PCI Compliance Workshop. NACS PEI October 21, :45 a.m. 11:45 a.m.
|
|
- Oscar Fitzgerald
- 8 years ago
- Views:
Transcription
1 PCI Compliance Workshop NACS PEI October 21, :45 a.m. 11:45 a.m.
2 Presenters Scott McDowell, Director of Marketing, Dispenser Applications, Gilbarco Veeder-Root Mike Tyler, Director of Marketing, Petroleum Division, VeriFone, Inc. Tim Weston, Product Manager, Payment Technologies, Dresser Wayne
3 Agenda Overview of Payment Card Industry (PCI) Requirements Payment Terminal Standards and Retailer Options Fuel Dispenser Standards and Retailer Options POS System Standards and Retailer Options Implementing PCI A Customer s Perspective Dresser Wayne Solutions Gilbarco Veeder-Root Solutions VeriFone Solutions Audience Q & A for Panelists 3
4 Overview of Payment Card Industry (PCI) Standards Mike Tyler Director of Marketing, Petroleum Division VeriFone, Inc.
5 Payment Card Industry Security Standards Council Covers PIN Entry Devices at the pump and in the check-out lane PA-DSS applies to software vendors who develop payment applications that store, process, or transmit cardholder data PCI DSS applies to any business that stores, processes, and/or transmits cardholder data
6 Payment Security Deadlines Secure the forecourt with Encryption at Pump January 1, 2009 New dispensers July 1, 2010 Existing dispensers Upgrade to PCI PED PIN Pads & TDES July 1, 2010 VISA PED or PCI PED approved Pin Pads and TDES from end to end Update Payment Software to PA-DSS October 1, 2008 New Stores July 1, 2010 All Stores July 2008 Oct 2008 Jan 2009 April 2009 July 2009 Oct 2009 Jan 2010 June 2010 July 2010
7 Payment Terminal Standards and Retailer Options
8 Payment Terminal Compliance Timeline Unapproved Devices Can t support TDES 156-bit encryption keys 6/30/2010 Sunset Date VISA PED Devices OK to use if you have them installed already 12/31/2014 Sunset Date PCI PED 1.x Devices Tamper Resistance improves security significantly PCI PED 2.x Devices Upgrade PIN Pads TDES Encryption IMPACT: Time your replacement cycles to take advantage of newer terminals with improved security standards. Replace Visa PED in 2013.
9 Fuel Dispenser Standards and Retailer Options Tim Weston Product Manager of Payment Technologies Dresser Wayne
10 Payment Security at the Dispenser PCI security standard currently applies to all fuel dispensers that accept PIN debit transactions Requires encryption when PIN information is entered Must use PCI certified Encrypting PIN Pad capable of Triple-DES encryption Triple-DES encryption keys required to be fully compliant Retailers assume risk if using Single-DES encryption after July 2010 PIN encryption must be done within the keypad Dispenser upgrade procedures vary by vendor Keypads, electronics, displays, bezel panels, etc.
11 Fuel Dispenser Compliance Timeline Visa mandating that all PIN accepting fuel dispensers comply with PCI EPP standards to support Triple-DES migration Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q Q1 Q2 New Dispensers Newly deployed dispensers must contain TDES-capable PCI-certified EPP keypad All Dispensers All dispenser keypads actively use TDES encryption on PCI-certified EPP keypads TDES/PCI Approved Keypads in New Dispensers Upgrade Existing Equipment to TDES/PCI TDES PIN Encryption Required (to maintain liability protection) Liability Shift to Retailer for continued use of 1DES DUKPT
12 Choices for Retailers What options do retailers have? Upgrade dispensers with PCI Encrypting PIN Pads Install new TDES-capable PCI compliant fuel dispensers Require PIN debit customers to pay in store Do nothing now and stop accepting PIN debit as of July 1, 2010 Assume risk of non-compliance / compromise liability for use of Single-DES DUKPT after the deadline Note: Your Processor or Major Oil Brand may limit your choices or influence the timing of upgrades
13 POS System Standards and Retailer Options Scott McDowell Director of Marketing, NA Payment Gilbarco Veeder-Root
14 PA DSS encompasses the complete Payment System Card Issuers Merchant Acquirers Host Servers Corporate Server Wireless Terminals Websites POS Terminals POS Terminal Software applications, infrastructure, procedures, and processes Automated Fuel Dispenser Indoor PIN Pads PCI DSS Standard PA-DSS Standard PCI PED Standard PCI EPP Standard
15 Payment Application Compliance Timeline Visa is implementing a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system. PABP PA-DSS Applies to Purchased Software Applications Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Remove all known vulnerable applications Upgrade or remove non-compliant applications Only install PA-DSS applications for NEW sites
16 Don t Delay, Deadlines are Fast Approaching Education (PCI-DSS, PA-DSS, PED, EPP) PCI Security Standards Council PCI Quick Reference Guide Self Assessment (PCI-DSS, PA-DSS) Inventory and document site infrastructure Self Assessment Questionnaire Standards Training Look at the big picture Talk to your Vendors Engage a QSA Don t wait
17 Implementing PCI A Customer s Perspective Dresser Wayne Solutions Gilbarco Veeder-Root Solutions VeriFone Solutions
18 Bobby Dutcher, President Atlanta Petroleum Equipment Company, Inc.
19 PCI Upgrade Prep Are we switching POS equipment brands? Do we need a new interface box? Do we need electrical outlets? Do we need Pin Pad Stands? Do we have a site configuration report? Is there a back office and scanning system present? Are the Automated Fuel Dispensers operational? APEC Site Planning Tool Do we need to change any card reader BIOS chips? Are there enough wires for communication? Are there any ADA keypads involved? Do we need to upgrade any components on existing dispensers? Do any dispensers need any new decals?
20 Typical Upgrade Process Prior to Site Visit Check kits to ensure they are complete and accurate Verify keypad environment variables in our lab Map keypads if needed in our lab During Site Visit Block off subject dispenser for upgrade Upgrade dispenser components Test operations in manual Put dispenser on-line and test operations Open to customers and move to next dispenser Verify all upgraded dispensers on-line and operating Changeover Timeline: One Day, Site Downtime 1 hour
21 Issues to Watch For Unable to put site on 3DES when only POS upgraded because: Site takes debit and AFD not upgraded yet so debit would be disabled Network not ready to accept and process 3DES encryption keys Unable to put site on 3DES when only AFD upgraded because: POS not able to accept and process 3DES encryption keys Network not ready to accept and process 3DES encryption keys Unable to put site on 3DES after POS and AFD upgraded Network not ready to accept and process 3DES encryption keys Some Brands have multiple encryption keys in operation Key Learning: Prepare ahead of time to avoid scenarios that require making multiple trips to the site
22 Shell Station, Atlanta Georgia Successful Site Upgrade Installation proceeded as planned Equipment updates went smoothly Dispensers experienced minimal downtime Total upgrade took less than a day Customer very satisfied with results Notable benefits from the upgrade Refreshed user interface on dispensers Latest technology components upgradeability to future requirements 3DES encryption loaded and ready for Shell switchover in the future Local site here in Vegas with similar ix Pay upgrade Green Valley Grocery Sahara & Decatur
23 Case Study Background Pre-Upgrade Details G-Site installations at all 68 locations in TX Mixture of Gilbarco dispensers Non-upgradeable dispensers; MPD3, Wayne Upgraded units Advantage, Encore 300, 500, and S Post-Upgrade Details Installed Passport V8.02, featuring new PCI d-hub design Replaced 30 dispensers with Encore S with FlexPay EPP Upgraded OEM retrofits for Advantage and Encore dispensers Customer expectation of 58 days to meet 12/31/09 Shell Program
24 Preparing for the upgrade Point of Sale Preparing the Sites for PCI Upgrade Survey and record service needs Setup equipment off-site Training and Pre-install Confirm with network Dispensers Survey and record service needs Confirm kit contents with survey checklist Organize kits by site with part numbers Key learning / Opportunities for improvement Gain buy-in from customers Review checklist with installation crew daily Timeline vs. Merchant expectations Customer expectation of 58 days vs. actual of 40 days
25 Completing the PCI Upgrade Upgrading POS Upgrading AFDs 1 2 Convert data & install on new POS Remove CIM Door 3 4 Install kit parts & reassemble Upgrade (if necessary) Start Up
26 St. Romain Oil Company, Mansura, LA St. Romain Oil Company 23 Sites across Louisiana & Texas Fuel, Convenience Retail, Made to Order Food, Fleet
27 Preparing for the PCI Upgrade Preparing for the Installation Developed a Strategy and Upgrade Plan well in advance Tuesdays are good conversion days Performed Site Surveys before ordering any equipment Order Equipment Early Allow 6-8 weeks for equipment to ship Have a contingency plan Simplify the Conversion Process Duplicated Site configurations and Price Book structure from previously converted stores
28 Key Learning s and Ways to Improve Preparing for the PCI Upgrade Take time to plan and manage the schedule carefully Designate a Project Manager Service Techs MUST be certified to install the equipment Verify that your CC network is up before upgrading the POS Beware that Debit Keys may need to be the same both inside and outside (Network host requirement) Actual Timeline vs. What We Planned Planned 23 sites over a 5-month period, took 6 months
29 Completing the PCI Upgrade High level activities for upgrading POS Price Book/PLU issues Planned in advance for integration of back office software and new POS system Plan for Manager & Cashier training (next shift = New System) Next day has new Report Balancing processing (office Personnel) Topaz keyboard made the transition from G-Site easy High level activities for upgrading Dispensers Equipment staging and pre-installation streamlined the upgrade Minimal out of service; Converted half of pumps at a time Color graphics on Secure PumpPAY and Shell Rewards are a big deal to customers Unexpected Benefits from the upgrade Customers thought we installed new pumps Secure PumpPAY graphics grab attention, began running made to order food specials immediately; easy to change content remotely with broadband access tool Bottom Line Smooth Installation!
30 Q&A Session
The Petroleum Marketer s PCI compliance Reference Guide
The Petroleum Marketer s PCI compliance Reference Guide 1. Become familiar with the 12 standards of card data security: Build and maintain a secure network Requirement 1 Install and maintain a firewall
More informationINTEGRATED, SMART, AND SECURE
INTEGRATED, SMART, AND SECURE SMART FUEL SOLUTIONS SECURE PUMPPAY Integrated, Retrofit Solution VeriFone s Secure PumpPAY is a powerful solution for petroleum retailers that need to upgrade their existing
More informationPOS NEWS UPDATE 2011
POS NEWS UPDATE 2011 In 2006, Visa International, MasterCard Worldwide, Discover Financial Services and JCB jointly announced the formation of an independent council designed to manage the ongoing evolution
More informationA PCI Compliant Outdoor Payment Terminal For Automated Fuel Dispensers
A PCI Compliant Outdoor Payment Terminal For Automated Fuel Dispensers Security Vulnerability Are you protected? Organized crime rings are increasingly targeting merchants to obtain magnetic stripe data
More informationPCI Compliance 101: Payment Card. Your Presenter: 7/19/2011. Data Security Standards Compliance. Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT
PCI Compliance 101: Payment Card Industry Basics Data Security Standards Compliance Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT This complimentary webinar is brought to you by ASAE-Endorsed Business Solutions
More informationNeed to be PCI DSS compliant and reduce the risk of fraud?
Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction
More informationIntroduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationWayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.
Wayne EMV Solutions Protect your business with a complete EMV Solution inside and out. The transition to Europay, MasterCard, Visa (EMV) standards: Significantly reduce your risk of payment card fraud
More informationWebinar - Skimming and Fraud Protection for Petroleum Merchants. November 14 th 2013
Webinar - Skimming and Fraud Protection for Petroleum Merchants November 14 th 2013 Disclaimer The information or recommendations contained herein are provided "AS IS" and intended for informational purposes
More informationDon Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer
Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud
More informationHow To Buy A Bennett Pump
Standard Features Remote Dispenser ONLY. Not available as a self-contained suction pump. Single Hose Non-Blender, or Blender. Electronic Blenders available are 3+0 or 3+1 style. Single or Two Tier Price
More informationPAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES
PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES AGENDA PCI Players and Roles Merchant Requirements Keys To Successful PCI
More informationVisa PIN Security Program Webinar May 2015. Alan Low PIN Risk Representative AP and CEMEA. Visa Public
Visa PIN Security Program Webinar May 2015 Alan Low PIN Risk Representative AP and CEMEA Disclaimer The information or recommendations contained herein are provided "AS IS" and are intended to be information
More informationNACS/PCATS WeCare Data Security Program Overview
NACS/PCATS WeCare Data Security Program Overview March 27, 2012 Abstract This document describes the WeCare Program, discusses common data security threats, outlines an 8-point plan to improve data security,
More informationVisa Inc. PIN Entry Device Requirements
Visa Inc. PIN Entry Device Requirements The following information is applicable for Visa Inc. regions. Visa Inc. regions include Asia-Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA);
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationE2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA
E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationCSU, Chico Credit Card PCI-DSS Risk Assessment
CSU, Chico Credit Card PCI-DSS Risk Assessment Division/ Department Name: Merchant ID Financial Account Location (University, Auxiliary Organization) Business unit functional contact: : Title: Telephone:
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationIntroduction to. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationRuby VASC Instructor Guide
Ruby VASC Instructor Guide Client Services, Training 300 S. Park Place Blvd. Suite 100 727.953.4000 Main Reception 727.953.4270 Training Administration 727.953.4001 - Fax i_trngregistration@smokestack.verifone.com
More informationEND-OF-LIFE LIST FOR NON-COMPLIANT PIN-ENTRY DEVICE (PED) AND VULNERABLE DEVICES
END-OF-LIFE LIST F NON-COMPLIANT PIN-ENTRY DEVICE (PED) AND VULNERABLE DEVICES Current Card Association mandates require that all merchant acquirers and acquiring processors begin retirement of PIN pads
More information* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationA MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)
A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application
More informationPCI DSS Overview. By Kishor Vaswani CEO, ControlCase
PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key
More informationPayment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions
PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationV E R I F O N E POS SOLUTIONS A N D E M V R O A D M A P F O R C I T G O M A R K E T E R S
V E R I F O N E POS SOLUTIONS A N D E M V R O A D M A P F O R C I T G O M A R K E T E R S D I S C U S S I O N T O P I C S Migration of VeriFone Sites to CITPAK 6 What is EMV? Why does EMV affect my POS
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationReliable, Low-Cost Credit Card Processing Since 1998
Reliable, Low-Cost Credit Card Processing Since 1998 State-of-the-art credit card terminal Personal, expert customer service-24/7 No locked-in contracts or termination fees Lowest rates in the entire industry
More informationPROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN
PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information
More informationPayment Card Industry Compliance Overview
January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
More informationPetroleum and convenience-store retailers have reacted. The Heart of the Matter. PCI procrastination may create labor, cost issues in 2010
PCI procrastination may create labor, cost issues in 2010 By Angel Abcede aabcede@cspnet.com Petroleum and convenience-store retailers have reacted with both concern and cynicism to the pending Payment
More informationMobile Device Payment Card Processing: How Secure is It? Richard Poworski CISSP, ISP, ITCP, SCF, PCI QSA, PCIP Managing Consultant
Seccuris is Canada s premier Information Assurance integrator. We enable organizations to achieve business goals through effective management of information risk. We are agile, innovative, flexible, and
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationPayment Technology Deep Dive. October 13, 2015 8:00 am 8:50 am
Payment Technology Deep Dive October 13, 2015 8:00 am 8:50 am Objectives Navigate the differences between loyalty and payment apps as well as consumer perceptions of both Familiarize with EMV compatible
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationEMV Delivery of Mobile, Parking and Unattended Payments. Elavon
EMV Delivery of Mobile, Parking and Unattended Payments Elavon Elavon-At-A-Glance Elavon s primary business model is growth through partnerships; more than 1,500 Financial Institution partners serving
More informationGLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY
GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY Acquiring Bank The bank or financial institution that accepts credit and/or debit card payments for products or services on behalf
More informationSpokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A
Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Request for Proposals (RFP) for PCI DSS COMPLIANCE SERVICES Project # 15-49-9999-016 Addendum #1 - Q&A May 29,
More informationSecurity Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments
Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,
More informationCREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
More informationHow To Comply With The New Credit Card Chip And Pin Card Standards
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
More informationICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!
ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document
More informationpaypoint implementation guide
paypoint implementation guide PCI PA-DSS Implementation guide 1. Introduction This PA-DSS Implementation Guide contains information for proper use of the paypoint application. Point Transaction Systems
More information1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education
PCI in Higher Education Walter Conway, QSA 403 Labs, LLC Walt Conway PCI consultant, blogger, trainer, speaker, author Former Visa VP Help schools become PCI compliant Represent Higher Education at PCI
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationA Compliance Overview for the Payment Card Industry (PCI)
A Compliance Overview for the Payment Card Industry (PCI) Many organizations are aware of the Payment Card Industry (PCI) and PCI compliance but are unsure if they are doing everything necessary. This
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationYour Reference Guide to EMV Integration: Understanding the Liability Shift
Your Reference Guide to EMV Integration: Understanding the Liability Shift UNDERSTANDING EMV EMVCo was formed in February 1999 by Europay, MasterCard and Visa to establish and maintain global interoperability
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationCredit Card Processing, Point of Sale, ecommerce
Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits
More informationInformation about this New Guide
Information about this New Guide New Guide This PayPass POS Host/Payment Software Implementation Guide, dated September 2007, is an entirely new guide. Contents This guide helps point-of-sale (POS) host/payment
More informationModernizing H-E-B s Point-of-sale Systems
Customer Success Stories TEKsystems Global Services Modernizing H-E-B s Point-of-sale Systems RETAIL NETWORK INFRASTRUCTURE SERVICES TECHNOLOGY DEPLOYMENT Executive Summary H-E-B engaged TEKsystems to
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February
More informationPIN Pad Security Best Practices v2. PIN Pad Security Best Practices
PIN Pad Security Best Practices Introduction The payment industry and card associations adopted PED and PCI PED requirements because of concerns that sophisticated criminal organizations may have the resources
More informationPLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01
PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment
More informationAgenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007
Security Testing: The Easiest Part of PCI Certification Core Security Technologies September 6, 2007 Agenda Agenda The PCI Standard: Security Basics and Compliance Challenges Compliance + Validation =
More informationCorbin Del Carlo Director, National Leader PCI Services. October 5, 2015
PCI compliance: v3.1 Key Considerations Corbin Del Carlo Director, National Leader PCI Services October 5, 2015 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice
More informationHow To Ensure Account Information Security
Global PCI DSS Framework Emöke Bitter Business Leader, Risk Management 26 February 2009 Agenda Introduction Merchants Service Providers Registry of Service Providers Payment Applications Resources Information
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationClark Brands Payment Methods Manual. First Data Locations
Clark Brands Payment Methods Manual First Data Locations Table of Contents Introduction... 3 Valid Card Types... 3 Authorization Numbers, Merchant ID Numbers and Request for Copy Fax Numbers... 4 Other
More informationPCI-PA-DSS. Solution Kit
PCI-PA-DSS Solution Kit Table of Contents Introduction Why a PCI-PA-DSS Solution Kit? PCI Standards Defined PCI DSS PA-DSS PTS Move The Button Getting Started Game Board The Winning Strategy TouchNet U.Commerce
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationFlexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com
Flexible and secure payment solution acceo tender retail payment solution tender-retail.acceo.com Take control of your payment transactions ACCEO Tender Retail is a specialized middleware that handles
More informationHOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS
HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS August 23, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Presenters Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security
More informationQ: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationThis appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
More informationDates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2
Network Updates Summer 2013 We are committed to working closely with you on achieving your business goals. As a part of this commitment, we carefully monitor Network changes and summarize them for your
More informationOpenEdge Research & Development Group April 2015
2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The
More informationTechnical breakout session
Technical breakout session Small leaks sink great ships Managing data security, fraud and privacy risks Tarlok Birdi, Deloitte Ron Borsholm, WTS May 27, 2009 Agenda 1. PCI overview: the technical intent
More informationSage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know
I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit and debit
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationPCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate
More informationPlotting a Course for EMV Compliance
Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently
More informationDalPay Internet Billing. Technical Integration Overview
DalPay Internet Billing Technical Integration Overview Version 1.3 Last revision: 01/07/2011 Page 1 of 10 Version 1.3 Last revision: 01/07/2011 Page 2 of 10 REVISION HISTORY... 4 INTRODUCTION... 5 DALPAY
More informationEMV in Hotels Observations and Considerations
EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationSellWise User Group. Thursday, February 19, 2015
SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User
More informationCyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
More informationPCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard
PCI Compliance Crissy Sampier, Longwood University Edward Ko, CampusGuard Agenda Introductions PCI DSS 101 Chip Cards (EMV) Longwood s PCI DSS Journey Breach Statistics Shortcuts to PCI DSS Compliance
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationHow Secure is Your Payment Card Data?
How Secure is Your Payment Card Data? Complying with PCI DSS SLIDE 1 PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security Practice PCI Practice Leader Francis has
More informationPCI DSS. CollectorSolutions, Incorporated
PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted
More informationCREDIT CARD PROCESSING AND MERCHANT SERVICES
CREDIT CARD PROCESSING AND MERCHANT SERVICES provides credit card processing and merchant services for a wide range of business types - including retail, e-commerce, professional services, restaurants,
More informationPCI PA-DSS Requirements. For hardware vendors
PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationFrequently Asked Questions
I ccount Information System (IS) Program Frequently sked Questions Q What is IS? ccount Information Security, or IS, is a Risk Management program by Visa aimed to protect account and/or transaction information
More informationPCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core
PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566
More information