Achieving Certified PCI Compliance? Tuesday, May 6, 2008
|
|
- Corey Sharp
- 8 years ago
- Views:
Transcription
1 Achieving Certified PCI Compliance? Tuesday, May 6, :45 am 10:45 am
2 COPYRIGHT NOTICE The copyright law of the United States t (Title 17, United States t Code) governs the making of photocopies or other reproduction of copyrighted material. Under certain conditions specified in the law, libraries and archives are authorized to furnish a photocopy or other reproduction. One of these specified conditions is that the photocopy or reproduction is not to be "used for other purpose than private study, scholarship hi or research." If a user makes a request for, or later uses, a photocopy or reproduction for purposes in excess of "fair use," that person may be liable for copyright infringement. DISCLAIMER The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of Convenience Stores. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, shall not constitute or imply an endorsement, recommendation, or support by the National Association of Convenience Stores. The National Association of Convenience Stores makes no warranty, express or implied, nor does it assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process described in these materials.
3 Delivering fully managed, PCI compliant networks to C-Store/Petroleum, Retail, Restaurant, Healthcare and Financial customers by integrating secure, nationwide broadband access to a pure MPLS+ core without public Internet infrastructure for transport DAN GLENNON SVP, Marketing and Strategy dan.glennon@cybera.net CYBERA
4 Barrie VanBrackle Partner Manatt, Phelps & Phillips, LLP
5 PCI S IMPACT MERCHANT AGREEMENT 1) From the legal perspective: p As a merchant accepting credit/debit cards, you are required to be in compliance with the payment card industry data security standards, d as set forth in your merchant agreement RAMIFICATIONS OF NON COMPLIANCE: a) termination of agreement (MATCH list) b) fines/penalties
6 MERCHANT AGREEMENT, con. 2) if you are not in compliance with PCI, and a data breach occurs, in addition to obligations under your merchant agreement, what obligations do you have under state law? RAMIFICATIONS OF NON COMPLIANCE: a) fines/penalties under state law (which may track PCI requirements for example, Texas Identity Theft and Enforcement and Protection Act, which requires businesses to (1) implement and maintain reasonable procedures to protect and safeguard from unlawful use or disclosure any sensitive personal information that it collected or maintained in the regular course of business and (2) destroy or arrange for the destruction of its customer records containing sensitive personal information within its control that were not retained by it). b) potential for fines/penalties under federal (FTC) law
7 MERCHANT AGREEMENT, con. 3)occurrences of being considered certified compliant and still have a data breach/pci violations a) potential of mitigating factors b) ability to negotiate with ih acquiring bank/service provider/state/ftc /FTC
8 George Medairy Director Corporate IT Sheetz, Inc
9 The Keys to Ahi Achieving i PCI Compliance Knowledge Pi Prioritizationiti Communication Security is an Ongoing Process I will be at the Conference I would be glad to discuss in more detail any questions you have.
10 Knowledge is a Key Know your Systems Know the Regulations Know your Challenges From card swipe to authorization, YOU are responsible for protecting the card data. There are 12 main sections, 207 subsections and 250 testing procedures for the 2007 version of PCI. There is more than 1 way to solve every problem. Challenge your team and auditors to achieve compliance.
11 Put First Things First Encryption/Storage Protection Documentation When in doubt encrypt it ALL. If you do not need it, DO NOT STORE IT. If you store it keep it encrypted. Firewall and SEGMENT whenever and wherever possible. Document every process.
12 Communicate Executives Staff Members A Compelling Event for CHANGE Compliance is a BIG DEAL. The fines can be very large. The CEO and other Management should be kept in the loop of ALL remediation efforts. Your entire team will most likely be involved. Get them engaged early and make it a priority. Most of us can use a compelling event to make change happen. USE this event to make positive change in your environment. Blame VISAfor the upheaval!
13 Security is an Ongoing Process Create a Security Team Work on it Every Day Maintain Momentum Remediation efforts can be extensive. 1 or more dedicated individuals are required. This is NOT a part time position. Remediation efforts can be expensive. You can NOT afford to fall out of compliance after spending time and money to get there. Once started, these efforts can make your IT shop much better at other initiatives.
14 Achieving PCI Compliance Partner with the Right VENDORS A partial list of the various vendors we have used to assist us with PCI related tasks: ISS (Internet Security Systems IBM) auditors Secure State Consulting Services RS2 Access Control / Badging Cisco Systems networking Tipping Point Intrusion Prevention Systems Checkpoint/Nokia Firewalls Solutionary Intrusion Detection Systems TripWire Change Control TruComply Knowledge Database Documentation Repository BitArmor File level Encryption CA Spectrum Network Analysis Documentation Kaspersky Anti Virus E DMZ Access Control Authentication Patch Link Patching Applications Security Metrics Penetration Testing
15 Lynn Call Vice President, CIO Maverik, Inc.
16 Simplify the Process Reasons for Maverik s Success Narrow the scope -- Get educated ll hb d d d d f k Purge all prohibited credit card data from your network If the data is not present It s not in scope!
17 Simplify the Process Reasons for Maverik s Success Secure the right partners. Identify weaknesses inside of your organization (SWAT Analysis) and secure 3 rd party experts in those areas. Maverik s Weaknesses: Policy management (TruComply) py) Centralized Logging and IDS (Trigeo) File Integrity (Tripwire) Firewall and VPN (Cisco) Ability to self scan (Nessus)
18 Simplify the Process Reasons for Maverik s Success Get Executive Team Buy In Help them understand the consequences of non compliance. Assign a project manager and assemble your team. Have a representative from all areas of your company Create a partnership with your audit firm. Schedule weekly meetings and lean on them for support. They can be a huge asset if used properly (TrustWave)
19 Simplify the Process Be Prepared dfor a Few Large Scale Implementations ti that t will illtake Time: POS System Upgrade (Radiant Systems) Back office System (Radiant Systems) Credit Appliance (Radiant EPC II & III) Centralized Credit Switch (ISD) IDS, Version Control, etc. at each site Summary: Simplify the process by doing the following. Narrow your scope. Purge all unnecessary data. Understand your weaknesses and secure 3 rd party experts in those areas. Assemble your team and rely heavily on your audit partner.
20 Payment Card Security in the Convenience Store Industry Jeff Wakefield Vice President of Marketing Integrated Systems
21 100% Degree of Security 0% Retail Restaurants Gas Stations Organized Crime Focus Using a credit card at a gas station could pose more of a risk for data theft than shopping online, as point of sale of (POS) terminals at the pump have emerged as a weak link in the security chain Gartner Group
22 Fuel Island Vulnerability: Are You Protected? Organized crime rings are increasingly targeting merchants to obtain magnetic stripe data ( track data ) and Personal Identification Numbers ( PINs ).Recently,these PINs). these attacks have focused on Automated Fuel Dispensers ( AFDs ) typically found at gasoline stations. Visa Business Review
23 Cardholder Security s Biggest Problem The Payment System Requires Sensitive Data We Are Building Higher Walls & Wider Moats As Long As The Gold ldis There, Criminals Ci i Will Target Retail Locations An Industry wide Initiativeis is Required to Eliminate Data That Has Criminal Value
24 Payment System Vulnerabilities PIN Pad Tampering Skimmers Overhead Cameras Rogue Applications Wireless Access To Corporate Network Network Access SQL Injection Unencrypted Data Network Access Chargeback Files Automated Fuel Dispensers Wireless Terminals Web Site Host Servers Merchant Acquirers Card Issuers Payment Terminals PIN Pad Tampering Skimmers Overhead Cameras Rogue Applications POS Terminals Credit Card Data MSR Track Data TLog Files Reports Data Unauthorized Network Access Passwords Store Servers Network Intrusion Unsecured Ports Credit Card Data MSR Track Data TLog Files Reports Data Unauthorized Network Access Passwords
25 End to End Encryption is Required Automated Fuel Dispensers Wireless Terminals Web Site Host Servers Merchant Acquirers Card Issuers Payment Terminals Store Servers POS Terminals All PAN and Track Data is encrypted through out your system = Increased Security = No Compromises = Safe Consumer Info = Reduced PCICostsCosts
26 TDES Required at the Fuel Dispenser C Store Contains the Debit Encryption Key; becomes obsolete when TDES is implemented at the AFD XDebit Security Module Site Controller Pump Interface Module Network or Processor POS TDES DCR TDES DCR POS D Box Centralizes all communications to and from the fuel dispenser DCRs Legend TDES Method of Encryption Required TDES DCR TDES DCR Underground d Fuel Storage Underground Tanks Fuel Storage Underground Tanks Fuel Storage Tanks Fuel Island Fuel Island
27 PIN Pad Security Best Practices 1. Weekly Visual Terminal Inspections 2. Serial Number Validation 3. Monitor Pin Pad Problems 4. Secure Terminal Storage 5. Terminal Asset Tracking 6. Repair Technician Verification & Log 7. Mount PIN Pads Securely to Counter 8. Electronic Serial Number Validation 9. Change Default PIN Pad Password 10. Purchase From Authorized Sources 11. Use Authorized Repair Centers 12. Develop a Response Plan!
28 Protect Your Customers Protect Your Business Assume You Have Been Targeted Implement a Layered Approach To Security Install PCI PED & TDES Payment Terminals and Fuel Payment Systems Encrypt Card Data As Soon As It Enters Your System at the Mag Stripe Reader
29 Thank you Barrie VanBrackle Lynn Call Manatt, Phelps & Phillips,LLP Maverik, Inc. George Medairy Sheetz, Inc Jeff Wakefield VeriFone, Inc.
Mitigating Card System Breaches. October 11, 2015 2:00 pm 2:50 pm
Mitigating Card System Breaches October 11, 2015 2:00 pm 2:50 pm Direct Costs of a Data Breach Indirect Costs of a Data Breach Objectives Technology arm of NACS Volunteers do the heavy lifting Create
More informationPIN Pad Security Best Practices v2. PIN Pad Security Best Practices
PIN Pad Security Best Practices Introduction The payment industry and card associations adopted PED and PCI PED requirements because of concerns that sophisticated criminal organizations may have the resources
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationNACS/PCATS WeCare Data Security Program Overview
NACS/PCATS WeCare Data Security Program Overview March 27, 2012 Abstract This document describes the WeCare Program, discusses common data security threats, outlines an 8-point plan to improve data security,
More informationIntroduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationWhy Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationPCI: It Never Ends. Why?
PCI: It Never Ends. Why? How to stay prepared? Shekar Swamy American Technology Corporation St. Louis, MO January 13, 2011 PCI compliance basics It s all about Data Security 12 major areas of compliance
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard
More informationCOLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationSymposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda
2010 Finance & Business Operations Symposium (FBOS) PCI Compliance Cort M. Kane COO, designdata Judy Durham CFO, NPES Kymberly Bonzelaar, Sr. VP Capital One Richard Eggleston, Sr. Project Director, TMAR
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationPAYMENT SECURITY. Best Practices
PAYMENT SECURITY Best Practices At VeriFone, the protection of cardholder information is a top priority. To ensure merchants have secure payment solutions for their customers, and to help protect merchants
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationPayment Technology Deep Dive. October 13, 2015 8:00 am 8:50 am
Payment Technology Deep Dive October 13, 2015 8:00 am 8:50 am Objectives Navigate the differences between loyalty and payment apps as well as consumer perceptions of both Familiarize with EMV compatible
More informationIntroduction to PCI DSS
Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationUniversity of Dayton Credit / Debit Card Acceptance Policy September 1, 2009
University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009 Effective Date of this Policy: August 1, 2008 Last Revision: September 1, 2009 Contact for More Information: UDit Internal Auditor
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationHow To Comply With The New Credit Card Chip And Pin Card Standards
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
More informationWebinar - Skimming and Fraud Protection for Petroleum Merchants. November 14 th 2013
Webinar - Skimming and Fraud Protection for Petroleum Merchants November 14 th 2013 Disclaimer The information or recommendations contained herein are provided "AS IS" and intended for informational purposes
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationHow To Plan For A Mobile Payment System
Mobile Payment Solutions October 11, 2015 3:05 pm 3:55 pm Moderator Speakers Doug New CIO Tedeschi Food Shops, Inc Ed Collupy Executive Consultant W. Capra Consulting Firm Doug Rodewald Partner W. Capra
More informationTechnical breakout session
Technical breakout session Small leaks sink great ships Managing data security, fraud and privacy risks Tarlok Birdi, Deloitte Ron Borsholm, WTS May 27, 2009 Agenda 1. PCI overview: the technical intent
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationPCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement
More information05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
More informationPolicy for Protecting Customer Data
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationPCI DSS: An Evolving Standard
White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security
More informationPCI Compliance in Multi-Site Retail Environments
TECHNICAL ASSESSMENT WHITE PAPER PCI Compliance in Multi-Site Retail Environments Executive Summary As an independent auditor, Coalfire seeks to be a trusted advisor to our clients. Our role is to help
More informationPCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More information8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year
Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationAchieving Compliance with the PCI Data Security Standard
Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),
More informationIntroduction to. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationPayment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
More informationSellWise User Group. Thursday, February 19, 2015
SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User
More informationThis policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
More informationA PCI Compliant Outdoor Payment Terminal For Automated Fuel Dispensers
A PCI Compliant Outdoor Payment Terminal For Automated Fuel Dispensers Security Vulnerability Are you protected? Organized crime rings are increasingly targeting merchants to obtain magnetic stripe data
More informationDon Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer
Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationSecurityMetrics Vision whitepaper
SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More informationPLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01
PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationPolicies and Procedures
Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,
More informationNeed to be PCI DSS compliant and reduce the risk of fraud?
Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction
More informationPCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson Overview What is PCI? MCCS Compliance PCI DSS Technical Requirements MCCS Information Security Policies
More informationRecent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2
Recent Developments in PCI DSS PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2 1 2009 Breach Investigation Who did it? 74% external parties 20% insiders 32% implicated business partners
More informationFrequently Asked Questions
Contents CISP Program Overview... 2 1. To whom does CISP apply?...2 2. What does VISA define as "cardholder data"?...2 3. What if a merchant or service provider does not store Visa cardholder data?...2
More informationVisa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices
This document is to be used to verify that a payment application has been validated against Visa U.S.A. Payment Application Best Practices and to create the Report on Validation. Please note that payment
More informationMinnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.10 Payment Card Industry Technical Requirements
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements
More informationSecurity. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities
One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes
More informationFailure to follow the following procedures may subject the state to significant losses, including:
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
More informationData Security for the Hospitality
M&T Bank and SecurityMetrics Present: Data Security for the Hospitality Industry Featuring Lee Pierce, SecurityMetricsStrategicStrategic Accounts Dave Ellis, SecurityMetrics Forensic Investigator Doug
More informationPCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office
PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants UT System Administration Information Security Office Agenda Overview of PCI DSS Compliance versus Non-Compliance PCI
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationPCI DSS 3.1 and the Impact on Wi-Fi Security
PCI DSS 3.1 and the Impact on Wi-Fi Security 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2015 AirTight Networks, Inc. All rights reserved. Table of Contents PCI
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationEnforcing PCI Data Security Standard Compliance
Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security & VideoSurveillance Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 The
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationProtecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems
Page 1 of 5 Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems In July the Payment Card Industry Security Standards Council (PCI SSC) published
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationPayment Card Industry - Achieving PCI Compliance Steps Steps
CUR RITY SE Data Security Requirements for K-12 January 28, 2010 Payment Card Industry (PCI) SE CUR RITY 1 Welcome To Join The Voice Conference Dial 866-939-3921 Technical issues press 0 Q & A We ll leave
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More informationCustomer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics
Customer PCI 3.0 Changes = New Opportunity For You Giles Witherspoon-Boyd SecurityMetrics Who is this guy? Giles Witherspoon-Boyd, PCIP 15 years in technology, 4 years at SecurityMetrics SecurityMetrics
More informationWhite Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers
White Paper Guide to PCI Application Security Compliance for Merchants and Service Providers Contents Overview... 3 I. The PCI DSS Requirements... 3 II. Compliance and Validation Requirements... 4 III.
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationPCI Compliance Workshop. NACS PEI October 21, 2009 10:45 a.m. 11:45 a.m.
PCI Compliance Workshop NACS PEI October 21, 2009 10:45 a.m. 11:45 a.m. Presenters Scott McDowell, Director of Marketing, Dispenser Applications, Gilbarco Veeder-Root Mike Tyler, Director of Marketing,
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationOpenEdge Research & Development Group April 2015
2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The
More informationIdentifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public
Identifying Security Issues in the Retail Payment System Federal Reserve Bank Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. June 5, 2008 Agenda 1. The Data Security Landscape 2. Recent Trends
More informationWhite Paper. Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance
White Paper Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance Executive Overview
More informationVisa Inc. PIN Entry Device Requirements
Visa Inc. PIN Entry Device Requirements The following information is applicable for Visa Inc. regions. Visa Inc. regions include Asia-Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA);
More informationThe Petroleum Marketer s PCI compliance Reference Guide
The Petroleum Marketer s PCI compliance Reference Guide 1. Become familiar with the 12 standards of card data security: Build and maintain a secure network Requirement 1 Install and maintain a firewall
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationHow To Control Credit Card And Debit Card Payments In Wisconsin
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
More informationPA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing
for Sage MAS 90 and 200 ERP Credit Card Processing Version 4.30.0.18 and 4.40.0.1 - January 28, 2010 Sage, the Sage logos and the Sage product and service names mentioned herein are registered trademarks
More informationWestpac Merchant. A guide to meeting the new Payment Card Industry Security Standards
Westpac Merchant A guide to meeting the new Payment Card Industry Security Standards Contents Introduction 01 What is PCIDSS? 02 Why does it concern you? 02 What benefits will you receive from PCIDSS?
More informationData Security Standard (DSS) Compliance. SIFMA June 13, 2012
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance SIFMA June 13, 2012 EisnerAmper Consulting Services Group Overview of EisnerAmper Fifth fhlargest accounting firm in the Metro New York
More information