Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)
|
|
- Joan Boyd
- 8 years ago
- Views:
Transcription
1 Postbank P.O.S. Transact GmbH (now EVO Kartenakzeptanz GmbH) has recently been purchased by EVO Payments International Group Program implementation details for merchants Payment Card Industry Data Security Standard (PCI DSS) 1
2 Introduction In view of the rising number of instances of credit card fraud, credit card organizations MasterCard International and Visa International have respectively initiated programs named MasterCard Site Data Protection (SDP) and Visa Account Information to increase security during saving, processing and/or relay of card data. The credit card organizations have requested acquirers (merchant banks) to prove that you and your service provider have taken appropriate technical and organizational security measures which prevent card data from being compromised. These programs are intended for service providers and merchants who save, process and/or relay card data using your own systems. If card data (governed by an E-commerce, MOTO or POS acceptance contract) are compromised, this could give rise to significant damage claims by the operators of the payment systems and acquirers. Consequently, you and your service provider must provide proof of having taken appropriate technical and organizational measures to protect card, transaction and account data against misuse and unauthorized access. In December 2004 (MasterCard) and February 2005 (Visa), the payment systems hitherto discrete technical requirements were merged to form the Payment Card Industry (PCI) Data Security Standard. In April 2008, the PCI DSS was supplemented by software evaluation according to the PCI Payment Application Data Security Standard (PA DSS), Version 1.2. In September 2006, the companies American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced the founding of an independent body named PCI Security Standards Council (PCI SSC). This council is responsible for advancing the Payment Card Industry Data Security Standard (PCI DSS). In October 2008, the PCI SSC updated PCI DSS Version 1.1 to PCI DSS Version 1.2. As of , certification according to the old Version 1.1 of the standard is no longer accepted. The standard s new version comprises PCI DSS Requirements and Security Assessment Procedures, 1.2 (release: October 2008) PCI DSS Self-Assessment Questionnaire, 1.2 (release: October 2008) PCI DSS Security Scanning Procedures, 1.1 (release: September 2006) PA DSS Requirements and Security Assessment Procedures, 1.2 (release: October 2008) This version can be found at: 2
3 To prove compliance with the programs, you are subject to the following actions depending on your category (described further below): You perform an initial evaluation of your security measures using a PCI DSS Self-Assessment Questionnaire. This questionnaire must be newly filled out on an annual basis. Every year, the Internet interface operated by the merchant (if relevant) undergoes four PCI DSS Security Scans intended to detect weak points susceptible to attacks. Conformance to security requirements is examined on location through a PCI DSS Security Audit. Level 1: - Regardless of the distribution channel (POS, MOTO or E-commerce), all merchants who annually handle more than 6 million transactions with MasterCard or Visa - All merchants who have been targets of data compromise and misuse - All merchants assigned to Level 1 on the basis of another credit card brand - All merchants assigned to this category following assessment by MasterCard or Visa with the intention of minimizing risk to payment systems The table below provides an overview of the security checks required in accordance with the number of performed transactions. Categorization according to MasterCard 1 and Visa 2 is based on the following criteria: 1 According to MasterCard Global Security Bulletin No. 1, 14 th January According to Visa Member Letter EU 06/05, 2 nd February 2005 Merchant category Self Assessment Security Scan Security Audit Level 1 4 x annually 1 x annually Level 2 1 x annually 4 x annually 1 x annually* Level 3 1 x annually 4 x annually Level 4 1 x annually 4 x annually * Requirement for MasterCard 3
4 Level 2: - Regardless of the distribution channel (POS, MOTO or E-commerce), all merchants who annually handle 1 million to 6 million transactions with MasterCard or Visa - All merchants assigned to Level 2 on the basis of another credit card brand Level 3: - All merchants handling 20,000 to 1 million transactions with MasterCard or Visa - All merchants assigned to Level 3 on the basis of another credit card brand Increased data protection for your customers Higher level of customer confidence, potentially resulting in greater credit card usage and turnover High protection against security breaches which would lead to financial damage and claims for compensation Safeguarding of corporate image Evaluations of the security of systems for saving, processing and relaying data on credit card owners Lower entrepreneurial risk through minimization and avoidance of data disclosure Lower costs of PCI Compliance through structured networks Level 4: - All merchants handling less than 20,000 transactions with MasterCard or Visa, and not assigned to Level 1, 2 or 3 The individual steps involved in providing proof of PCI Compliance are described next. Compliance Validation by means of the PCI questionnaire, PCI Security Scans and PCI Security Audits is performed by accredited partners (PCI Qualified Security Assessor and PCI Approved Scanning Vendor) of the credit card organizations. Advantages of PCI DSS for merchants: The binding rules of PCI DSS enhance IT security and help prevent fraud. The added security during processing of payment cards in compliance with PCI provides the following benefits in particular: Procedure Important! As a Postbank P.O.S. Transact GmbH contracted merchant, you will have received a notification with information for accessing Postbank P.O.S. Transact s PCI DSS platform. Please register yourself on the platform and check the master data stored there for your company. After that, please follow the instructions and platform s integrated help utility to demonstrate your PCI compliance. 4
5 Registering on the PCI DSS platform Merchant classification SAQ Selection Wizard Completing the SAQ Self Assessment Questionnaire (Level 4) Self Assessment Questionnaire (Level 2-3) Self Assessment Questionnaire (Level 1 obligatory) Security Scan (Level 4) Security Scan (Level 2-3) Security Scan (Level 1) Security Audit (Level 1) Reporting PCI Compliance Validation 5
6 Electronic online questionaire/pci DSS Self-Assessment Questionnaire Merchants (Levels 2-4 ) must annually assess their technical and organizational measures by responding to online PCI Self- Assessment Questionnaires prepared for this purpose. Covering all six areas of the PCI Data Security Standard, the questions examine compliance with twelve requirements: IV. Implement Strong Access Control Measures 7 th requirement: Restriction of access to data according to the need-to-know principle 8 th requirement: Assignment of unique IDs to all persons with computer access 9 th requirement: Restriction of physical access to card owner data I. Build and Maintain a Secure Network 1 st requirement: Establishment and maintenance of a firewall for data protection 2 nd requirement: Modification of the default system-passwords and other security parameters issued by the merchant V. Regularly Monitor and Test Networks 10 th requirement: Tracking and monitoring of all access to network resources and card owner data 11 th requirement: Regular testing of security systems and processes II. Protect Cardholder Data 3 rd requirement: Protection of saved data 4 th requirement: Encrypted transmission of card owner data and other sensitive information via public networks III. Maintain a Vulnerability Management Program 5 th requirement: Use and regular updating of anti-virus programs 6 th requirement: Development and maintenance of secure systems and applications VI. Maintain an Information Security Policy 12 th requirement: Maintenance of an information security policy The questionnaire is used for self-assessment of compliance with the PCI Data Security Standard. 6
7 PCI DSS Security Scan Security Scans are meant to reveal shortcomings in the investigated system s architecture and configuration. Intruders could exploit such shortcomings in order to steal credit card data. An accredited PCI certifier performs PCI Security Scans in compliance with the requirements laid down in PCI Security Scanning Procedures. Non-intrusive and non-destructive, these scans do not affect the availability or integrity of the target systems. Instead, the scans involve sending ordinary requests to the target systems essentially without disrupting their proper operations. An appointment for a PCI Security Scan is agreed with you in advance. The PCI Security Scan is subsequently performed using standardized and defined PCI DSS Security Scanning Procedures. You receive the results of the PCI Security Scan in a report written in English. Formulated according to PCI DSS specifications, the report rates each detected shortcoming by assigning it to one of five categories (ranging from low to urgent ). The scan is meant to systematically reveal all weak points and deficiencies which could permit the system to be infiltrated. If the PCI Security Scan performed according to the PCI Security Scanning Procedures yields less than satisfactory results, you as the merchant must take appropriate measures for improving the shortcomings. A new PCI Security Scan is then performed to ascertain whether your measures were effective. Via the Internet, the systems are examined for possible shortcomings by means of Security Scanners and manual analyses. The employed tools check for deficiencies in network components, operating systems and applications. 1 procedures_v1-1.pdf 7
8 PCI DSS Security Audit The PCI Security Audit comprises a check on-location for adherence to the PCI Data Security Standard. As part of the Security Audit, merchants categorized as Level 1 are subjected to additional tests described later on. Preparation for a PCI Security Audit involves the following steps: 1. Formal application for obtaining the service from a certifier and provisional agreement of an appointment for a PCI Security Audit. 2. Delivery of documents for performing the Security Audit: The PCI certifier delivers documents titled PCI Data Security Audit Procedures and Reporting and Guideline for the preparation of the PCI security audit in electronic form to the customer. At the same time, the certifier issues a password and a public PGP-key for safeguarding future communications. 3. An electronic online PCI Self-Assessment Questionnaire is released so that the customer can carry out an initial, optional assessment of their PCI-Compliance. Step 2: Security Audit on-location As part of the PCI Security Audit, the certifier carries out random, in-situ checks of the details confirmed in writing by the merchant in a document titled PCI Data Security Standard Requirements and Security Assessment Procedures. Covering all six areas of the PCI Data Security Standard, the check includes: Scrutinizing the business model Examining how card transactions are performed with the employed IT systems (data flow) Conducting interviews with staff, especially those who - perform security functions at the company - have access to card data - are responsible for maintaining and operating systems used to save, process or relay card data Viewing log files of relevant applications Inspecting relevant rooms such as the server room, the computer centre, etc. If you have implemented security solutions which differ from the measures mentioned on the checklist ( Compensating Controls ), the certifier will assess their suitability and conformance to the PCI Data Security Standard. Step 1: Evaluating the information The required information is submitted to the certifier no later than two weeks before the agreed Security Audit. 8
9 Step 3: Report draft The certifier prepares an informal report of the audit results on the basis of the document titled PCI Data Security Standard Requirements and Security Assessment Procedures, and discusses the results with you. Step 4: Provisional version of the report Following mutual consultation, the certifier incorporates your feedback into the report draft and submits it to the payment systems. The payment systems review the draft and return it, accompanied by their own comments, to the certifier. Step 5: Final version of the report Taking into consideration the comments issued by the payment systems, the certifier amends the audit report and sends the final version to you as well as the payment systems. If you have any questions relating to the Postbank Service Agreement for Card Acceptance, please do not hesitate to contact: Postbank Service Kartenakzeptanz Nürnberg, Germany Phone: Fax:
La règlementation VisaCard, MasterCard PCI-DSS
La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security
More informationPayment Card Industry Data Security Standards.
Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationHow To Protect Your Business From A Hacker Attack
Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More informationHow To Comply With The Pci Ds.S.A.S
PCI Compliance and the Data Security Standards Introduction The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of
More informationWhat are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:
What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationYour guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)
Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions Version 5.0 (April 2011) Contents Contents...2 Introduction...3 What are the 12 key requirements of
More informationPCI Security Compliance
E N T E R P R I S E Enterprise Security Solutions PCI Security Compliance : What PCI security means for your business The Facts Comodo HackerGuardian TM PCI and the Online Merchant Overview The Payment
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationPCI Overview. PCI-DSS: Payment Card Industry Data Security Standard
PCI-DSS: Payment Card Industry Data Security Standard Why is this important? Cardholder data and personally identifying information are easy money That we work with this information makes us a target That
More informationDon Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer
Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationMerchant guide to PCI DSS
Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does
More informationPCI DSS. CollectorSolutions, Incorporated
PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationPCI Standards: A Banking Perspective
Slide 1 PCI Standards: A Banking Perspective Bob Brown, CISSP Wachovia Corporate Information Security Slide 2 Agenda 1. Payment Card Initiative History 2. Description of the Industry 3. PCI-DSS Control
More informationPayment Card Industry Data Security Standard
Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card
More informationComodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business
Comodo HackerGuardian PCI Security Compliance The Facts What PCI security means for your business Overview The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements intended
More informationVaronis Systems & The Payment Card Industry Data Security Standard (PCI DSS)
CONTENTS OF THIS WHITE PAPER Overview... 1 Background... 1 Who Needs To Comply... 1 What Is Considered Sensitive Data... 2 What Are the Costs/Risks of Non-Compliance... 2 How Varonis Helps With PCI Compliance...
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationIT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER
July 9 th, 2012 Prepared By: Mark Akins PCI QSA, CISSP, CISA WHITE PAPER IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD PCI DSS for Merchants The Payment
More informationPCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
More informationPayment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions
PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationPC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA
PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More informationWorldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)
Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.
More informationAdyen PCI DSS 3.0 Compliance Guide
Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationAn article on PCI Compliance for the Not-For-Profit Sector
Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector
More informationHow To Protect Visa Account Information
Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer
More informationCHEAT SHEET: PCI DSS 3.1 COMPLIANCE
CHEAT SHEET: PCI DSS 3.1 COMPLIANCE WHAT IS PCI DSS? Payment Card Industry Data Security Standard Information security standard for organizations that handle data for debit, credit, prepaid, e-purse, ATM,
More informationSecurity Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments
Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationComplying with PCI is a necessary step in safely accepting Payment Cards.
What Every Director Needs to Know About Credit Cards & Patron Privacy Complying with PCI is a necessary step in safely accepting Payment Cards. Know the Risks! Some Interesting Facts: 94% of data breaches
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationWhy Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
More informationPCI DSS Overview. By Kishor Vaswani CEO, ControlCase
PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key
More informationPCI Compliance for Large Computer Systems
PCI Compliance for Large Computer Systems Jeff Jilg, Ph.D. atsec information security August 3, 2010 3:00pm Session 6990 About This Presentation About PCI assessment Structure and requirements of the program
More information* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationPayment Card Industry Data Security Standards Compliance
Payment Card Industry Data Security Standards Compliance Please turn off, or to vibrate, all cell-phones/electronics Expected course length: 1 Hour Questions are welcomed. Who Created It? & What Is It?
More informationHow To Become A Pca Compliant Organization
Compliance Management Merchant Guide 2012 Stay Clear Of Fraud Are You Concerned About Data Security Risks? Security is a duty. Companies should remember that they are being trusted by consumers with their
More informationPCI Compliance: Protection Against Data Breaches
Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationCOLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6
1. Procedure Title: PCI Compliance Program COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 2. Procedure Purpose and Effect: All Colorado State University departments that accept credit/debit
More informationPCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants
Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationQ: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationIntroduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationThis appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationPCI COMPLIANCE GUIDE For Merchants and Service Members
PCI SAQ C-VT PCI COMPLIANCE GUIDE For Merchants and Service Members PCI DSS v2.0 SAQ CVT Merchant Guide 1 Contents Contents... 2 Introduction... 3 Defining an SAQ C Merchant... 3 REQUIREMENTS FOR SAQ-VT...
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationPAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW
PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp
More informationPCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
cliftonlarsonallen.com PCI Compliance What is New in Payment Card Industry Compliance Standards October 2015 Overview PCI DSS In the beginning Each major card brand had its own separate criteria for implementing
More informationCyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
More informationAchieving Compliance with the PCI Data Security Standard
Achieing Compliance with the PCI Data Security Standard Alex Woda 1 Agenda PCI Security Compliance Background Security Breaches - How do they happen? Oeriew of the Security Standards 10 Best Practices
More informationNet Report s PCI DSS Version 1.1 Compliance Suite
Net Report s PCI DSS Version 1.1 Compliance Suite Real Security Log Management! July 2007 1 Executive Summary The strict requirements of the Payment Card Industry (PCI) Data Security Standard (DSS) are
More informationP R O G R E S S I V E S O L U T I O N S
PCI DSS: PCI DSS is a set of technical and operational mandates designed to ensure that all organizations that process, store or transmit credit card information maintain a secure environment and safeguard
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More information05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
More informationAchieving Compliance with the PCI Data Security Standard
Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),
More informationAre You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? Fiona Pattinson, SHARE: Seattle 2010
Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? Fiona Pattinson, SHARE: Seattle 2010 atsec information security, 2010 About This Presentation About PCI assessment
More informationAnd Take a Step on the IG Career Path
How to Develop a PCI Compliance Program And Take a Step on the IG Career Path Andrew Altepeter Any organization that processes customer payment cards must comply with the Payment Card Industry s Data Security
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationPDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)
PDQ has created an Answer Guide for the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C to help wash operators complete questionnaires. Part of the Access Customer Management
More informationSecurityMetrics Introduction to PCI Compliance
SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationICCCFO Conference, Fall 2011. Payment Fraud Mitigation: Securing Your Future
ICCCFO Conference, Fall 2011 Payment Fraud Mitigation: Securing Your Future Presented by: Brian Irwin, CTP Vice President Fifth Third Bank Commercial Treasury Management And Claire Dittrich Executive Consultant-
More informationPROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN
PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information
More informationPCI DSS. Payment Card Industry Data Security Standard. www.tuv.com/id
PCI DSS Payment Card Industry Data Security Standard www.tuv.com/id What Is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is the common security standard of all major credit cards brands.the
More informationPCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationPCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION. Suresh Dadlani, ControlCase
PCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION Suresh Dadlani, ControlCase About Vietnam Google search 2 Population 86 Mn Urban Population 25 Mn, approx 30% -
More informationVISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)
VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security
More informationBendigo and Adelaide Bank Ltd Security Incident Response Procedure
Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Table of Contents 1 Introduction...1 2 Incident Definition...2 3 Incident Classification...2 4 How to Respond to a Security Incident...4
More informationPayment Card Industry Data Security Standard (PCI DSS) v1.2
Payment Card Industry Data Security Standard (PCI DSS) v1.2 Joint LA-ISACA and SFV-IIA Meeting February 19, 2009 Presented by Mike O. Villegas, CISA, CISSP 2009-1- Agenda Introduction to PCI DSS Overview
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationAchieving PCI Compliance for Your Site in Acquia Cloud
Achieving PCI Compliance for Your Site in Acquia Cloud Introduction PCI Compliance applies to any organization that stores, transmits, or transacts credit card data. PCI Compliance is important; failure
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationPCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationPCI Compliance : What does this mean for the Australian Market Place? Nov 2007
Sense of Security Pty Ltd (ABN 14 098 237 908) 306, 66 King St Sydney NSW 2000 Australia Tel: +61 (0)2 9290 4444 Fax: +61 (0)2 9290 4455 info@senseofsecurity.com.au PCI Compliance : What does this mean
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More information