Attestation of Compliance for Onsite Assessments Service Providers



Similar documents
Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Section 1: Assessment Information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Attestation of Compliance, SAQ A

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

How To Complete A Pci Ds Self Assessment Questionnaire

Credit Card Processing Overview

CardControl. Credit Card Processing 101. Overview. Contents

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Application Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

Becoming PCI Compliant

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Frequently Asked Questions

PCI DSS Compliance Information Pack for Merchants

Policy Title: Payment Cards Policy Effective Date: 5/5/2010. Policy Number: FA-PO-1214 Date of Last Revision: 11/5/2014

Adyen PCI DSS 3.0 Compliance Guide

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Registry of Service Providers

How To Protect Your Business From A Hacker Attack

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

Fraud Protection, You and Your Bank

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

Your Compliance Classification Level and What it Means

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

Josiah Wilkinson Internal Security Assessor. Nationwide

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS

Project Title slide Project: PCI. Are You At Risk?

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

Merchant guide to PCI DSS

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

How To Comply With The Pci Ds.S.A.S

Why Is Compliance with PCI DSS Important?

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Payment Card Industry Compliance

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

How To Protect Visa Account Information

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

POLICY SECTION 509: Electronic Financial Transaction Procedures

Payment Card Industry Data Security Standards

Qualified Integrators and Resellers (QIR) Implementation Statement

Payment Card Industry (PCI) Data Security Standard

PCI DSS Gap Analysis Briefing

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

La règlementation VisaCard, MasterCard PCI-DSS

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

PCI DSS. CollectorSolutions, Incorporated

Transcription:

Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010

Instructions for Submission The Qualified Security Assessor (QSA) and Service Provider must complete this document as a declaration of the Service Provider s compliance status with the Payment Card Industry Data Security Standard (PCI DSS). Complete all applicable sections and submit to the requesting payment brand. Part 1. Service Provider and Qualified Security Assessor Information Service Provider Organization Information Company Name: RYCOM INC. DBA(s): N/A Contact Name: Pat Mancuso Title: Chief Financial Officer Telephone: 1 (905) 264-4800 E-mail: pat.mancuso@rycom.ca Business Address: Unit #8, 6201 Highway #7 City: Vaughan State/Province: Ontario Country: Canada Zip: L4H 0K7 URL: www.rycom.ca Qualified Security Assessor Company Information Company Name: NCI (Net Cyclops Inc.) Lead QSA Contact Name: Maher Gaha Title: Senior Security Consultant Telephone: 514-212-6304 E-mail: mgaha@nci.ca Business Address: 1250 Rene-Levesque O City: Montreal Suite 2200 State/Province: Quebec Country: Canada Zip: H3B 4W8 URL: www.nci.ca Part 2 PCI DSS Assessment Information Part 2a. Services Provided that WERE INCLUDED in the Scope of the PCI DSS Assessment (check all that apply) Payment Processing-POS Tax/Government Fraud and Chargeback Payments Services Payment Processing-Internet Payment Processing Payment Processing ATM MOTO Issuer Processing Payment Gateway/Switch Clearing and Settlement Account Management 3-D Secure Hosting Provider Loyalty Programs Back Office Services Prepaid Services Merchant Services Hosting Provider Web Managed Services Billing Management Network Provider/Transmitter Hosting Provider Hardware Records Management Data Preparation Others (please specify): List facilities and locations included in PCI DSS review: Rycom Dorval office at 1405 Trans Canada Highway, Suite 420, Dorval, QC, H9P 2V9 Rycom Vaughan office at Unit #8, 6201 Highway #7, Vaughan, ON, L4H 0K7 Canix Colo Inc. at 1250 boul. Rene-Levesque West, Montreal, QC Telus at 72 Laird Drive, Toronto, ON

Part 2b. Relationships Does your company have a relationship with one or more third-party service providers (for example, gateways, web-hosting companies, airline booking agents, loyalty program agents, etc.)? Part 2c. Transaction Processing How and in what capacity does your business store, process and/or transmit cardholder data? Rycom is a telecom service provider who owns and manages the Transaction exchange Network (TXN) which is a payments transaction transport network for payment transactions including debit and credit card payments. Rycom s network infrastructure facilitates the transmission of payments from the merchant s point of sale (POS) devices to the merchant s acquirers for payment processing. Rycom does not store or process Please provide the following information regarding the Payment Applications your organization uses: Payment Application in Use Version Number Last Validated according to PABP/PA-DSS N/A N/A N/A Part 3. PCI DSS Validation Based on the results noted in the Report on Compliance ( ROC ) dated vember 2 nd, 2011, Maher GAHA asserts the following compliance status for the entity identified in Part 2 of this document as of vember 2 nd, 2011 (check one): Compliant: All requirements in the ROC are marked in place 1, and a passing scan has been completed by the PCI SSC Approved Scanning Vendor Net Cyclops Inc. thereby Rycom Inc. has demonstrated full compliance with the PCI DSS v1.2.1 n-compliant: Some requirements in the ROC are marked not in place, resulting in an overall NON-COMPLIANT rating, or a passing scan has not been completed by a PCI SSC Approved Scanning Vendor, thereby (Service Provider Name) has not demonstrated full compliance with the PCI DSS. Target Date for Compliance: An entity submitting this form with a status of n-compliant may be required to complete the Action Plan in Part 4 of this document. Check with the payment brand(s) before completing Part 4, since not all payment brands require this section. Part 3a. Confirmation of Compliant Status QSA and Service Provider confirm: The ROC was completed according to the PCI DSS Requirements and Security Assessment Procedures, Version 1.2, and was completed according to the instructions therein. All information within the above-referenced ROC and in this attestation fairly represents the results of the assessment in all material respects. The Service Provider has read the PCI DSS and recognizes that they must maintain full PCI DSS compliance at all times. evidence of magnetic stripe (that is, track) data 2, CAV2, CVC2, CID, or CVV2 data 3, or PIN data 4 storage after transaction authorization was found on ANY systems reviewed during this assessment. 1 In place results should include compensating controls reviewed by the QSA. If compensating controls are determined to sufficiently mitigate the risk associated with the requirement, the QSA should mark the requirement as in place. 2 Data encoded in the magnetic stripe or equivalent data on a chip used for authorization during a card-present transaction. Entities may not retain full magnetic stripe data after transaction authorization. The only elements of track data that may be retained are account number, expiration date, and name. 3 The three- or four-digit value printed on the signature panel or face of a payment card used to verify card-not-present transactions. 4 Personal Identification Number entered by cardholder during a card-present transaction, and/or encrypted PIN block present within the transaction message.

Part 3b. QSA and Service Provider Acknowledgments Signature of Service Provider Executive Officer Date: vember 2 nd, 2011 Service Provider Executive Officer Name: Pat Mancuso Title: Chief Financial Officer Signature of Lead QSA Date: vember 2 nd, 2011 Lead QSA Name: Maher Gaha Title: Senior Security Consultant

Part 4. Action Plan for n-compliant Status Please select the appropriate Compliance Status for each requirement. If you answer to any of the requirements, you are required to provide the date Company will be compliant with the requirement and a brief description of the actions being taken to meet the requirement. Check with the payment brand(s) before completing Part 4 since not all payment brands require this section. PCI Requirement Description Compliance Status (Select One) Remediation Date and Actions (if Compliance Status is ) 1 Install and maintain a firewall configuration to protect 2 Do not use vendor-supplied defaults for system passwords and other security parameters. 3 Protect stored 4 5 6 7 8 9 10 11 12 Encrypt transmission of cardholder data across open, public networks. Use and regularly update antivirus software. Develop and maintain secure systems and applications. Restrict access to cardholder data by business need to know. Assign a unique ID to each person with computer access. Restrict physical access to Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes. Maintain a policy that addresses information security.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information