focus on security, not compliance Understand the process of PCI standards development Join us as a Participating Organization and increase our global presence Take advantage of the Council s resources and guidance Participate in the 2012 Annual Community Meetings Adopt version 2.0 and share the PCI SSC roadmap with internal stakeholders
45 Stay Involved People + Processes + Technology = Security
46 Questions? Any Questions? Please visit our website at
PCI Security as a Lifecycle: How to Plan for PCI in 2012 and Beyond
PCI Security as a Lifecycle: How to Plan for PCI in 2012 and Beyond Bob Russo PCI SECURITY STANDARDS COUNCIL Session ID: GRC-204 Session Classification: Intermediate About the Council Open, global forum
More informationThe PCI Security Standards Council. Bob Russo June 2011
The PCI Security Standards Council Bob Russo June 2011 What are the threats to card data? How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure?
More informationPCI Security Standards Council
PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for
More informationPCI Security Standards Council
PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI
More informationLESS IS MORE PCI DSS SCOPING DEMYSTIFIED
LESS IS MORE PCI DSS SCOPING DEMYSTIFIED Lauren Holloway PCI Security Standards Council Emma Sutcliffe PCI Security Standards Council Session ID: Session Classification: DSP-W21 Intermediate Who s Here
More informationPCI PA-DSS Requirements. For hardware vendors
PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through
More informationPayment Card Industry (PCI) Additional Security Requirements for Token Service Providers (EMV Payment Tokens)
Payment Card Industry (PCI) Additional Security Requirements for Token Service Providers (EMV Payment Tokens) Frequently Asked Questions December 2015 Introductory Note This document addresses frequently
More informationThe PCI Security Standards Council
The PCI Security Standards Council 9/12/2008 The PCI Security Standards Council An open global forum, launched in 2006, responsible for the development, management, education, and awareness of the PCI
More informationTransitioning from PCI DSS 2.0 to 3.1
Transitioning from PCI DSS 2.0 to 3.1 What You Need to Know April, 2015 Emma Sutcliffe, Director, Data Security Standards About the PCI Council Founded in 2006 - Guiding open standards for payment card
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationPCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth
PCI Compliance 2012 - The Road Ahead October 2012 Hari Shah & Parthiv Sheth What s the latest? Point-to-Point Encryption (P2PE) Program Guide Updated Solution Requirements and Testing Procedures for hardware-based
More informationThe PCI Security Standards Council. Bob Russo, General Manager January 30, 2009
The PCI Security Standards Council Bob Russo, General Manager January 30, 2009 PCI SSC - The Standards 2 The PCI Security Standards Council Founders 3 Organizational Structure 4 PCI DSS Drivers Advisory
More informationMobile Payment Security
Mobile Payment Security Gill Woodcock 2014 About the PCI Council Founded in 2006 - Guiding open standards for payment card security Development Management Education Awareness PCI Security Standards Suite
More informationThe Relationship Between PCI, Encryption and Tokenization: What you need to know
October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,
More informationPayment Card Industry Compliance Overview
January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationPoint-to-Point Encryption (P2PE)
Payment Card Industry (PCI) Point-to-Point Encryption (P2PE) Frequently Asked Questions for PCI Point-to- Point Encryption (P2PE) August 2012 Frequently Asked Questions (FAQs) For PCI Point-to-Point Encryption
More informationPayment Card Industry (PCI) Point-to-Point Encryption
Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements and : Encryption, Decryption, and Key Management within Secure Cryptographic Devices (Hardware/Hardware) Version 1.1.1 July 2013
More informationPCI Compliance 101: Payment Card. Your Presenter: 7/19/2011. Data Security Standards Compliance. Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT
PCI Compliance 101: Payment Card Industry Basics Data Security Standards Compliance Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT This complimentary webinar is brought to you by ASAE-Endorsed Business Solutions
More informationWhat You Need to Know About PCI SSC. 2014 Guiding open standards for global payment card security
What You Need to Know About PCI SSC 2014 About the PCI Council Founded in 2006 - Guiding open standards for payment card security Development Management Education Awareness Expanding Global Representation
More informationPCI DSS Gap Analysis Briefing
PCI DSS Gap Analysis Briefing The University of Chicago October 1, 2012 Walter Conway, QSA 403 Labs, LLC Agenda The PCI DSS ecosystem - Key players, roles - Cardholder data - Merchant levels and SAQs UofC
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationInitial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance
Emerging Technology Whitepaper Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance For Transmissions of Cardholder Data and Sensitive Authentication Data Program Guide Version
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationIntroduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release
More informationTroy Leach May 6, 2009
The PCI Security Standards Council Troy Leach May 6, 2009 About the Council Open, global forum Founded 2006 Responsible for PCI Security Standards Development Management Education Awareness * 2 PCI Standards
More informationUnderstanding and Managing PCI DSS
Understanding and Managing PCI DSS PCI DSS in Context Some History Key Players Validating Compliance Cardholder Data 2! 5 Stages of PCI Grief Denial: It doesn t apply to me PCI compliance is mandatory
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationData Security Basics for Small Merchants
Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided
More informationTo ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.
About PSC With offices in the USA, Canada, UK and Australia, PSC is a leading PCI, PA DSS, and P2PE assessor, PCI Forensics Company and Approved Scanning Vendor. PSC is one of an elite few companies qualified
More informationAdyen PCI DSS 3.0 Compliance Guide
Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants
More informationFour Keys to Preparing for a PCI DSS 3.0 Assessment
A division of Sikich LLP Four Keys to Preparing for a PCI DSS 3.0 Assessment Jeff Tucker, QSA jtucker@sikich.com September 16, 2014 NEbraskaCERT Cyber Security Forum About 403 Labs 403 Labs, a division
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 3.2 May 2016 Document Changes Date Version Description October 1, 2008 1.2 October 28,
More informationHOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS
HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS August 23, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Presenters Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security
More information1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education
PCI in Higher Education Walter Conway, QSA 403 Labs, LLC Walt Conway PCI consultant, blogger, trainer, speaker, author Former Visa VP Help schools become PCI compliant Represent Higher Education at PCI
More informationPayment Card Industry (PCI) Point-to-Point Encryption
Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements and Version 2.0 June 2015 Document Changes Date Version Description 14 September 2011 1.0 April 2012 1.1 June 2014 2.0 Initial
More informationJohn Verdeschi Vice President Payment Systems Integrity March 31, 2009. and The PCI SSC s Prioritized Approach
John Verdeschi Vice President Payment Systems Integrity March 31, 2009 Trends in Data Security and The PCI SSC s Prioritized Approach March 31, 2009 Trends in Data Security The PCI SSC Prioritized Approach
More informationPayment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1
Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1
More informationHow Secure is Your Payment Card Data?
How Secure is Your Payment Card Data? Complying with PCI DSS SLIDE 1 PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security Practice PCI Practice Leader Francis has
More informationStandard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: March 2011. Information Supplement: Protecting Telephone-based Payment Card Data
Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: March 2011 Information Supplement: Protecting Telephone-based Payment Card Data Table of Contents Executive Summary 3 Clarification of
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationSo you want to take Credit Cards!
So you want to take Credit Cards! Payment Card Industry - Data Security Standard: (PCI-DSS) Doug Cox GSEC, CPTE, PCI/ISA, MBA dcox@umich.edu Data Security Analyst University of Michigan PCI in Higher Ed
More informationPCI DSS Overview. By Kishor Vaswani CEO, ControlCase
PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationMobile Device Payment Card Processing: How Secure is It? Richard Poworski CISSP, ISP, ITCP, SCF, PCI QSA, PCIP Managing Consultant
Seccuris is Canada s premier Information Assurance integrator. We enable organizations to achieve business goals through effective management of information risk. We are agile, innovative, flexible, and
More informationTime to get off the fence?
WHITE PAPER Thought leadership for the retail sector Time to get off the fence? Defining a cost-effective way to get and retain PCI DSS certification Author: Kevin Burns, PCI and Payments Consultant, BT
More informationIntroduction to. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationPCI DSS. CollectorSolutions, Incorporated
PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted
More informationSecuring The Data. Payment System Forum Bank Negara Malaysia. 27 th November 2014. Murugesh Krishnan Head of Risk, South & Southeast Asia
Securing The Data Payment System Forum Bank Negara Malaysia 27 th November 2014 Murugesh Krishnan Head of Risk, South & Southeast Asia Disclaimer Case studies, statistics, research and recommendations
More informationCorbin Del Carlo Director, National Leader PCI Services. October 5, 2015
PCI compliance: v3.1 Key Considerations Corbin Del Carlo Director, National Leader PCI Services October 5, 2015 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice
More informationWhy Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
More informationHow To Write A Work Paper
Payment Card Industry Payment Application Data Security Standard (PA-DSS) FAQs for use with ROV Reporting Instructions for PA-DSS version 2.0 ROV Reporting Instructions for PA-DSS v2.0 Frequently Asked
More informationStatement of Stephen W. Orfei General Manager PCI Security Standards Council
Statement of Stephen W. Orfei General Manager PCI Security Standards Council Before the Committee on Financial Services, United States House of Representatives Protecting Consumers: Financial Data Security
More informationPCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers.
PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. White Paper January 2013 1 INTRODUCTION The PCI SSC (Payment
More informationOKLAHOMA STATE UNIVERSITY STUDENT UNION HOW IT SERVES OTHERS THROUGH PCI COMPLIANCE
OKLAHOMA STATE UNIVERSITY STUDENT UNION HOW IT SERVES OTHERS THROUGH PCI COMPLIANCE TRACIE BROWN ASSOCIATE DIRECTOR OF ADMINISTRATIVE SERVICES MIKE PEASTER INFORMATION TECHNOLOGY MANAGER THE QUESTIONS
More informationmobile payment acceptance Solutions Visa security best practices version 3.0
mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission
More informationSection 1: Assessment Information
Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the service provider s self-assessment with the Payment Card Industry Data
More informationPayment Security teleconference
Payment Security teleconference PCI DSS Compliance Validation Options 27 th March 2014 Michael Christodoulides and Louise Hunt All information correct at time of presentation Introduction Barclaycard has
More informationrguest Pay Gateway: A Solution Review
rguest Pay Gateway: A Solution Review TABLE OF CONTENTS Introduction...3 Why P2PE?...4 PCI P2PE Standards...4 Buyer Beware...6 PCI DSS Scope Reduction...6 P2PE Payment Terminals...7 The Payment Information
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationVeriFone VeriShield Total Protect Technical Assessment White Paper
VeriFone VeriShield Total Protect Technical Assessment White Paper Prepared for: September 4 th, 2013 Dan Fritsche, CISSP, QSA (P2PE), PA-QSA (P2PE) dfritsche@coalfiresystems.com Table of Contents EXECUTIVE
More informationComplying with Payment Card Industry Data Security Standards (PCI DSS) Requirements. Approaches in Higher Education
September 28, 2010 Complying with Payment Card Industry Data Security Standards (PCI DSS) Requirements Approaches in Higher Education Dennis W. Reedy Managing Director, Treasury Operations Indiana University
More informationPCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard
PCI Compliance Crissy Sampier, Longwood University Edward Ko, CampusGuard Agenda Introductions PCI DSS 101 Chip Cards (EMV) Longwood s PCI DSS Journey Breach Statistics Shortcuts to PCI DSS Compliance
More informationPoint-to-Point Encryption
Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements: Encryption, Decryption, and Key Management within Secure Cryptographic Devices (Hardware/Hardware) Initial Release: Version
More informationThe state of PCI DSS compliance. Irish Payments Services Organisation PCI DSS Explained
Pro-active Enterprise Security The state of PCI DSS compliance Global, European and Irish perspectives Irish Payments Services Organisation PCI DSS Explained Dublin 2 nd September 2010 Prepared by Mathieu
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment
More informationCase 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A
Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)
More informationPCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz
PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card
More informationPCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics
PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics About Us Matt Halbleib CISSP, QSA, PA-QSA Manager PCI-DSS assessments With SecurityMetrics for 6+ years SecurityMetrics Security
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationSafe and Sound Processing Telephone Payments Securely. A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015
Safe and Sound Processing Telephone Payments Securely A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015 Executive summary The following information and guidance
More informationPoint Secure Commerce Application (SCA) 2.x PCI PA-DSS Out of Scope White Paper
Point Secure Commerce Application (SCA) 2.x PCI PA-DSS Out of Scope White Paper Executive Summary Lyle Miller: CISSP, QSA PA-QSA December 3, 2013 VeriFone, Inc. (VeriFone) engaged Coalfire Systems Inc.
More informationThoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director
Thoughts on PCI DSS 3.0 D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Agenda 1 2 3 Global Payment Card Statistics and Trends PCI DSS Overview PCI DSS Version 3.0: Important Timelines
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationEMV mobile Point of Sale (mpos) Initial Considerations
EMV mobile Point of Sale EMV mobile Point of Sale (mpos) Initial Considerations Version 1.1 June 2014 2014 EMVCo, LLC ( EMVCo ). All rights reserved. Any and all uses of the EMV Specifications ( Materials
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationPayment Application Data Security Standard
Payment Card Industry (PCI) Payment Application Data Security Standard ROV Reporting Instructions for PA-DSS v2.0 March 2012 Changes Date March 2012 Version Description Pages 1.0 To introduce PA-DSS ROV
More informationSafer Business Newsletter Q3 2012
Safer Business Newsletter Q3 2012 Welcome H ello and welcome to the latest edition of Safer Business News. Were you an Olympic addict, or did you avoid the games completely? Whatever your preference I
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationPAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES
PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES AGENDA PCI Players and Roles Merchant Requirements Keys To Successful PCI
More informationThe PCI DSS Compliance Guide For Small Business
PCI DSS Compliance in a hosted infrastructure A Rackspace White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by
More informationDon Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer
Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud
More informationPCI DSS Compliance Services January 2016
PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction
More informationUNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE
UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE April 30 th, 2014 Sean Mathena CISSP, CISA, QSA Trustwave Managing Consultant WELCOME AND AGENDA PCI-DSS 3.0 Review the high-level areas that have changed
More informationProtecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh
Protecting Your Customers' Card Data Presented By: Oliver Pinson-Roxburgh Agenda Trustwave Overview PCI Scope Compromise Statistics PCI Makes Business Sense Registration Process TrustKeeper Features Support
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationRegistry of Service Providers
Registry of Service Providers Program Guide Contents 1 2 1.1 What is the Registry of Service Providers? 2 1.2 Who can register? 3 1.3 Why register with Visa? 3 1.4 Implications for Visa Clients 4 2 5 2.1
More informationWhite Paper PCI-Validated Point-to-Point Encryption
White Paper PCI-Validated Point-to-Point Encryption By Christopher Kronenthal, Chief Technology Officer Contributors Executive Summary Merchants are navigating a payments landscape that continues to evolve,
More informationWhite paper. How to take your contact centre out of scope for PCI DSS. Reducing cost and risk in credit card transactions for contact centres
White paper How to take your contact centre out of scope for PCI DSS Executive summary With 77 per cent of UK companies admitting to a security breach (Source: The Ponemon Institute, 2009), and up to 97
More informationRegistration and PCI DSS compliance validation
Visa Europe A Guide for Third Party Agents Registration and PCI DSS compliance validation October 2015 Version 1.1 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration
More informationPCI Compliance. Reducing cost & risk in Credit Card Transactions for Contact Centres V1.0
PCI Compliance Reducing cost & risk in Credit Card Transactions for Contact Centres V1.0 Contents Executive Summary 3 PCI DSS and the battle against card fraud Introduction 4 PCI DSS Requirements PCI DSS
More informationPCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
More informationMITIGATING LARGE MERCHANT DATA BREACHES
MITIGATING LARGE MERCHANT DATA BREACHES Tia D. Ilori Ed Verdurmen January 2014 1 DISCLAIMER The information or recommendations contained herein are provided "AS IS" and intended for informational purposes
More information