Ruby VASC Instructor Guide

Similar documents
paypoint implementation guide

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

Qualified Integrators and Resellers (QIR) Implementation Statement

PCI Compliance Training

Credit Card Processing Overview

Commander TM Site Controller

CardControl. Credit Card Processing 101. Overview. Contents

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers.

User Set Up Booklet VeriFone Sapphire. Topaz POS. Terminals. For use with VeriFone. VeriFone Sapphire and.

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

VERIFONE ENHANCED ZONE ROUTER

How To Protect Your Data From Being Stolen

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

Project Title slide Project: PCI. Are You At Risk?

Need to be PCI DSS compliant and reduce the risk of fraud?

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Implementation Guide

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

PCI v2.0 Compliance for Wireless LAN

The Petroleum Marketer s PCI compliance Reference Guide

Hybrid PA-DSS Report on Validation

PCI Requirements Coverage Summary Table

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

PCI Requirements Coverage Summary Table

Why Is Compliance with PCI DSS Important?

Payment Application Data Security Standard

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

PCI DSS Compliance Information Pack for Merchants

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

Eagle 8.0 Release Notes

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Two Approaches to PCI-DSS Compliance

Miami University. Payment Card Data Security Policy

NETePay 5.0. FDMS Nashville. Installation & Configuration Guide. Part Number:

Payment Card Industry Compliance

Global Partner Management Notice

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Payment Card Industry Data Security Standards.

Catapult PCI Compliance

Customer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics

Payment Application Data Security Standards Implementation Guide

Benefits of Integrated Credit Card Processing Within Microsoft Dynamics GP. White Paper

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

PA-DSS Implementation Guide. Version Document Owners. Approval Date: January 2012

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Payment Card Industry - Achieving PCI Compliance Steps Steps

Verifone Enhanced Zone Router

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

How To Comply With Pca Dss

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

Your Compliance Classification Level and What it Means

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Technical breakout session

PCI PA-DSS Implementation Guide

PA-DSS Implementation Guide: Steps to ensure that your POS system is secure

How To Program A Credit Card Terminal To Be A Pca Compliant (Cpo) Or Not (Pca) Compliant (Dns) (Cisp) (Dhs) (Pci) (Susu) (Usu/

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

3M SelfCheck Self-Pay Software. Implementation Guide

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

Policies and Procedures

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

A Rackspace White Paper Spring 2010

Best Practices for PCI DSS V3.0 Network Security Compliance

PCI Compliance: Protection Against Data Breaches

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

PCI COMPLIANCE GUIDE For Merchants and Service Members

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Transcription:

Ruby VASC Instructor Guide Client Services, Training 300 S. Park Place Blvd. Suite 100 727.953.4000 Main Reception 727.953.4270 Training Administration 727.953.4001 - Fax i_trngregistration@smokestack.verifone.com

Published: March 11, 2011 VeriFone, Inc. Integrated Systems 300 South Park Place Blvd., Suite 100 Clearwater, FL 33759 Office: (727) 953-4000 Fax: (727) 953-4001 Printed in the United States of America 2010 VeriFone, Inc. All rights reserved. No part of this publication may be copied, distributed, stored in a retrieval system, translated into any human or computer language, or transmitted in any form or by any means, without the prior written consent of VeriFone, Inc. The content of this document is subject to change without notice. The information contained herein does not represent a commitment on the part of VeriFone, Inc. VeriFone, Inc. is a registered trademark of VeriFone, Inc. All other brand names and trademarks appearing in this documentation are the property of their respective owners. Published: 02/12/10 Page: 2

Document Revision History Revision Date Author Description 1.0 02/12/10 John_B1 Original Documentation 1.1 03/11/11 John_B11 Changed Module number to 8 Published: 02/12/10 Page: 3

Subject: PCI /PA-DSS Overview Skill Level: 2 - Intermediate Time Involved: 1 Hour 30 Minutes Objective(s) Students will be able to: Demonstrate a knowledge of PCI-DSS, PA-DSS Explain how PCI-DSS impacts Merchant s and VASC s Demonstrate the steps for a compliant installation Understanding the Software Download Agreement Documentation Needed Ruby VASC Instructor Guide: Module VASC Service Manual: Card Security, PCI Handouts Equipment Needed Pencils, pens, highlighters, and post-its for students 1 Ruby SuperSystem for each student (this includes power brick, Y-Cable, AC Power and a Printer) installed with the software application you are choosing to teach. Class Preparation Tables and chairs should be set up either classroom or U-shaped style. You will need 3 of table space for each student. Determine the application you will be using. This application will need to be installed on each student s Ruby terminal. Rubies should be powered up with all cables, connectors, connected. The physical keys on the Rubies should be arranged based on the keyboard set up diagram found in the Instructor Preparation materials. Published: 02/12/10 Page: 4

Instructor Notes Instruct and show students how to navigate to the Card Security section in the VASC Service Manual. Points to Stress: To counter the growing identity theft and credit card problem, the major credit card providers have joined together to introduce a compliance standard called PCI-DSS or the Payment Card Industry Data Security Standard. PCI-DSS applies to any company that accepts card based payments. PCI DSS was developed to protect cardholder data. The PCI-DSS requirements cover security management, policies, procedures, network architecture and other critical protective measures. The PCI-DSS standard mandates that all merchants, service providers, and software developers follow 12 critical points to ensure cardholder information, such as account numbers, PINs, etc. is protected. Being ignorant of knowing how to be PCI compliant is not a defense. Some merchants believe once you setup compliancy, it s DONE!... not the case. Merchants are responsible for being PCI compliant. Also, maintaining security should be a common goal. Pass-out the following handout to students: VASC Handout 12 Points for PCI-DSS PA-DSS PA-DSS stands for Payment Application Data Security Standards. PA-DSS Applies to Payment Applications such as Ruby, Sapphire, and Topaz. The goal of PA- DSS is to protect account numbers and support a merchant's ability to comply with PCI DSS. Points to Stress: Where PCI-DSS is directed at merchant implementation, PA-DSS is directed at software vendors and provides standards for building, testing, distributing and supporting software that is meant for card payment processing. PA-DSS is also meant to provide software vendors a guideline so they may facilitate a merchants ability to be PCI-DSS compliant. For each software application, VeriFone has a PA-DSS Implementation Guide that provides a breakdown by topic of what is necessary to install a site to ensure PCI-DSS compliancy. The PA-DSS Implementation Guide is available at all times on VeriFone s Premier Portal and a new copy should be downloaded each time you visit a location for installation and a copy should be left at the site for the merchant as part of the training. Published: 02/12/10 Page: 5

The PA-DSS Implementation Guide is a living document that may be updated at any time, because of this you should not retain old copies. You should ALWAYS download a fresh copy from the Premier Portal before providing it to a site or referencing it. How Does PA-DSS Affect VASCs? As a VASC when performing software installations you must ensure the following: 1. Become familiar with the PA-DSS Implementation Guide and adhere to the procedures within this document when installing and upgrading card payment processing equipment. 2. The merchant's POS system is installed with the most current software application. 3. When configuring the site's card network, ensure the communication devices (routers, hubs, datawire, etc.) are protected and configured properly. If the site will be using TCP/IP configurations please work with the site's IT personnel to ensure the appropriate firewalls, port forwarding, and IP addressing is configured properly. 4. Work with the Site Manager to ensure the default UserIDs and Passwords for the POS system and computer systems have been changed prior to leaving the site. 5. For sites with a Sapphire Mini-Server ensure the Site Manager is familiar with the LogIn switch. This switch should ALWAYS be in the UP POSITION. This will prevent users from receiving and transmitting data into the Sapphire. Should the site need help with a card transaction situation, it may be necessary for the VeriFone HelpDesk Agent to obtain card transaction information. The VeriFone HelpDesk Agent will instruct the site personnel to put the LogIn switch in the DOWN POSITION. After gathering the necessary information the VeriFone HelpDesk Agent will instruct the site personnel to put the Log-In switch to the UP POSITION. 6. Ensure the Merchant is given the following documents: 1. Do s and Don ts Handout 2. What Should I do About PCI Compliance? 3. PA-DSS Implementation Document (most current copy from Premier Portal) Published: 02/12/10 Page: 6

PA-DSS 14 Requirements for Vendors Review the following 14 requirements for Vendors with the students. 1 Do not retain full magnetic stripe data or CVV2/PIN data 2 Protect stored data (including account numbers) 3 Provide secure password features 4 Log application activity 5 Develop secure applications 6 Protect wireless transmissions 7 Test applications to address vulnerabilities 8 Facilitate secure network implementations 9 Never store cardholder data on a server connected to the Internet 10 Facilitate secure remote software update 11 Facilitate secure remote access to application 12 Encrypt sensitive traffic over public networks 13 Encrypt all non-console admin access Maintain instructional documents for customers, resellers, and 14 integrators Download Disclaimer on VeriFone s Premier Portal When downloading any application on VeriFone s Premier Portal you will have to agree to the following disclaimer: Download Acknowledgment of BUYPAK 5.04.16 Ruby Production Software It is required that you print or download a copy of the PA-DSS Implementation Guide. Also, you MUST review the guide with the merchant and leave a copy with the merchant. Make sure students are aware of this disclaimer when downloading software from VeriFone s Premier Portal. PCI-DSS Training Module Play for the students the PCI-DSS Training Module video. Published: 02/12/10 Page: 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information