PCI & the Contact Centre The Acquirer Perspective
|
|
- Hilary Blankenship
- 8 years ago
- Views:
Transcription
1 PCI & the Contact Centre The Acquirer Perspective 17 September2014 Michael Christodoulides
2 Personal Introduction Telephony Contact Centres are integral to the security of the payment card industry ecosystem. Your speaker today, Michael Christodoulides: Is a member of Barclaycards award winning Payment Security Team A PCI SSC certified Internal Security Assessor Team and Payment Card Industry Professional Specialises in the areas of governance, risk management and compliance Page 2
3 Agenda SAD? PAN? or both? Account Data Toxicity PCI DSS V3.0: Impact to 3rd Parties and Merchants A way forward - choices Further information Questions and Answers Page 3
4 SAD? PAN? Or both? SAD - Not permitted to store sensitive authentication data after authorisation PAN - Must protect primary account numbers The PCI SSC write The primary account number is the defining factor for cardholder data. If cardholder name, service code, and/or expiration date are stored, processed or transmitted with the PAN, or are otherwise present in the cardholder data environment, they must be protected in accordance with applicable PCI DSS requirements. Page 4
5 Account Data a Reminder Cardholder Data includes: Primary Account Number (PAN) Cardholder Name Expiration Date Service Code Account Data Sensitive Authentication Data includes: Full track data (magnetic-stripe data or equivalent on a chip) CAV2/CVC2/CVV2/CID PINs/PIN blocks Source PCI DSS V3.0 Page 5
6 Toxicity PANs are Toxic because: They have criminal value and in the wrong hands undermine consumer trust in the security of brands at which the consumer shops. SAD are Toxic because: They have a criminal value and in the wrong hands undermine consumer trust in the security of brands at which the consumer shops and also impacts upon the integrity of the payment system. Contact Centres will want to reduce their payment security risk. Page 6
7 A way forward Investigate and Plan Determine your appetite to risk, governance and payment card security Identify your flows of cardholder data and sensitive account data Determine the controls in place to protect cardholder data where stored Determine the controls in place to securely delete sensitive authentication data after authorisation If all is not well: Plan your remediation Page 7
8 A way forward - Choices Take PANs and SAD out of your systems and negate the need to store PANs Or Apply the full range of controls described in the PCI DSS to correctly protect cardholder data and securely remove sensitive authentication data I know which option I would prefer to take but I m not your business case! Page 8
9 Due diligence when selecting a 3rd Party Contact Centre So, from a PCI DSS perspective, how do you select a Service Provider/Third Party Contact Centre? First port of call should be the lists run by the Schemes e.g. the Visa Merchant Agent list or the MasterCard Service Provider list. and But if your preferred supplier is not on these lists then what do you do? Obtain their Report on Compliance and undertake your due diligence to ensure the services you will be commissioning are in the scope of their assessment. No RoC? Then obtain their SAQ and verify, best to ensure the SAQ is verified by a QSA! No SAQ? Then undertake your own due diligence to ensure they can manage your payment cardholder data securely. Encourage (i.e. instruct) your preferred service provider to join the Scheme lists, where it is appropriate to do so. Page 9
10 What to ask your call centre provider How does the call centre system help you comply with the PCI DSS guidelines and how does it automatically remove sensitive credit card information from recorded calls? How will the call centre system comply with any future changes in legal regulations or codes of practice? If your call centre system is not compliant with the standard, what liability is your supplier prepared to take in the event of a data compromise due to vulnerabilities on their system? Page 10
11 Who is responsible for what it depends, its your business The Merchant is always responsible for securely managing the payment card data that is entrusted to them by their customers. The Merchant might decide to delegate operations to 3 rd parties and if these operational functions involve storing, processing or transmitting cardholder data or have an impact on the security of cardholder data then the Merchant should also ensure that payment card security continues to be managed correctly. In the event of a data security breaches it is always the Merchant who has the responsibility to close the breach, ensure remediation takes place and pay any fines imposed due to incurring the data security breach. The costs of selecting the wrong third party quickly mount when things go wrong. Page 11
12 PCI DSS V3.0: Impact to 3rd Parties and Merchants PCI DSS V3.0 recognises that the PCI DSS payment card security relationships between the Merchant and the Third Party have not always been as transparent they need to be. To many assumptions on either side about who has/is responsible. Therefore in PCI DSS V3.0: Evolving Requirement: Maintain information about which PCI DSS requirements are managed by service providers and which are managed by the entity Evolving Requirement: Service providers to acknowledge responsibility for maintaining applicable PCI DSS requirements. Effective 1 July 2015 Page 12
13 Contracts A few considerations about contracts, I m not a lawyer but : Ensure your contracts specify PCI DSS responsibilities, not just at a high level but by actual requirement and sub clause. These might be in an accompanying schedule but they should form part the contract. Be specific about what happens in the event of a data security breach, who has responsibility and who pays the bills! (e.g. forensics, stop loss, remediation)! Include the requirement for an Incident response plan. Include a right of audit/inspection. Include requirement for a RoC or QSA attested SAQ for your scope of work. Include requirement to be complaint with Scheme security bulletins. Make the contract future proof for example do not get trapped to any one version of the PCI DSS or associated standards and pronouncements issued by the PCI SSC or other industry bodies. Page 13
14 Time to breath time to plan Page 14
15 Account Data Compromise responsibilities When things go wrong its always the Merchant who foots the bill! ADC costs include: Forensic Investigation/s Initial remediation to stop the leak Full remediation to become compliant Diversion of operational resources from intended business initiatives to zero income payment card security activities Managing customer expectations Managing the Media Rebuilding confidence in the brand Allocating additional budget to payment card security on an on-going basis For a copy of our Data Compromise Leaflet, please contact a member of our team at PCI.Taskforce@barclaycard.co.uk or go to Page 15
16 Timescales Well the reality is that you should be using PCI DSS compliant Contact Centres now! But many organisations have existing contracts that needed to be reviewed and possibly re negotiated so how long will this take? It s going to take time and the driver will be PCI DSS V3.0. Therefore: Identify all your existing Service Provider contracts and review for payment security implications. Put written agreements in place where none previously exist Ensure you are using a compliant Service Provider, ask for their RoC and AOC and make the scope covers your business SP s list with Visa Europe as a Merchant Agent SP contact your Bank and obtain sponsorship to list on the MasterCard SP list Use the first half of 2014 to identify and review the services provided by all your providers. Use the second half of 2014 to review and, where necessary, renegotiate 3 rd Party contracts. By June 2015 you must have written agreements that evidence the third party responsibilities.. Page 16
17 Conclusions and Impact on existing compliance programmes First make sure you are ready for PCI DSS V3.0 and in particular: Review your cardholder data flows to ensure they accurately include third parties and/or companies that can potential impact payment card security. Review your list of third parties and ensure contracts are appropriate for the services they provide, provide security to cardholder data and assist the merchant in the event of a security breach. If you are currently assessing with PCI DSS V2.0 then take the opportunity to run a gap analysis against v3.0 Include Scheme listing as part of your compliance programme e.g. ensuring your third party is listed on the Visa Europe Merchant Agent List and the MasterCard Service Provider list. Life is not a perfect world if there are problems that we can help with then do speak to us, here at Barclaycard Payment Security Team, we can and want to help: PCI.Taskforce@Barlycard.co.uk Page 17
18 Further information Safe and Sound Processing Telephone Payments Securely A white paper from Barclaycard and Visa Europe leading the way in secure payments May 2014 Barclaycard PCI DSS on the web: -payments/payment-security/pci-dss Page 18
19 Any Questions? Find us on Barclaycard Business Solutions Payment Security Page 19
20 Awards and credentials Elected Board member of the Payment Card Industry Security Standards Council (PCI SSC) Winner of FSTech Awards Compliance Project of the Year 2013 Winner of FSTech Awards Anti-Fraud/Security Strategy of the Year 2013 Winner of Data Security Award, MPE Awards 2012 Winner of Merchant Award, MPE Awards 2012 Winner of Information Security Team of the Year, SC Magazine Europe Awards 2012 Winner of Information Security Team of the Year, SC Magazine Europe Awards 2011 Winner of the Data Security Award, European Card Acquiring Forum (ECAF) Awards 2010 Page 20
Payment Security Account Data Compromise (ADC)
Payment Security Account Data Compromise (ADC) 10 th July 2014 Michael Christodoulides & Louise Hunt All information correct at time of presentation Introductions Barclaycard has become increasingly aware
More informationPayment Security teleconference
Payment Security teleconference PCI DSS Compliance Validation Options 27 th March 2014 Michael Christodoulides and Louise Hunt All information correct at time of presentation Introduction Barclaycard has
More informationPCI DSS Compliance Services January 2016
PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction
More informationPCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants
Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?
More informationPayment Card Industry Compliance Overview
January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260
More informationWhat are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:
What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International
More informationWorldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)
Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 2 of 7 POLICY TITLE Section Subsection Responsible Office PCI DSS Compliance Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Administration
More informationMobile Device Payment Card Processing: How Secure is It? Richard Poworski CISSP, ISP, ITCP, SCF, PCI QSA, PCIP Managing Consultant
Seccuris is Canada s premier Information Assurance integrator. We enable organizations to achieve business goals through effective management of information risk. We are agile, innovative, flexible, and
More informationPCI DSS. Payment Card Industry Data Security Standard. www.tuv.com/id
PCI DSS Payment Card Industry Data Security Standard www.tuv.com/id What Is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is the common security standard of all major credit cards brands.the
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 7 Proposed Policy Number and Title: 457 PCI DSS Compliance Existing Policy Number and Title: Not applicable Approval Process* X Regular Temporary Emergency Expedited X New New New Revision Revision
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationA Compliance Overview for the Payment Card Industry (PCI)
A Compliance Overview for the Payment Card Industry (PCI) Many organizations are aware of the Payment Card Industry (PCI) and PCI compliance but are unsure if they are doing everything necessary. This
More informationKey USP s. Multiple PCI level GRC tool
PCI GRC tool Introduction GP history Visa level 1 approved hosting facility Niche product for a specific problem Reduce BAU cost and cost of PCI compliance Reduce cost in managing 3rd parties PCI stakeholder
More informationThird Party Agent Registration and PCI DSS Compliance Validation Guide
Visa Europe Third Party Agent Registration and PCI DSS Compliance Validation Guide May 2016 Version 1.3 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration Process...
More information2.1.2 CARDHOLDER DATA SECURITY
University of Oxford Finance Division FINANCIAL POLICY 2.1.2 CARDHOLDER DATA SECURITY Date: 21 March 2013 Version: 2.1.2 Status: Approved Author: Simon Blee Bridget Midwinter TABLE OF CONTENTS Page EXECUTIVE
More informationPCI Compliance : What does this mean for the Australian Market Place? Nov 2007
Sense of Security Pty Ltd (ABN 14 098 237 908) 306, 66 King St Sydney NSW 2000 Australia Tel: +61 (0)2 9290 4444 Fax: +61 (0)2 9290 4455 info@senseofsecurity.com.au PCI Compliance : What does this mean
More informationMerchant guide to PCI DSS
Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This
More informationRegistration and PCI DSS compliance validation
Visa Europe A Guide for Third Party Agents Registration and PCI DSS compliance validation October 2015 Version 1.1 Visa Europe 2015 Contents 1 Introduction... 4 1.1 Definitions of Agents... 4 2 Registration
More informationAn article on PCI Compliance for the Not-For-Profit Sector
Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector
More informationPCI DSS and SSC what are these?
PCI DSS and SSC what are these? What does PCI DSS mean? PCI DSS is the English acronym for Payment Card Industry Data Security Standard. What is the PCI DSS programme? The bank card data, which are the
More informationPCI DSS Gap Analysis Briefing
PCI DSS Gap Analysis Briefing The University of Chicago October 1, 2012 Walter Conway, QSA 403 Labs, LLC Agenda The PCI DSS ecosystem - Key players, roles - Cardholder data - Merchant levels and SAQs UofC
More informationPayment Card Industry Data Security Standards.
Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing
More informationPCI DSS Investing wisely...
PCI DSS Investing wisely... Hotel webinar Neira Jones Head of Payment Security Barclaycard Global Payment Acceptance 25 th July 2011 Leading the way in secure payments global payment acceptance Hotel Security
More informationYour guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)
Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions Version 5.0 (April 2011) Contents Contents...2 Introduction...3 What are the 12 key requirements of
More informationA PCI Journey with Wichita State University
A PCI Journey with Wichita State University Blaine Linehan System Software Analyst III Financial Operations & Business Technology Division of Administration & Finance 1 Question #1 How many of you know
More informationIntroduction to PCI DSS
Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?
More informationPCI DSS Overview. By Kishor Vaswani CEO, ControlCase
PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationHow To Protect Your Business From A Hacker Attack
Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as
More informationCustomer Card Data Security and You
Customer Card Data Security and You 01 What Is Global Fortress? Global Fortress is designed as a first line defence to provide you with the resources to help you in your fight against fraudsters. It simplifies
More informationPCI Security Standards Council
PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI
More informationWhite Paper On. PCI DSS Compliance And Voice Recording Implications
White Paper On PCI DSS Compliance And Voice Recording Implications PCI DSS within the UK is becoming a hot topic of conversation, with many contradictions and confusions being issued by suppliers and professionals
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationA MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)
A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS) The mandatory guide for storing, processing or transmitting cardholder information Overview and applicability Any application
More informationFAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees
SaferPayments Be smart. Be compliant. Be protected. What is the Payment Card Industry Data Security Standard (PCI DSS)? Do I have to comply? The PCI DSS is a mandatory requirement for any business who
More informationSafe and Sound Processing Telephone Payments Securely. A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015
Safe and Sound Processing Telephone Payments Securely A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015 Executive summary The following information and guidance
More informationProtecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh
Protecting Your Customers' Card Data Presented By: Oliver Pinson-Roxburgh Agenda Trustwave Overview PCI Scope Compromise Statistics PCI Makes Business Sense Registration Process TrustKeeper Features Support
More informationsafe and sound processing online card payments securely
safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade
More informationCredit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600
Credit Cards and Oracle: How to Comply with PCI DSS Stephen Kost Integrigy Corporation Session #600 Background Speaker Stephen Kost CTO and Founder 16 years working with Oracle 12 years focused on Oracle
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More information1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education
PCI in Higher Education Walter Conway, QSA 403 Labs, LLC Walt Conway PCI consultant, blogger, trainer, speaker, author Former Visa VP Help schools become PCI compliant Represent Higher Education at PCI
More information2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock
2015 PCI DSS Meeting OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock 11/3/2015 Today s Presentation What do you need to do? What is PCI DSS? Why PCI DSS? Who Needs to Comply
More informationPC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA
PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?
More informationPCI DSS & 3 RD PARTY SERVICE PROVIDERS
PCI DSS & 3 RD PARTY SERVICE PROVIDERS A PUSH-ME, PULL-ME RELATIONSHIP Katie Todd, CTP Asst. Director of PCI Compliance & Merchant Account Services Columbia University Global Treasury Operations Tuesday,
More informationPCI DSS. CollectorSolutions, Incorporated
PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted
More informationCredit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2
Credit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2 Joe Helmy, VP Emerging Verticals, MasterCard Jennifer Cooperman, MBA, CPFO, Treasurer, City of Portland, OR Tod Burton, Financial
More informationP R O G R E S S I V E S O L U T I O N S
PCI DSS: PCI DSS is a set of technical and operational mandates designed to ensure that all organizations that process, store or transmit credit card information maintain a secure environment and safeguard
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationUniversity of Liverpool
University of Liverpool Card Payment Policy Reference Number Title Version Number 1.0 Document Status Document Classification FIN-001 Card Payment Policy Active Public Effective Date 03 June 2014 Review
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 1.1 February 2008 Table of Contents About this Document... 1 PCI Data Security Standard
More informationWestern Australian Auditor General s Report. Information Systems Audit Report
Western Australian Auditor General s Report Information Systems Audit Report Report 10 June 2012 Auditor General s Overview The Information Systems Audit Report is tabled each year by my Office. It summarises
More informationUniversity of Oregon Policy Statement Development Form
University of Oregon Policy Statement Development Form Policy Title: Electronic Commerce Policy submitted by: Name: Mark McCulloch Phone: 541 346 6249 Email: mmccullo@uoregon.edu Organization: Business
More informationImportant Info for Youth Sports Associations
Important Info for Youth Sports Associations What the Heck is PCI DSS and Why Should I Care? Joe Posey Terrapin Financial Services Your Club is an ecommerce Business You accept online registration over
More informationHow To Protect Visa Account Information
Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer
More informationPCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate
More informationHow To Ensure Account Information Security
Global PCI DSS Framework Emöke Bitter Business Leader, Risk Management 26 February 2009 Agenda Introduction Merchants Service Providers Registry of Service Providers Payment Applications Resources Information
More informationPCI DSS Compliance - what you need to know
PCI DSS Compliance - what you need to know What is PCI DSS? PCI DSS Payment Card Industry Data Security Standard A set of rules laid out by the PCI Security Standards Council to protect card holder data
More informationWestpac Merchant. A guide to meeting the new Payment Card Industry Security Standards
Westpac Merchant A guide to meeting the new Payment Card Industry Security Standards Contents Introduction 01 What is PCIDSS? 02 Why does it concern you? 02 What benefits will you receive from PCIDSS?
More informationWhite paper. How to take your contact centre out of scope for PCI DSS. Reducing cost and risk in credit card transactions for contact centres
White paper How to take your contact centre out of scope for PCI DSS Executive summary With 77 per cent of UK companies admitting to a security breach (Source: The Ponemon Institute, 2009), and up to 97
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationPayment Card Industry Data Security Standard (PCI DSS) v1.2
Payment Card Industry Data Security Standard (PCI DSS) v1.2 Joint LA-ISACA and SFV-IIA Meeting February 19, 2009 Presented by Mike O. Villegas, CISA, CISSP 2009-1- Agenda Introduction to PCI DSS Overview
More informationPCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
cliftonlarsonallen.com PCI Compliance What is New in Payment Card Industry Compliance Standards October 2015 Overview PCI DSS In the beginning Each major card brand had its own separate criteria for implementing
More informationFinance Office. Card Handling Policy
Finance Office Card Handling Policy Prepared by: Lyndsay Brown Issued: November 2012 1 Contents Page 1 Introduction 3 2 Responsibility 3 3 The PCI Data Security Standard 3 4 PCI DSS Requirements 4 5 Receiving/
More informationPCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc.
PCI Compliance at The University of South Carolina Failure is not an option Rick Lambert PMP University of South Carolina ricklambert@sc.edu Payment Card Industry Data Security Standard (PCI DSS) Who Must
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More informationPCI Policies 2011. Appalachian State University
PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationPCI Standards: A Banking Perspective
Slide 1 PCI Standards: A Banking Perspective Bob Brown, CISSP Wachovia Corporate Information Security Slide 2 Agenda 1. Payment Card Initiative History 2. Description of the Industry 3. PCI-DSS Control
More informationPolicy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014
Policy Title: Effective Date: 5/5/2010 Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014 Oversight Department: Financial Services Next Review Date: 10/1/2016 1. PURPOSE The for Radford University
More informationAchieving PCI DSS Compliance Through Outsourcing: Where to begin?
Achieving PCI DSS Compliance Through Outsourcing: Where to begin? August 2014 Can you achieve PCI DSS compliance through outsourcing, and if so, how should you approach it? This whitepaper provides a brief
More informationAccounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
More informationPayment Card Industry Standard - Symantec Services
Payment Card Industry Standard - Symantec Services The Payment Card Industry Data Security Standard (PCI, or PCI DSS) was developed by the PCI Security Standards Council to assure cardholders that their
More informationAchieving PCI Compliance for Your Site in Acquia Cloud
Achieving PCI Compliance for Your Site in Acquia Cloud Introduction PCI Compliance applies to any organization that stores, transmits, or transacts credit card data. PCI Compliance is important; failure
More informationTop 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services
Top 10 PCI Concerns Jeff Tucker Sr. Security Consultant, Foundstone Professional Services About Jeff Tucker QSA since Spring of 2007, Lead for the Foundstone s PCI Services Security consulting and project
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationThis appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
More informationCyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
More informationData Security Standard (DSS) Compliance. SIFMA June 13, 2012
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance SIFMA June 13, 2012 EisnerAmper Consulting Services Group Overview of EisnerAmper Fifth fhlargest accounting firm in the Metro New York
More informationPayment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission
More informationPayment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions
PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data
More informationCompliance Security Continuity
Compliance Security Continuity About Us Information Security Put the necessary processes, policies and procedures in place, identify your company s most valuable assets and implement and test controls
More informationStrategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008
Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Matthew T. Davis SecureState, LLC mdavis@securestate.com SecureState Founded in 2001, Based on Cleveland Specialized
More informationCard Network Update Chip (EMV) Acceptance in the United States At-A-Glance
Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face
More informationAdyen PCI DSS 3.0 Compliance Guide
Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants
More informationPCI Compliance 101: Payment Card. Your Presenter: 7/19/2011. Data Security Standards Compliance. Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT
PCI Compliance 101: Payment Card Industry Basics Data Security Standards Compliance Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT This complimentary webinar is brought to you by ASAE-Endorsed Business Solutions
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationsafe and sound Processing online card payments securely leading the way in secure payments A white paper from Barclaycard PMS??? PMS??? PMS??? PMS???
BCD106002BROB1 24/09/2010 17:22 Page 1 C M Y K PMS??? PMS??? PMS??? PMS??? Non-printing Colours Non-print 1 Non-print 2 JOB LOCATION: PRINERGY 3 safe and sound Processing online card payments securely
More informationVISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)
VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationThe PCI DSS Compliance Guide For Small Business
PCI DSS Compliance in a hosted infrastructure A Rackspace White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by
More information