worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.



Similar documents
Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

How To Comply With The Pci Ds.S.A.S

Payment Card Industry Data Security Standards.

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

Credit Card Processing Overview

PCI COMPLIANCE GUIDE For Merchants and Service Members

CardControl. Credit Card Processing 101. Overview. Contents

Payment Card Industry Data Security Standard PCI DSS

La règlementation VisaCard, MasterCard PCI-DSS

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

How To Protect Your Business From A Hacker Attack

Project Title slide Project: PCI. Are You At Risk?

Accelerating PCI Compliance

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

PCI Compliance: Protection Against Data Breaches

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

The Petroleum Marketer s PCI compliance Reference Guide

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

PREPARING FOR THE NEW PCI DATA SECURITY STANDARDS

How To Protect Visa Account Information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Josiah Wilkinson Internal Security Assessor. Nationwide

Credit Card Handling Security Standards

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

What Every Business Should Know About PCI Compliance

Dartmouth College Merchant Credit Card Policy for Processors

Cash & Banking Procedures

Merchant guide to PCI DSS

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

PAYMENT CARD INDUSTRY (PCI) SECURITY STANDARDS COUNCIL

PCI DATA SECURITY STANDARD OVERVIEW

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

Fraud Protection, You and Your Bank

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

PCI Security Standards Council

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

University of Sunderland Business Assurance PCI Security Policy

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

Client Security Risk Assessment Questionnaire

Attestation of Compliance for Onsite Assessments Service Providers

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

Payment Card Industry Data Security Standards Compliance

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

How To Protect Your Credit Card Information From Being Stolen

Need to be PCI DSS compliant and reduce the risk of fraud?

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

FAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

How To Protect Your Data From Being Stolen

PCI Standards: A Banking Perspective

Introduction to PCI DSS

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

Miami University. Payment Card Data Security Policy

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Data Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name :

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

PCI Security Compliance

Accepting Payment Cards and ecommerce Payments

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

PCI DSS Presentation University of Cincinnati

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Policies and Procedures

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett

Introduction to Online Payment Processing and PayPal Payment Solutions

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Becoming PCI Compliant

PCI DSS Requirements - Security Controls and Processes

Transcription:

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

The 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS) by type Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy

Build and maintain a secure network If you choose to process, store or transmit cardholder data via the internet you ll need to demonstrate that your firewalls and routers are securely configured and independently tested. 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters A firewall is a fundamental part of network security. A correctly configured firewall will comply with this requirement and you ll need to verify this through the Security Assessment Questionairre. An important part of securing your network, is to make sure all accounts and setting are changed from default and configured to a secure standard.

Protect cardholder data It s important to protect any cardholder data in a physical or online format. All stored data must be encrypted and sensitive data is never disclosed or stored after authorisation (e.g. PIN numbers and the full card details on the magnetic strip). 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks You ll also need to make sure your business is not using public networks to transfer data. If you are storing, transmitting or processing cardholder data across open public networks (Including the internet), you need to ensure you are using the strongest form of encrypting to protect it.

Maintain a vulnerability management program Keep your customer s data and your business computer system safe by installing antivirus software. Scans will need to run regularly and software kept up to date. 5. Use and regularly update your antivirus software 6. Develop and maintain secure systems and applications You ll need to regularly update this to ensure you re protected from all online threats. And if you develop or write any applications or programs you will need to remain vigilant against ongoing threat and vulnerabilities, through testing and maintenance.

Implement strong access control measures Make sure you re controlling who can access your customers card details. You should only allow access to employees who need to know this information. 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data You can do this by assigning unique IDs with different access permissions to each employee on your computer system. Make sure to keep any physical records locked away with the keys provided to those who need it. Physical media needs to monitored and destroyed when no longer needed.

Regularly monitor and test networks Regularly check your network for vulnerabilities by running internal and external vulnerability scans. 10. Track and monitor all access to network resources and cardholder data You ll also need to track and monitor who is accessing your network and cardholder information so you can identify and act on any unusual activity. 11. Regularly test security systems and processes

Maintain an information security policy 12. Maintain a policy that addresses information security To make sure your business keeps all cardholder details safe, create and maintain an information security policy. You are required to set a security policy that lets all employees know what is expected of them and what they must follow.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information