Ruby VASC Instructor Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Ruby VASC Instructor Guide"

Transcription

1 Ruby VASC Instructor Guide Client Services, Training 300 S. Park Place Blvd. Suite Main Reception Training Administration Fax

2 Published: March 11, 2011 VeriFone, Inc. Integrated Systems 300 South Park Place Blvd., Suite 100 Clearwater, FL Office: (727) Fax: (727) Printed in the United States of America 2010 VeriFone, Inc. All rights reserved. No part of this publication may be copied, distributed, stored in a retrieval system, translated into any human or computer language, or transmitted in any form or by any means, without the prior written consent of VeriFone, Inc. The content of this document is subject to change without notice. The information contained herein does not represent a commitment on the part of VeriFone, Inc. VeriFone, Inc. is a registered trademark of VeriFone, Inc. All other brand names and trademarks appearing in this documentation are the property of their respective owners. Published: 02/12/10 Page: 2

3 Document Revision History Revision Date Author Description /12/10 John_B1 Original Documentation /11/11 John_B11 Changed Module number to 8 Published: 02/12/10 Page: 3

4 Subject: PCI /PA-DSS Overview Skill Level: 2 - Intermediate Time Involved: 1 Hour 30 Minutes Objective(s) Students will be able to: Demonstrate a knowledge of PCI-DSS, PA-DSS Explain how PCI-DSS impacts Merchant s and VASC s Demonstrate the steps for a compliant installation Understanding the Software Download Agreement Documentation Needed Ruby VASC Instructor Guide: Module VASC Service Manual: Card Security, PCI Handouts Equipment Needed Pencils, pens, highlighters, and post-its for students 1 Ruby SuperSystem for each student (this includes power brick, Y-Cable, AC Power and a Printer) installed with the software application you are choosing to teach. Class Preparation Tables and chairs should be set up either classroom or U-shaped style. You will need 3 of table space for each student. Determine the application you will be using. This application will need to be installed on each student s Ruby terminal. Rubies should be powered up with all cables, connectors, connected. The physical keys on the Rubies should be arranged based on the keyboard set up diagram found in the Instructor Preparation materials. Published: 02/12/10 Page: 4

5 Instructor Notes Instruct and show students how to navigate to the Card Security section in the VASC Service Manual. Points to Stress: To counter the growing identity theft and credit card problem, the major credit card providers have joined together to introduce a compliance standard called PCI-DSS or the Payment Card Industry Data Security Standard. PCI-DSS applies to any company that accepts card based payments. PCI DSS was developed to protect cardholder data. The PCI-DSS requirements cover security management, policies, procedures, network architecture and other critical protective measures. The PCI-DSS standard mandates that all merchants, service providers, and software developers follow 12 critical points to ensure cardholder information, such as account numbers, PINs, etc. is protected. Being ignorant of knowing how to be PCI compliant is not a defense. Some merchants believe once you setup compliancy, it s DONE!... not the case. Merchants are responsible for being PCI compliant. Also, maintaining security should be a common goal. Pass-out the following handout to students: VASC Handout 12 Points for PCI-DSS PA-DSS PA-DSS stands for Payment Application Data Security Standards. PA-DSS Applies to Payment Applications such as Ruby, Sapphire, and Topaz. The goal of PA- DSS is to protect account numbers and support a merchant's ability to comply with PCI DSS. Points to Stress: Where PCI-DSS is directed at merchant implementation, PA-DSS is directed at software vendors and provides standards for building, testing, distributing and supporting software that is meant for card payment processing. PA-DSS is also meant to provide software vendors a guideline so they may facilitate a merchants ability to be PCI-DSS compliant. For each software application, VeriFone has a PA-DSS Implementation Guide that provides a breakdown by topic of what is necessary to install a site to ensure PCI-DSS compliancy. The PA-DSS Implementation Guide is available at all times on VeriFone s Premier Portal and a new copy should be downloaded each time you visit a location for installation and a copy should be left at the site for the merchant as part of the training. Published: 02/12/10 Page: 5

6 The PA-DSS Implementation Guide is a living document that may be updated at any time, because of this you should not retain old copies. You should ALWAYS download a fresh copy from the Premier Portal before providing it to a site or referencing it. How Does PA-DSS Affect VASCs? As a VASC when performing software installations you must ensure the following: 1. Become familiar with the PA-DSS Implementation Guide and adhere to the procedures within this document when installing and upgrading card payment processing equipment. 2. The merchant's POS system is installed with the most current software application. 3. When configuring the site's card network, ensure the communication devices (routers, hubs, datawire, etc.) are protected and configured properly. If the site will be using TCP/IP configurations please work with the site's IT personnel to ensure the appropriate firewalls, port forwarding, and IP addressing is configured properly. 4. Work with the Site Manager to ensure the default UserIDs and Passwords for the POS system and computer systems have been changed prior to leaving the site. 5. For sites with a Sapphire Mini-Server ensure the Site Manager is familiar with the LogIn switch. This switch should ALWAYS be in the UP POSITION. This will prevent users from receiving and transmitting data into the Sapphire. Should the site need help with a card transaction situation, it may be necessary for the VeriFone HelpDesk Agent to obtain card transaction information. The VeriFone HelpDesk Agent will instruct the site personnel to put the LogIn switch in the DOWN POSITION. After gathering the necessary information the VeriFone HelpDesk Agent will instruct the site personnel to put the Log-In switch to the UP POSITION. 6. Ensure the Merchant is given the following documents: 1. Do s and Don ts Handout 2. What Should I do About PCI Compliance? 3. PA-DSS Implementation Document (most current copy from Premier Portal) Published: 02/12/10 Page: 6

7 PA-DSS 14 Requirements for Vendors Review the following 14 requirements for Vendors with the students. 1 Do not retain full magnetic stripe data or CVV2/PIN data 2 Protect stored data (including account numbers) 3 Provide secure password features 4 Log application activity 5 Develop secure applications 6 Protect wireless transmissions 7 Test applications to address vulnerabilities 8 Facilitate secure network implementations 9 Never store cardholder data on a server connected to the Internet 10 Facilitate secure remote software update 11 Facilitate secure remote access to application 12 Encrypt sensitive traffic over public networks 13 Encrypt all non-console admin access Maintain instructional documents for customers, resellers, and 14 integrators Download Disclaimer on VeriFone s Premier Portal When downloading any application on VeriFone s Premier Portal you will have to agree to the following disclaimer: Download Acknowledgment of BUYPAK Ruby Production Software It is required that you print or download a copy of the PA-DSS Implementation Guide. Also, you MUST review the guide with the merchant and leave a copy with the merchant. Make sure students are aware of this disclaimer when downloading software from VeriFone s Premier Portal. PCI-DSS Training Module Play for the students the PCI-DSS Training Module video. Published: 02/12/10 Page: 7

Sapphire/Topaz VASC Instructor Guide. Module 5: Ethernet Basics & VFI Cisco Router Configuration

Sapphire/Topaz VASC Instructor Guide. Module 5: Ethernet Basics & VFI Cisco Router Configuration Module 5: Ethernet Basics & VFI Cisco Router Configuration Client Services, Training 300 S. Park Place Blvd. Suite 100 727.953.4000 Main Reception 727.953.4270 Training Administration 408.232.7244 - Fax

More information

paypoint implementation guide

paypoint implementation guide paypoint implementation guide PCI PA-DSS Implementation guide 1. Introduction This PA-DSS Implementation Guide contains information for proper use of the paypoint application. Point Transaction Systems

More information

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application

More information

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER

More information

Qualified Integrators and Resellers (QIR) Implementation Statement

Qualified Integrators and Resellers (QIR) Implementation Statement Qualified Integrators and Resellers (QIR) Implementation Statement For each Qualified Installation performed, the QIR Employee must complete this document and confirm whether the validated payment application

More information

PCI Compliance Training

PCI Compliance Training PCI Compliance Training 1 PCI Training Topics Applicable PCI Standards Compliance Requirements Compliance of Unitec products Requirements for compliant installation and use of products 2 PCI Standards

More information

Commander TM Site Controller

Commander TM Site Controller Commander TM Site Controller VRSD Implementation Guide Date: May 7, 2015 Commander Site Controller VRSD Implementation Guide May 08, 2015 Verifone, Inc. 88 West Plumeria Drive San Jose, CA 95134 Telephone:

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

User Set Up Booklet 1-800-653-3345. VeriFone Sapphire. Topaz POS. Terminals. For use with VeriFone. VeriFone Sapphire and. www.success-systems.

User Set Up Booklet 1-800-653-3345. VeriFone Sapphire. Topaz POS. Terminals. For use with VeriFone. VeriFone Sapphire and. www.success-systems. VeriFone Sapphire and Topaz POS Terminals User Set Up Booklet Ruby POS SuperSystems Sapphire Topaz POS Terminal epb TM For use with VeriFone Ruby SuperSystems VeriFone Sapphire and Topaz 1-800-653-3345

More information

CardControl. Credit Card Processing 101. Overview. Contents

CardControl. Credit Card Processing 101. Overview. Contents CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old

More information

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers.

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. White Paper January 2013 1 INTRODUCTION The PCI SSC (Payment

More information

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment

More information

AIS Webinar PA-DSS Program Overview

AIS Webinar PA-DSS Program Overview AIS Webinar PA-DSS Program Overview Hap Huynh Business Leader Visa Inc. December 2009 Visa Public Agenda PCI Standards PA-DSS Program PA-DSS Applicability PA-DSS Roles & Responsibilities Visa Public 2

More information

DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA

DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS

More information

VERIFONE ENHANCED ZONE ROUTER

VERIFONE ENHANCED ZONE ROUTER VERIFONE ENHANCED ZONE ROUTER Security, remote management, and network connectivity offering more solutions for your c-store. SUMMARY The Verifone Enhanced Router is designed for customers to implement

More information

PCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core

PCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page

More information

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing for Sage MAS 90 and 200 ERP Credit Card Processing Version 4.30.0.18 and 4.40.0.1 - January 28, 2010 Sage, the Sage logos and the Sage product and service names mentioned herein are registered trademarks

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Project Title slide Project: PCI. Are You At Risk?

Project Title slide Project: PCI. Are You At Risk? Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services

More information

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions

More information

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected. worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected. The 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS) by type Build

More information

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards

More information

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00 PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)

More information

Implementation Guide

Implementation Guide Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein

More information

The Petroleum Marketer s PCI compliance Reference Guide

The Petroleum Marketer s PCI compliance Reference Guide The Petroleum Marketer s PCI compliance Reference Guide 1. Become familiar with the 12 standards of card data security: Build and maintain a secure network Requirement 1 Install and maintain a firewall

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074

More information

PCI v2.0 Compliance for Wireless LAN

PCI v2.0 Compliance for Wireless LAN PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki

More information

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC MANAGE SECURITY AT THE SPEED OF BUSINESS AlgoSec Whitepaper Simplifying PCI-DSS Audits and Ensuring Continuous Compliance with AlgoSec

More information

Hybrid PA-DSS Report on Validation

Hybrid PA-DSS Report on Validation Hybrid PA-DSS Report on Validation For Applications that Store, Process, or Transmit Payment Card Data but are Not Part of Authorization or Settlement Application Vendor: KomBea Corporation 3400 N. Ashton

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

Five PCI Security Deficiencies of Retail Merchants and Restaurants

Five PCI Security Deficiencies of Retail Merchants and Restaurants Whitepaper January 2010 Five PCI Security Deficiencies of Retail Merchants and Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations by Brad Cyprus, SSCP - Senior Security Architect,

More information

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure. Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security

More information

CSU, Chico Credit Card PCI-DSS Risk Assessment

CSU, Chico Credit Card PCI-DSS Risk Assessment CSU, Chico Credit Card PCI-DSS Risk Assessment Division/ Department Name: Merchant ID Financial Account Location (University, Auxiliary Organization) Business unit functional contact: : Title: Telephone:

More information

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance

More information

PCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

PCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566

More information

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card

More information

Why Is Compliance with PCI DSS Important?

Why Is Compliance with PCI DSS Important? Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard PCI-DSS: Payment Card Industry Data Security Standard Why is this important? Cardholder data and personally identifying information are easy money That we work with this information makes us a target That

More information

Payment Application Data Security Standard

Payment Application Data Security Standard Payment Card Industry (PCI) Payment Application Data Security Standard ROV Reporting Instructions for PA-DSS v2.0 March 2012 Changes Date March 2012 Version Description Pages 1.0 To introduce PA-DSS ROV

More information

POS NEWS UPDATE 2011

POS NEWS UPDATE 2011 POS NEWS UPDATE 2011 In 2006, Visa International, MasterCard Worldwide, Discover Financial Services and JCB jointly announced the formation of an independent council designed to manage the ongoing evolution

More information

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft

More information

Payment Gateways: Value and Security

Payment Gateways: Value and Security Payment Gateways: Value and Security Presented by: Dmitriy Lerman, Dir. of Marketing 2009 CHARGE Anywhere, LLC. All trademarks, service marks, and trade names referenced in this material are the property

More information

Symposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda

Symposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda 2010 Finance & Business Operations Symposium (FBOS) PCI Compliance Cort M. Kane COO, designdata Judy Durham CFO, NPES Kymberly Bonzelaar, Sr. VP Capital One Richard Eggleston, Sr. Project Director, TMAR

More information

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009 Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods

More information

PCI DSS Compliance. 2015 Information Pack for Merchants

PCI DSS Compliance. 2015 Information Pack for Merchants PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends

More information

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,

More information

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)

More information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009 AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application

More information

Eagle 8.0 Release Notes

Eagle 8.0 Release Notes Eagle 8.0 Release Notes Eagle Technical Support 800.237.7673 Printed in U.S.A. 2010 Teleflora Information in this document is subject to change without notice. Companies, names and data used in examples

More information

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013 05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of

More information

Two Approaches to PCI-DSS Compliance

Two Approaches to PCI-DSS Compliance Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,

More information

Miami University. Payment Card Data Security Policy

Miami University. Payment Card Data Security Policy Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that

More information

6-8065 Payment Card Industry Compliance

6-8065 Payment Card Industry Compliance 0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card

More information

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants WHITE PAPER Five PCI Security Deficiencies of Restaurants Five PCI Security Deficiencies of Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus - Chief

More information

VeriFone VASC Training Certification Policies

VeriFone VASC Training Certification Policies VeriFone VASC Training Certification Policies Published August 30, 2011 Published 08/30/2011 Page 1 VeriFone VASC Training August 30, 2011 VeriFone, Inc. 2099 Gateway Place Suite 600 San Jose, CA 95110

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

NETePay 5.0. FDMS Nashville. Installation & Configuration Guide. Part Number: 8660.54

NETePay 5.0. FDMS Nashville. Installation & Configuration Guide. Part Number: 8660.54 NETePay 5.0 Installation & Configuration Guide FDMS Nashville Part Number: 8660.54 NETePay Installation & Configuration Guide Copyright 2011 Datacap Systems Inc. All rights reserved. This manual and the

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Customer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics

Customer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics Customer PCI 3.0 Changes = New Opportunity For You Giles Witherspoon-Boyd SecurityMetrics Who is this guy? Giles Witherspoon-Boyd, PCIP 15 years in technology, 4 years at SecurityMetrics SecurityMetrics

More information

Catapult PCI Compliance

Catapult PCI Compliance Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult

More information

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions

More information

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES AGENDA PCI Players and Roles Merchant Requirements Keys To Successful PCI

More information

PA-DSS Implementation Guide. Version 1.2.1. Document Owners. Approval Date: January 2012

PA-DSS Implementation Guide. Version 1.2.1. Document Owners. Approval Date: January 2012 v Tuition Express PA-DSS Implementation Guide Version 1.2.1 Approval Date: January 2012 Document Owners Brad Olson Operations Director Darren Gapp Chief System/Software Engineer Procare Software Tuition

More information

Data Security Requirements for K-12 January 28, 2010. Payment Card Industry (PCI)

Data Security Requirements for K-12 January 28, 2010. Payment Card Industry (PCI) CUR RITY SE Data Security Requirements for K-12 January 28, 2010 Payment Card Industry (PCI) SE CUR RITY 1 Welcome To Join The Voice Conference Dial 866-939-3921 Technical issues press 0 Q & A We ll leave

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Payment Application Data Security Standards Implementation Guide

Payment Application Data Security Standards Implementation Guide Payment Application Data Security Standards Implementation Guide 062212 PADSS 2012 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means,

More information

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1) PDQ has created an Answer Guide for the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C to help wash operators complete questionnaires. Part of the Access Customer Management

More information

Payment Card Industry Data Security Standards.

Payment Card Industry Data Security Standards. Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing

More information

Benefits of Integrated Credit Card Processing Within Microsoft Dynamics GP. White Paper

Benefits of Integrated Credit Card Processing Within Microsoft Dynamics GP. White Paper Benefits of Integrated Credit Card Processing Within Microsoft Dynamics GP White Paper May 2011 Copyright Copyright 2011 k-ecommerce. All rights reserved. Complying with all applicable copyright laws is

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard

More information

Verifone Enhanced Zone Router

Verifone Enhanced Zone Router Verifone Enhanced Zone Router July, 2015 The Necessity of an Enhanced Zone Router FUNDAMENTAL PART OF PCI-DSS COMPLIANCE, ENSURING CONSISTENT SUPPORT OF VASC, HELPDESK, & SERVICES POS Environment Needs

More information

PCI PA-DSS Implementation Guide

PCI PA-DSS Implementation Guide PCI PA-DSS Implementation Guide For Atos Worldline Banksys XENTA, Atos Worldline YOMANI and Atos Worldline YOMANI XR terminals using the Point SAPC Y01.01 Software (Stand Alone Payment Core) Version 1.10

More information

San Jose Airport PCI@SJC. Diane Mack-Williams SJC Airport Technology Services ACI NA San Diego, 15th October 2011

San Jose Airport PCI@SJC. Diane Mack-Williams SJC Airport Technology Services ACI NA San Diego, 15th October 2011 San Jose Airport PCI@SJC Diane Mack-Williams SJC Airport Technology Services ACI NA San Diego, 15th October 2011 Why PCI-DSS at SJC? SJC as a Service Provider Definition: Business entity that is not a

More information

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data

More information

Your Compliance Classification Level and What it Means

Your Compliance Classification Level and What it Means General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe

More information

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy Payment Card Industry - Data Security Standard () Security Policy Version 1-0-0 3 rd February 2014 University of Leeds 2014 The intellectual property contained within this publication is the property of

More information

Technical breakout session

Technical breakout session Technical breakout session Small leaks sink great ships Managing data security, fraud and privacy risks Tarlok Birdi, Deloitte Ron Borsholm, WTS May 27, 2009 Agenda 1. PCI overview: the technical intent

More information

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card

More information

PA-DSS Implementation Guide: Steps to ensure that your POS system is secure

PA-DSS Implementation Guide: Steps to ensure that your POS system is secure PA-DSS Implementation Guide: Steps to ensure that your POS system is secure About the PCI Security Standards The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible

More information

Parallels Plesk Panel

Parallels Plesk Panel Parallels Plesk Panel Copyright Notice Parallels Holdings, Ltd. c/o Parallels International GmbH Vordergasse 59 CH-Schaffhausen Switzerland Phone: +41-526320-411 Fax: +41-52672-2010 Copyright 1999-2011

More information

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

Simplêfy Client Support and Information Services. PCI Compliance Guidebook Simplêfy Client Support and Information Services PCI Compliance Guidebook Simplêfy, Inc. 301 Science Drive, Suite 280 Moorpark, CA 93021 Phone 888.341.2999 Fax 877.280.0885 Simplêfy is a Registered Trademark

More information

Integrating Credit Card Processing CLEAR

Integrating Credit Card Processing CLEAR Integrating Credit Card Processing CLEAR Objectives Non-Compatible Terminals Compatible Terminals Common Error Messages Steps on how to program a credit terminal PCI Compliant Businesses Credit Card processing

More information

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance

More information

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding

More information

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital

More information

Policies and Procedures

Policies and Procedures Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,

More information

Best Practices for PCI DSS V3.0 Network Security Compliance

Best Practices for PCI DSS V3.0 Network Security Compliance Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with

More information

Payment Application Data Security Standards Implementation Guide

Payment Application Data Security Standards Implementation Guide Payment Application Data Security Standards Implementation Guide 062212 PADSS 2012 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means,

More information

Recent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2

Recent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2 Recent Developments in PCI DSS PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2 1 2009 Breach Investigation Who did it? 74% external parties 20% insiders 32% implicated business partners

More information

A Rackspace White Paper Spring 2010

A Rackspace White Paper Spring 2010 Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry

More information

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)

More information

PCI Compliance. Top 10 Questions & Answers

PCI Compliance. Top 10 Questions & Answers PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements

More information

Automating Compliance Reporting for PCI Data Security Standard version 1.1

Automating Compliance Reporting for PCI Data Security Standard version 1.1 PCI Compliance Reporting Solution Brief Automating Regulatory Compliance and IT Best Practices Reporting Automating Compliance Reporting for PCI Data Security Standard version 1.1 The PCI Data Security

More information

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration

More information

Josiah Wilkinson Internal Security Assessor. Nationwide

Josiah Wilkinson Internal Security Assessor. Nationwide Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges

More information