PAYMENT CARD INDUSTRY (PCI) SECURITY STANDARDS COUNCIL



Similar documents
How To Comply With The Pci Ds.S.A.S

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard

Credit Card Processing Overview

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

CardControl. Credit Card Processing 101. Overview. Contents

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

John B. Dickson, CISSP October 11, 2007

Project Title slide Project: PCI. Are You At Risk?

Net Report s PCI DSS Version 1.1 Compliance Suite

How To Become A Pca Compliant Organization

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

PC-DSS Compliance Strategies NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA

PCI Compliance: How to ensure customer cardholder data is handled with care

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

PCI Compliance Top 10 Questions and Answers

AISA Sydney 15 th April 2009

Payment Card Industry Data Security Standard PCI DSS

PCI Compliance: Protection Against Data Breaches

Payment Card Industry Data Security Standards.

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Josiah Wilkinson Internal Security Assessor. Nationwide

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Merchants Must Be Aware of Potentially Mishandled Credit Card Information

Need to be PCI DSS compliant and reduce the risk of fraud?

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry (PCI) Data Security Standards (DSS) The Prevailing Standard for Digital Transactions

Adyen PCI DSS 3.0 Compliance Guide

Payment Card Industry Data Security Standards Compliance

PCI Security Standards Council

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Payment Card Industry Data Security Standards

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

SecurityMetrics Introduction to PCI Compliance

La règlementation VisaCard, MasterCard PCI-DSS

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Franchise Data Compromise Trends and Cardholder. December, 2010

How To Protect Your Business From A Hacker Attack

PCI Compliance : What does this mean for the Australian Market Place? Nov 2007

PCI Compliance. Top 10 Questions & Answers

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Information Sheet. PCI DSS Overview

PCI Compliance Overview

Fraud Protection, You and Your Bank

How To Protect Visa Account Information

10 Steps to Secure & PCI Compliant Credit Card Processing in Oracle Receivables

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October cliftonlarsonallen.com CliftonLarsonAllen LLP

Field Processing of Credit Cards: Solving Credit and Collections Issues

Frequently Asked Questions

Property of CampusGuard. Compliance With The PCI DSS

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Introduction to PCI DSS

How To Protect Your Credit Card Information From Being Stolen

PCI Security Compliance

PCI Standards: A Banking Perspective

Merchant guide to PCI DSS

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

PCI Data Security Standards

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

The Petroleum Marketer s PCI compliance Reference Guide

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

P R O G R E S S I V E S O L U T I O N S

Vanderbilt University

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Understanding Payment Card Industry (PCI) Data Security

PCI COMPLIANCE GUIDE For Merchants and Service Members

SecurityMetrics. PCI Starter Kit

Data Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name :

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

Preventing. Payment Card Fraud. Is your business protected?

2.1.2 CARDHOLDER DATA SECURITY

PCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION. Suresh Dadlani, ControlCase

Accelerating PCI Compliance

Presented By: Bryan Miller CCIE, CISSP

Complying with PCI is a necessary step in safely accepting Payment Cards.

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

Becoming PCI Compliant

PCI DSS Compliance & Security Awareness Program at UST

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Accepting Payment Cards and ecommerce Payments

Accounting and Administrative Manual Section 100: Accounting and Finance

Appendix 1 Payment Card Industry Data Security Standards Program

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

PCI DSS Presentation University of Cincinnati

PAI Secure Program Guide

Transcription:

PAYMENT CARD INDUSTRY (PCI) SECURITY STANDARDS COUNCIL Session 1 Payment Card Industry (PCI) Security Standards Slide 1

Top 3 Largest Security Incidents Reported Worldwide = CREDIT CARDS Related *Source: datalossdb.org Payment Card Industry (PCI) Security Standards Slide 2

Credit / Debit Card Usage A Transaction Lifecycle - $$$ Credit Card Information Collection Credit Card Information Routing Credit Card Information Authorization Cardholder to Merchant Merchant to Acquirer/Service Provider Acquirer/Service Provider to Payment Brand Payment Brand to Issuer Card Present Transaction Credit/Debit Card Track data (PIN) Acquirer / Service Provider(s) Authorization Request Authorization Request Card Not Present Transaction Credit/Debit Card e- Commerce data (CVV2) Payment Card Industry (PCI) Security Standards Slide 3

Terminology Participants in a Transaction Lifecycle.. Entity Description Merchant Any business that, having met the qualification standards of a payment brand and having been approved by any Acquiring member, accepts payment cards in exchange for goods and services. Acquirer Payment brand member that maintains relationships and accounts for merchants that accept payment cards. Serves as the intermediary figure between merchants and the payment brands. (e.g., Chase Paymentech Solutions, First Data, BA Merchant Services, Nova Information systems, Fifth Third Bank, Wells Fargo Merchant Serv, Global Payments, Heartland Payment Systems, First Nat l Merchant Solutions, RBS Lynk) Service Provider (e.g., Processor, Gateway, Hosting Provider) Business entity that is not a payment brand member or a merchant directly involved in the processing, storage, transmission, and switching of transaction data and cardholder information or both. This also includes companies that provide services to merchants, services providers or members that control or could impact the security of cardholder data (e.g., service providers that provide managed firewalls, IDS and other services, hosting providers, etc). Payment Brand Processing organization that licenses members and merchants to issue and accept credit cards, respectively. The organization serves as an intermediary between Acquirers and Issuers. (e.g., Visa.Inc, MasterCard Worlwide, America Express, Discover Financial Services & JCB International) Issuer The financial institution (a licensed member of a payment brand) that holds contractual agreements with and issues cards to cardholders. Also responsible for managing cardholder accounts and approving authorizing requests. Payment Card Industry (PCI) Security Standards Slide 4

Past Events Security Breach!!!! Implications of a cardholder data breach could be huge Fines imposed* by payment brands (Visa, Mastercard, etc) and other regulatory bodies (FTC, etc) on acquirer banks / merchants / service providers Merchants loosing their ability to process customers credit card transactions Notification to legal authorities* and offering free credit-protection services to those affected Legal action* being taken by cardholders Bad Publicity Customer Attrition and eventual loss of business *TJX approximately $118 Million (Regulatory fines, Legal fees, Call center costs), Heartland Payment Systems approximately $12.6 Million (Legal costs and Fines from Visa & Mastercard) Payment Card Industry (PCI) Security Standards Slide 5

RISK! Cost of Security Breach $$$ Detection or Discovery, Escalation, Notification & Ex-post Response* Activities that enable a company to reasonably detect the breach of personal data either at risk (in storage) or in motion Activities necessary to report breach of protected information to appropriate personnel within a specified time period Activities that enable the company to notify data subjects with a letter, outbound telephone call, e-mail or general notice that personal information was lost or stolen Activities to help victims of a breach communicate with the company to ask additional questions or obtain recommendations in order to minimize potential harms. Redress activities also include ex-post response such as credit report monitoring or the reissuing of a new account (or credit card) *Source: ponemon.org Payment Card Industry (PCI) Security Standards Slide 6

Payment Card Industry Security Standards Council Background PCI Security Standards Council Organization founded by America Express, Visa.Inc, MasterCard Worlwide, Discover Financial Services & JCB International An open global forum for ongoing development, enhancement, storage, dissemination & implementation of security standards for account data protection *Source: pcisecuritystandards.org Payment Card Industry (PCI) Security Standards Slide 7

Payment Card Industry Security Standards Council Background PCI Security Standards Council PCI security standards are technical and operational requirements set by the council The standards globally govern all Merchants and organizations that store, process and transmit card data Software developers and manufacturers of applications and devices used in the card transaction PCI Data Security Standard (PCI DSS), PIN Transaction Security (PTS) & Payment Application Data Security Standard (PA-DSS) *Source: pcisecuritystandards.org Payment Card Industry (PCI) Security Standards Slide 8

Payment Card Industry Data Security Standard (PCI DSS) PCI DSS 1.2 Data Security Standard 1.2* PCI DSS applies to any entity that stores, processes, and/or transmits cardholder data Covers technical and operational system components included in or connected to cardholder data 6 principles/goals and 12 requirements If your business accepts or processes payment cards, it must comply with the PCI DSS *The effective date of the new PCI DSS v1.2 standard was October 1, 2008, and the sunset date of the PCI DSS v1.1 was December 31, 2008. Payment Card Industry (PCI) Security Standards Slide 9

Payment Card Industry Data Security Standard (PCI DSS) PCI DSS (Principles) Build and Maintain a Secure Network Protect Card Holder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measure Regularly Monitor and Test Networks Maintain an Information Security Policy Payment Card Industry (PCI) Security Standards Slide 10

Payment Card Industry Data Security Standard (PCI DSS) PCI DSS (Requirements) Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Card Holder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Payment Card Industry (PCI) Security Standards Slide 11

Payment Card Industry Data Security Standard (PCI DSS) PCI DSS (Requirements) Implement Strong Access Control Measure 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Payment Card Industry (PCI) Security Standards Slide 12

Payment Card Industry Security Standards Council Stay Tuned Session 2 PCI DSS - Deepdive Changes from PCI DSS 1.1 to 1.2 Payment Application Data Security Standard PIN Transaction Security Standard Payment Card Industry (PCI) Security Standards Slide 13

Payment Card Industry Security Standards Council THANK YOU Payment Card Industry (PCI) Security Standards Slide 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information