Complying with PCI is a necessary step in safely accepting Payment Cards.

Similar documents
Payment Card Industry Data Security Standards.

PCI COMPLIANCE GUIDE For Merchants and Service Members

PCI Compliance. Top 10 Questions & Answers

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

PCI Compliance Top 10 Questions and Answers

How To Protect Your Business From A Hacker Attack

Project Title slide Project: PCI. Are You At Risk?

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

How To Protect Your Data From Being Stolen

PCI Data Security Standards

PCI DSS Presentation University of Cincinnati

Data Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name :

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

How To Protect Visa Account Information

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

PCI Compliance for Healthcare

Accepting Payment Cards and ecommerce Payments

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Property of CampusGuard. Compliance With The PCI DSS

PCI DSS. CollectorSolutions, Incorporated

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard

PCI Compliance: Protection Against Data Breaches

PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard

PCI Compliance: How to ensure customer cardholder data is handled with care

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

Important Info for Youth Sports Associations

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

SellWise User Group. Thursday, February 19, 2015

Two Approaches to PCI-DSS Compliance

PCI DSS 3.0 and You Are You Ready?

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

PCI: The Dark Side. May 2012 Roanoke, VA

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Franchise Data Compromise Trends and Cardholder. December, 2010

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Frequently Asked Questions

UCSB Credit Card Processing and PCI Compliance

An article on PCI Compliance for the Not-For-Profit Sector

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

PC-DSS Compliance Strategies NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Dartmouth College Merchant Credit Card Policy for Processors

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Becoming PCI Compliant

CardControl. Credit Card Processing 101. Overview. Contents

Payment Card Industry Data Security Standard

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

SecurityMetrics Introduction to PCI Compliance

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

Third-Party Access and Management Policy

Credit Card Processing Overview

PCI DSS Compliance Information Pack for Merchants

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Sales Rep Frequently Asked Questions

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

How To Protect Your Credit Card Information From Being Stolen

P R O G R E S S I V E S O L U T I O N S

Western Australian Auditor General s Report. Information Systems Audit Report

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Office of Finance and Treasury

La règlementation VisaCard, MasterCard PCI-DSS

How To Comply With The Pci Ds.S.A.S

PCI DSS COMPLIANCE DATA

PCI Compliance Updates

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

AISA Sydney 15 th April 2009

PCI Security Compliance

Merchant guide to PCI DSS

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

PCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION. Suresh Dadlani, ControlCase

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Why Is Compliance with PCI DSS Important?

PAI Secure Program Guide

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

Josiah Wilkinson Internal Security Assessor. Nationwide

Data Security Basics for Small Merchants

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office

PCI Compliance Overview

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

Best Practices (Top Security Tips)

CSU, Chico Credit Card PCI-DSS Risk Assessment

Transcription:

What Every Director Needs to Know About Credit Cards & Patron Privacy Complying with PCI is a necessary step in safely accepting Payment Cards.

Know the Risks! Some Interesting Facts: 94% of data breaches involved servers * 96% were not in PCI DSS compliance * Data Breach Regulations: 46 of 50 States mandate consumer notification of unauthorized access to private information $145 - average cost per compromised record ** PCI compliance is a key strategy to avoid a data breach! * 2012 Data Breach Investigations Report ** Ponemon Institute LLC. (2015). 2014 Cost of Data Breach Study: Global Analysis

What is PCI? Payment Card Industry Data Security Standard A VISA coordinated initiative started in 2004 Rules, methods, and procedures to reduce payment card fraud Compliance effort varies with where and how you take payment cards Mandates use of Validated services and products

Who are the PCI stakeholders? Since its inception, the PCI Standard has been applied to stakeholders in the order of greatest exposure. Organizations involved with payment cards: Processors Banks Service Providers Application Developers Merchants Library Today the focus is on Merchants That Means You!

Merchants (You the Library) Must comply with PCI based upon Merchant Category: Online (card not present) POS (card present) Online Merchants subscribe to a service with PCI- DSS POS Merchants install products with PA-DSS Merchant is responsible for: Appropriate policies and procedures Securing their network Documenting their PCI compliance status annually using a tool called the Self Assessment Questionnaire (SAQ)

PCI Compliance Best Practices Avoid storing cardholder data! Online merchants (payments over the Internet) Lessen the burden by outsourcing to a validated service provider (e.g., using a third-party payment gateway) POS merchants (over-the-counter & selfservice) You are responsible for protecting cardholder data at the point of sale and as it flows through the payment system. Segment your network to minimize exposure Install PA-DSS validated payment applications Use approved secure card readers

SAQ by Merchant Category Careful! Compliance Burden Increases with SAQ Level Merchant Type Online Payments Internet Protocol Terminals w/p2p Encryption Internet Protocol Terminals Payment Application Connected to Internet Keyboard Input to a Dedicated Computer All Other Merchants Self-Assessment Questionnaire 1 Restrict Physical Access to 8 11 7 8 23 Data 2 Information Security Policy 8 3 10 7 12 3 Protect Card Data 3 4 5 5 4 20 4 Encrypt Transmission of Data 2 1 3 3 3 4 5 Restrict Data to Need-to-Know 5 5 5 6 6 Firewall 15 2 2 2 28 7 Anti-Virus Software 3 3 3 3 10 8 No Default Passwords 14 3 8 23 9 Secure Systems and 8 9 8 13 13 8 27 Applications 10 Assign Unique IDs for Access 17 16 32 11 Regularly Test Systems Best SAQ for 8 libraries SAQs 1 for libraries 10 that accept counter, 16 12 Track and Monitor Access that accept 6 payments 13 13 18 self-check, 21 or kiosk payments. 17 39 Number of Questions 1 4 only by Internet Browser 97 26 SAQ 62 depends 103 upon payment 57 product. 240

Additional PCI Requirements (1) Quarterly external vulnerability scans (Req. 11.2) If your payment systems are on a network connected to the Internet, PCI DSS requires you to have quarterly scans performed The automated scans look for weaknesses an attacker might exploit to access your systems PCI DSS requires these scans to be conducted by a PCI-certified Approved

Additional PCI Requirements (2) Internal and external penetration testing (Req. 11.3) A penetration test simulates an attack on your organization s network infrastructure or applications Penetration testing determines what attackers can access and what trouble they can cause

Let s Look at Some Success Stories Stirling Prentice Systems Librarian

Why Comprise? What we were looking for: ILS compatibility Bilingual interface PCI compliance Compatibility with Moneris Website & discovery layer integration

The Importance of PCI Compliance Peace of mind: Respecting and securing patron info City of Ottawa s requirements

Comprise at OPL Just credit card transactions Pay Fines Button on site and in catalogue Reconciliation reports ILS vs. Soft Launch Adapting to New Standards

Payments steady growth Payment Year Payment Type % Paid Bills % of Amounts Paid CASH 62.2% 51.8% 2012 CHECK 0.9% 2.1% CREDITCARD 13.3% 15.9% DEBITCARD 23.6% 30.3% CASH 59.4% 49.3% 2013 CHECK 0.7% 1.8% CREDITCARD 13.5% 15.9% DEBITCARD 23.4% 29.6% ONLINE 3.1% 3.4% CASH 55.2% 45.6% 2014 CHECK 0.5% 1.3% CREDITCARD 14.6% 16.5% DEBITCARD 23.3% 29.2% ONLINE 6.5% 7.3% CASH 52.7% 43.4% 2015 (so far) CHECK 0.4% 1.4% CREDITCARD 14.9% 16.4% DEBITCARD 22.8% 28.5% ONLINE 9.1% 10.3%

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information