Simplifying Payment Card Industry Compliance



Similar documents
Accelerating PCI Compliance

Administrative Improvements. Administrative Improvements. Scoping Guidance. Clarifications for Segmentation

New PCI Standards Enhance Security of Cardholder Data

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE

Preparing for PCI DSS 3.0 & Ensuring a Seamless Transition. November 2013

PCI Compliance 3.1. About Us

PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS

PCI Self-Assessment: PCI DSS 3.0

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

Technology Innovation Programme

Third-Party Access and Management Policy

With Globalscape EFT and the High-Security Module. The Case for Compliance

PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics

Transitioning from PCI DSS 2.0 to 3.1

5 TIPS TO PAY LESS FOR PCI COMPLIANCE

The Relationship Between PCI, Encryption and Tokenization: What you need to know

Mobile Device Payment Card Processing: How Secure is It? Richard Poworski CISSP, ISP, ITCP, SCF, PCI QSA, PCIP Managing Consultant

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Firewall and Router Policy

How To Protect Your Data From Being Stolen

Payment Application Data Security Standard

Payment Card Industry (PCI) Data Security Standard. Requirements and Security Assessment Procedures. Version 3.1 April 2015

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Four Keys to Preparing for a PCI DSS 3.0 Assessment

A Decision Maker s Guide to Securing an IT Infrastructure

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 3.0 to 3.1

North Carolina Office of the State Controller Technology Meeting

Customer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics

Passing PCI Compliance How to Address the Application Security Mandates

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI DSS. Payment Card Industry Data Security Standard.

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Payment Card Industry (PCI) Data Security Standard Report on Compliance. Template for Report on Compliance for use with PCI DSS v3.0. Version 1.

Adyen PCI DSS 3.0 Compliance Guide

PCI COMPLIANCE GUIDE For Merchants and Service Members

Conquering PCI DSS Compliance

Payment Card Industry (PCI) Data Security Standard

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1)

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard

PCI DSS Requirements - Security Controls and Processes

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

Payment Card Industry (PCI) Data Security Standard. Requirements and Security Assessment Procedures. Version 3.0 November 2013

PCI Requirements Coverage Summary Table

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

How To Protect A Web Application From Attack From A Trusted Environment

Achieving PCI-Compliance through Cyberoam

Franchise Data Compromise Trends and Cardholder. December, 2010

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

MITIGATING LARGE MERCHANT DATA BREACHES

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Payment Card Industry (PCI) Data Security Standard

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Information Technology

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Qualified Integrators and Resellers (QIR) Implementation Statement

Becoming PCI Compliant

PCI Security Standards Council

SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures

PCI DSS SECURITY AWARENESS

PCI Compliance. Top 10 Questions & Answers

Credit Card Processing, Point of Sale, ecommerce

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Network Segmentation

Transcription:

Simplifying Payment Card Industry Compliance 2014 Globalscape, Inc. All Rights Reserved. 1

Simplifying Payment Card Industry Compliance Agenda: What is PCI? Why do I need to worry about this? What changed in DSS 3.0? Are there Best Practices? Simplifying Compliance into Business-as-Usual Q&A 2014 Globalscape, Inc. All Rights Reserved. 2

What is PCI? 2014 Globalscape, Inc. All Rights Reserved. 3

What is PCI? 12 requirements Affects applications that store, process, or transmit cardholder data Source: PCI Security Standards Council: PCI DSS Quick Reference Guide 2014 Globalscape, Inc. All Rights Reserved. 4

Who Must Comply with PCI? 2014 Globalscape, Inc. All Rights Reserved. 5

Did you know? Sensitive authentication data cannot be stored Requirements apply when outsourcing payment operations or management Organizations outsourcing payment operations to third parties are responsible for ensuring account data is protected 2014 Globalscape, Inc. All Rights Reserved. 6

PCI DSS 3.0 New Requirements New requirements cover: 6.5.6 Insecure handling of PAN and SAD in memory 6.5.11 Broken authentication and session management 8.5.1 Unique authentication credentials for Service providers with access to customer environments 9.9 Protecting of point-of-sale (POS) devices from tampering 11.3 Developing and implementing a methodology for penetration testing 12.9 Additional requirement for service providers on data security 2014 Globalscape, Inc. All Rights Reserved. 7

Best Practices for Implementing PCI DSS into Business-as-Usual 1. Monitoring of security controls to ensure they are operating effectively and as intended. 2. Ensuring that all failures in security controls are detected and responded to in a timely manner. 3. Review changes to the environment prior to completion of the change. 4. Review the impact to PCI DSS scope and requirements. 5. Periodic reviews and communications should be performed to confirm that PCI DSS requirements are in place. 6. Review hardware and software technologies at least annually to confirm that they continue to be supported by the vendor and can meet the entity s security requirements, including PCI DSS. 2014 Globalscape, Inc. All Rights Reserved. 8

Simplifying PCI Compliance 1. Monitor security controls 2. Detect &respond to failures 3. Review changes prior to completion of the change. 4. Review impact to scope and requirements. 5. Periodic reviews to confirm PCI DSS requirements. 6. Review hardware and software periodically to confirm that it meets security requirements. 2014 Globalscape, Inc. All Rights Reserved. 9

Simplifying PCI Compliance 1. Monitor security controls 2. Detect and respond to failures 3. Review changes prior to completion of the change. 4. Review impact to scope and requirements. 5. Periodic reviews to confirm PCI DSS requirements. 6. Review hardware and software periodically to confirm that it meets security requirements. 2014 Globalscape, Inc. All Rights Reserved. 10

Simplifying PCI Compliance 1. Monitor security controls 2. Detect &respond to failures 3. Review changes prior to completion of the change. 4. Review impact to scope and requirements. 5. Periodic reviews to confirm PCI DSS requirements. 6. Review hardware and software periodically to confirm that it meets security requirements. 2014 Globalscape, Inc. All Rights Reserved. 11

Simplifying PCI Compliance 1. Monitor security controls 2. Detect &respond to failures 3. Review changes prior to completion of the change. 4. Review impact to scope and requirements. 5. Periodic reviews to confirm PCI DSS requirements. 6. Review hardware and software periodically to confirm that it meets security requirements. 2014 Globalscape, Inc. All Rights Reserved. 12

Simplifying PCI Compliance 1. Monitor security controls 2. Detect &respond to failures 3. Review changes prior to completion of the change. 4. Review impact to scope and requirements. 5. Periodic reviews to confirm PCI DSS requirements. 6. Review hardware and software periodically to confirm that it meets security requirements. If your data is located in the DMZ -- even temporarily -- it is easier for an external attacker to access this information. PCI DSS requirements require that all data must reside in "an internal network zone, segregated from the DMZ and other untrusted networks" (para. 1.3.7). 2014 Globalscape, Inc. All Rights Reserved. 13

Summary To Simplify PCI Compliance: 1. Implement PCI DSS into Business-as-Usual PCI compliance is a process, not an event. 2. Reduce scope consolidate processes, where possible. 3. Select applications that easily integrate with authentication protocols and designed to satisfy PCI stipulations. 4. Work with vendors and partners who understand PCI requirements and stay current with changes 2014 Globalscape, Inc. All Rights Reserved. 14

Any Questions? 2014 Globalscape, Inc. All Rights Reserved. 15

Thank You! 2014 Globalscape, Inc. All Rights Reserved. 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information