1 The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development
2 Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards 2. What is PCI-DSS and 3 Ways it Differs From HIPAA 3. Various PCI "Merchant" Classification Levels and Implications 4. How Does Your Data Get Stolen? 5. Cost of Non-Compliance vs. Compliance 6. DIY vs. Outsource: Audits, Concerns, Risk, Data Storage concerns 7. Creating a Compliance Roadmap for Your Institution in 7 Simple Steps
3 Initial Questions? By a show of hands How many of you are responsible for or are involved in processing credit cards for your organization? How many of you write down patient credit card numbers to process at a later time? How many of you store credit card numbers for clients? How many are familiar with the term PCI DSS? How many of your organizations are PCI DSS compliant?
4 Payment Data Security History Payment Card Industry Security Standards Council Founded in 2006 Compliance areas for Healthcare PCI-DSS PA-DSS Oversee standards for the industry for handling credit card data Web site - Represented by all major credit card companies American Express: Discover : JCB International: MasterCard: Visa:
5 What is PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Credit Card processing only, not electronic check at this time (NACHA) This is the global data security standard that ANY business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. Encompasses compliant processing of credit card payments made by: Mail Phone CSR or automated Web site POS Devices Kiosk OTC
6 PCI DSS Requirements Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications
7 PCI DSS Requirements Cont. Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need-toknow Requirement 8: Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses information security BEST POLICY DO NOT STORE CREDIT CARD DATA!
8 What is PA-DSS Compliance? PA-DSS relates to secure processing for Payment Application compliance. Your organization purchases and installs a third party piece of payment hardware or software in your environment that processes credit card related data and the vendor you purchased from is responsible for PA-DSS compliance. Requirements for the vendor Their responsibility not yours!: 1. Do not retain full magnetic stripe, card validation, code or value, or PIN block data. 2. Protect stored cardholder data. 3. Provide secure authentication features. 4. Log payment application activity. 5. Develop secure payment applications. 6. Protect wireless transmissions. 7. Test payment applications to address vulnerabilities. 8. Facilitate secure network implementation. 9. Cardholder data must never be stored on a server connected to the internet. 10. Facilitate secure remote software updates. 11. Facilitate secure remote access to payment application. 12. Encrypt sensitive traffic over public networks. 13. Encrypt all non-console administrative access. 14. Maintain instructional documentation and training programs for customers, resellers, and integrators.
9 Differences from HIPAA Source: Juniper Networks: WHITE PAPER - Healthcare and Compliance The New Reality August 2010
10 Differences from HIPAA Isn t it enough to be HIPAA compliant? Must I be PCI compliant, too? Please keep in mind that HIPAA is not about the privacy and protection of data; it s about the portability and accountability of patient data. That data includes financial records as well and all too often, that data is not adequately protected. Is a financial data breach as serious as a patient health data breach? Any data breach is serious. Under the PCI DSS, an organization that does not perform due diligence with respect to protecting data faces not only onerous fines but also the loss of card-processing rights. Imagine telling a patient (as you are required to do), We do not accept credit cards for payment because we ve experienced a data breach. The negative publicity alone would be devastating. Why do you merge HIPAA and PCI compliance solutions together? Any PCI breach is now a HIPAA violation as well. So it simply makes sense to offer the whole HIPAA/PCI solution. Source:
11 Merchant Levels (VISA) Level Description 1 Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year. 2 Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year. 3 Any merchant processing 20,000 to 1,000,000 Visa e- commerce transactions per year. 4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year Source:
12 Verizon 2011 Study Verizon study states that majority of breaches in 2011 were level 3 and level 4 merchants that were not compliant! 855 companies Source:
13 Verizon 2011 Study
14 Most Common Breach Methods
15 EMPLOYEES!!! Source:
16 EMPLOYEES!!! Source:
17 EMPLOYEES!!! From:4/10/2012 Gulf News.com Two hospital employees arrested on credit card fraud charges Sharjah: Police on Monday arrested two men who worked at a private hospital in Sharjah for allegedly stealing credit card information from patients to make online transactions. An official at the Criminal Investigation Department (CID) at Sharjah Police said that one suspect worked as an accountant while the other was employed as a janitor, although he declined to reveal the name of the hospital involved in the case. "The two men stole the information of credit cards that were used by patients while they paid for the hospital bills, so that they could buy expensive cameras, mobile phones, watches and electronic items on the internet," said the CID official, pointing out that the suspects, both Filipinos, were charged with several counts of fraud, theft, forgery and deception..
18 Lack of Knowledge Lack of knowledge of PCI and proper handling credit card data Writing down credit cards Storing Card Security Code/Magnetic Strip Data Storing data in unencrypted files on servers Fax of information credit card data Not completing annual self assessments Recording phone conversations and keeping them unencrypted No internal policy on card data management Lack of understanding of difference from HIPAA Storing credit cards in a locked safe for recurring payments
19 Web Site Compromise No SSL encryption on the web site and form is collecting sensitive data
20 Stolen Device Most Frequently Reported: 6/2/2012 Howard University Hospital Located: Washington, D.C. No. of records exposed: Health information on 34,503 patients due to personal laptop of a former contractor for the hospital being stolen. Source: 4/20/2012 Emory Healthcare, Inc. Located: Georgia No. of records exposed: Data related to 315,000 patients, including Social Security numbers, had been stored on 10 computer disks but went missing from a storage facility; a class-action lawsuit underway could cost the hospital $200 million. Source:
21 Lost or Stolen Documents Key areas where sensitive Financial Data are located Dumpster Diving Fax Pile Sensitive Financial Documents are not Shredded
22 Hacker Attempts Accessing your network or stored systems via sniffers, virus, or other means: Global Payments March ,500,000 credit cards stolen Zappos January ,000,000 credit cards stolen SONY April ,000,000 credit card records stolen Heartland Payment Systems January ,000,000 credit cards stolen
23 Costs of a Breach A security breach and subsequent compromise of payment card data has far-reaching consequences for affected organizations, including 1 : 1. Regulatory notification requirements, 2. Loss of reputation, 3. Loss of customers, 4. Litigation. 5. Potential financial liabilities (for example, regulatory and other fees and fines), and 1 From PCI DSS Self-Assessment Questionnaire Instructions and Guidelines, v2.0 October 2010
24 Financial Cost of Non Compliance? Noncompliance Fines - The consequences of not being PCI compliant range from $5,000 to $500,000, which is levied by banks and credit card institutions. Banks may fine based on forensic research they must perform to remediate noncompliance. Credit card institutions may levy fines as a punishment for noncompliance and propose a timeline of increasing fines. What are the penalties if your organization does not comply with PCI-DSS? Failure to comply with PCI-DSS requirements can result in stiff contractual penalties or sanctions from members of the payment card industry, including:» Fines of $500,000 per data security incident» Fines of $50,000 per day for non-compliance with published standards» Liability for all fraud losses incurred from compromised account numbers» Liability for the cost of reissuing cards associated with the compromise» Suspension of merchant accounts And this doesn t even begin to touch on HIPAA fines and regulatory actions!!!
25 What If We Are Compliant and Still Have a Breach? Breach Consequences- Even if a company is 100% PCI compliant and validated, a breach in cardholder data may still occur. Cardholder Breaches can result in the following losses for a merchant. $50-$90 fine per cardholder data compromised Suspension of credit card acceptance by a merchant s credit card account provider Loss of reputation with customers, suppliers, and partners Possible civil litigation from breached customers Loss of customer trust which effects future sales
26 DIY vs. Outsource: Audits, Concerns, Risk, Data Storage concerns You cannot avoid PCI-DSS compliance if you take credit cards today. You need to determine your Merchant Level and follow those requirements, or outsource your services to a third party vendor or service. Average DIY costs: Resources, Hardware, Software, etc: Level Assessment Cost Implementation Cost 1* $237,000 $2,800,000 2 $135,000 $1,100,000 3 $44,000 $155,000 4 $10,000 (est) $25,000 (est) Level 1 also requires an external QSA review Source:
27 Outsourcing should be considered! If you decide to outsource instead of doing it in house, you need to look for a PCI-DSS compliant vendor or a PA-DSS compliant product. PCI: PA: Benefits: Reduced Cost for Compliance Outsourced Risk Outsourced Compliance Focused Adherence to PCI related changes Expert PCI related Consultation Services Proven Compliance Services Proven Solution IMPORTANT: Your organization is still responsible for maintaining internal compliant policies and procedures even with outsourcing!!!
28 Next Steps 1. Assess your credit card processing procedures a) Verify where you stand today, how many cards you process, how the data is handled. 2. Talk to your merchant bank partner about their process 3. Determine your merchant Level and complete the SAQ form * 4. Determine if you will proceed yourself or need to outsource 5. Remediate correct any exposure based on assessment 6. Report provide completed documentation to your merchant 7. Repeat this process on a regular basis, minimum yearly *
29 Thank You! Aaron Lego, PMP Director of Business Development (330) (Office) (330) (Cell) CBOSS is a certified Level 1 Service Provider offering outsourced online payment solution services via our Central Payment Portal (CPP) product for our many customers in public and private sectors. We currently process over 4 million transactions a year.
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?
SecurityMetrics PCI Starter Kit Orbis Payment Services, Inc. 42 Digital Drive, Suite 1 Novato, CA 94949 USA Dear Merchant, Thank you for your interest in Orbis Payment Services as your merchant service
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
PCI DSS: PCI DSS is a set of technical and operational mandates designed to ensure that all organizations that process, store or transmit credit card information maintain a secure environment and safeguard
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application
Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA firstname.lastname@example.org Copyright 2006 - The OWASP Foundation Permission is granted to copy,
Slide 1 PCI Standards: A Banking Perspective Bob Brown, CISSP Wachovia Corporate Information Security Slide 2 Agenda 1. Payment Card Initiative History 2. Description of the Industry 3. PCI-DSS Control
E N T E R P R I S E Enterprise Security Solutions PCI Security Compliance : What PCI security means for your business The Facts Comodo HackerGuardian TM PCI and the Online Merchant Overview The Payment
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
PCI-DSS: Payment Card Industry Data Security Standard Why is this important? Cardholder data and personally identifying information are easy money That we work with this information makes us a target That
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. White Paper January 2013 1 INTRODUCTION The PCI SSC (Payment
PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
V 02.21.13 Sales Rep Frequently Asked Questions OMEGA Processing Data Protection Program February 2013 - Updated In response to a national rise in data breaches and system compromises, OMEGA Processing
Sense of Security Pty Ltd (ABN 14 098 237 908) 306, 66 King St Sydney NSW 2000 Australia Tel: +61 (0)2 9290 4444 Fax: +61 (0)2 9290 4455 email@example.com PCI Compliance : What does this mean
CUR RITY SE Data Security Requirements for K-12 January 28, 2010 Payment Card Industry (PCI) SE CUR RITY 1 Welcome To Join The Voice Conference Dial 866-939-3921 Technical issues press 0 Q & A We ll leave
Understanding Payment Card Industry (PCI) Data Security Office of the State Controller November 2010 State of North Carolina The Enemy Major Security Breaches TJ-Max Heartland Hannaford Foods BJ s Wholesale
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
Compliance Management Merchant Guide 2012 Stay Clear Of Fraud Are You Concerned About Data Security Risks? Security is a duty. Companies should remember that they are being trusted by consumers with their
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
BY TROY HAWES Preventing Payment Card Fraud Is your business protected? AT A GLANCE + The theft of credit card payment data by hackers is not limited to large corporations. + Many smaller companies fall
Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges
La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security
Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
PCI DSS Compliance & Security Awareness Program at UST PCI DSS in a Nutshell Who? What? Where? When? Applicable to all UST employees that are exposed to any cardholder data while performing their job responsibilities
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Payment Card Industry Technical s Part 1. Purpose. This guideline emphasizes many of the minimum technical requirements
Payment Card Industry Data Security Standards Compliance Please turn off, or to vibrate, all cell-phones/electronics Expected course length: 1 Hour Questions are welcomed. Who Created It? & What Is It?
Important Info for Youth Sports Associations What the Heck is PCI DSS and Why Should I Care? Joe Posey Terrapin Financial Services Your Club is an ecommerce Business You accept online registration over
CONTENTS OF THIS WHITE PAPER Overview... 1 Background... 1 Who Needs To Comply... 1 What Is Considered Sensitive Data... 2 What Are the Costs/Risks of Non-Compliance... 2 How Varonis Helps With PCI Compliance...
Compliance With The PCI DSS Today s Agenda PCI DSS Introduction How are Colleges and Universities Affected? How Do You Validate Compliance? Best Practices Q&A CampusGuard Full-Service QSA/ASV Firm We Know
2015 PCI DSS Meeting OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock 11/3/2015 Today s Presentation What do you need to do? What is PCI DSS? Why PCI DSS? Who Needs to Comply
Customer Card Data Security and You 01 What Is Global Fortress? Global Fortress is designed as a first line defence to provide you with the resources to help you in your fight against fraudsters. It simplifies
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
Compliance TODAY July 2014 a publication of the health care compliance association www.hcca-info.org What s the key to successfully merging two large hospital systems? an interview with Michael R. Holper
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
Comodo HackerGuardian PCI Security Compliance The Facts What PCI security means for your business Overview The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements intended
2010 Merit Member Conference Compliance Steps for Organizations May 26, 2010 Payment Card Industry (PCI) 1 Welcome 2 Welcome Q & A We ll leave time to address questions during the last 15 minutes of the
PCI DSS Presentation University of Cincinnati Quick PCI Level Set Higher Ed Challenges Getting Compliant Application w/ customers Q& A PCI DSS Payment Card Industry Data Security Standard What is the PCI