Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Similar documents
FAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

Merchant guide to PCI DSS

PCI Compliance. Top 10 Questions & Answers

PCI Compliance Top 10 Questions and Answers

Payment Card Industry Data Security Standards.

PCI Security Compliance

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

How To Protect Your Business From A Hacker Attack

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

PCI DSS. Payment Card Industry Data Security Standard.

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Payment Card Industry Data Security Standards Compliance

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

PAI Secure Program Guide

Project Title slide Project: PCI. Are You At Risk?

PCI Compliance: How to ensure customer cardholder data is handled with care

SecurityMetrics Introduction to PCI Compliance

PCI Data Security Standards

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

PCI DSS. CollectorSolutions, Incorporated

PCI DSS Compliance Information Pack for Merchants

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

An article on PCI Compliance for the Not-For-Profit Sector

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

Josiah Wilkinson Internal Security Assessor. Nationwide

PCI Standards: A Banking Perspective

La règlementation VisaCard, MasterCard PCI-DSS

Frequently Asked Questions

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI Compliance: Protection Against Data Breaches

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

A Compliance Overview for the Payment Card Industry (PCI)

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

University of Sunderland Business Assurance PCI Security Policy

Payment Card Industry Data Security Standard

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Two Approaches to PCI-DSS Compliance

Becoming PCI Compliant

How To Protect Your Credit Card Information From Being Stolen

Why Is Compliance with PCI DSS Important?

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

Your Compliance Classification Level and What it Means

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

How To Protect Visa Account Information

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

Property of CampusGuard. Compliance With The PCI DSS

Adyen PCI DSS 3.0 Compliance Guide

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

How To Comply With The Pci Ds.S.A.S

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Understanding Payment Card Industry (PCI) Data Security

Accepting Payment Cards and ecommerce Payments

And Take a Step on the IG Career Path

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

SecurityMetrics. PCI Starter Kit

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

Payment Card Industry - Achieving PCI Compliance Steps Steps

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Introduction to PCI DSS

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

The PCI DSS Compliance Guide For Small Business

E Pay. A Case Study in PCI Compliance. Illinois State Treasurer. Dan Rutherford

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

Payment Card Industry Data Security Standard

PCI DSS Presentation University of Cincinnati

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Need to be PCI DSS compliant and reduce the risk of fraud?

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

Westpac Merchant. A guide to meeting the new Payment Card Industry Security Standards

npc npc NPC PCI Program Protecting Your Business from Card Data Breaches

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

Transcription:

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart. Be compliant. Be protected. Become compliant

Be smart. Be compliant. Be protected. As a business taking card payments, you re probably aware of PCI DSS, but do you really know what it is, what it means for your business and how it can benefit your business? So let s start with the basics. Get started

Be smart. Be compliant. Be protected. What is PCI DSS? What s your PCI DSS compliance level? Why is it important to become compliant? What are the benefits of becoming PCI DSS compliant? Being PCI DSS compliant not only gives you peace of mind, but also helps protect your business and customers. The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards designed to keep credit and debit card payment data safe and secure. It was created by the five major international card schemes - American Express, JCB, MasterCard, Visa and Discover - to combat the problem of card data theft. PCI DSS compliance is the minimum level of card data security for any business that accepts credit and debit cards, regardless of size and any organisation which stores, processes and/or sends card data. The 12 requirements of PCI DSS are designed to keep an organisation safe from most types of attack.

Be smart. Be compliant. Be protected. What is PCI DSS? What s your PCI DSS compliance level? Why is it important to become compliant? What are the benefits of becoming PCI DSS compliant? Most small and medium size enterprises tend to require PCI DSS level 4 compliance. The different standards are governed by the number of card transactions a business takes on an annual basis. What is Level 4 compliance? Less than 20,000 online transactions per year, per card scheme and any business processing up to 1 million in-store or telephone transactions per scheme.

Be smart. Be compliant. Be protected. What is PCI DSS? What s your PCI DSS compliance level? Why is it important to become compliant? What are the benefits of becoming PCI DSS compliant? PCI DSS compliance is mandatory for all businesses accepting card payments. It helps keep your customers card information safe and your business secure. That s why it s a good idea to become compliant so you can trade reassured that if something does go wrong your business is protected.

Be smart. Be compliant. Be protected. What is PCI DSS? What s your PCI DSS compliance level? Why is it important to become compliant? What are the benefits of becoming PCI DSS compliant? Peace of mind You re protecting your business and customers card information Prevent additional fees Save money by avoiding the monthly non-compliance fee Avoid fines Your business is safeguarded against Card Scheme fines of up to 35,000/ 43,000

The 12 requirements of PCI DSS The 12 requirements can be grouped into the 6 categories below: Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy

The 12 requirements of PCI DSS The 12 requirements can be grouped into the 6 categories below: 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy If you choose to process, store or transmit cardholder data via the internet you ll need to demonstrate that your firewalls and routers are securely configured and independently tested. A firewall is a fundamental part of network security. A correctly configured firewall will comply with this requirement and you ll need to verify this through the Security Assessment Questionnaire. An important part of securing your network, is to make sure all accounts and settings are changed from default and configured to a secure standard.

The 12 requirements of PCI DSS 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. The 12 requirements can be grouped into the 6 categories below: Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy It s important to protect any cardholder data in a physical or online format. All stored data must be encrypted and sensitive data is never disclosed or stored after authorisation (e.g. PIN numbers and the full card details on the magnetic strip). You ll also need to make sure your business is not using public networks to transfer data. If you are storing, transmitting or processing cardholder data across open public networks (including the internet), you need to ensure you are using the strongest form of encryption to protect it.

The 12 requirements of PCI DSS 5. Use and regularly update your antivirus software. 6. Develop and maintain secure systems and applications. The 12 requirements can be grouped into the 6 categories below: Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy Keep your customer s data and your business computer system safe by installing antivirus software. You ll need to regularly update this to ensure you re protected from all online threats. Scans will need to run regularly and software kept up to date and you ll need to remain vigilant against programs or applications that could cause a threat or vulnerability in the future through testing and maintence.

The 12 requirements of PCI DSS The 12 requirements can be grouped into the 6 categories below: 7. Restrict access to cardholder data by business need-to-know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy Make sure you re controlling who can access your customers card details. You should only allow access to employees who need to know this information. You can do this by assigning unique IDs with different access permissions to each employee on your computer system. Make sure to keep any physical records locked away with the keys provided to those who need it. Physical media needs to be monitored and destroyed when no longer needed.

The 12 requirements of PCI DSS The 12 requirements can be grouped into the 6 categories below: 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Regularly check your network for vulnerabilities by running internal and external vulnerability scans. You ll also need to track and monitor who is accessing your network and cardholder information so you can identify and act on any unusual activity. Maintain an information security policy

The 12 requirements of PCI DSS 12. Maintain a policy that addresses information security. The 12 requirements can be grouped into the 6 categories below: Build and Maintain a Secure Network Protect card holder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks To make sure your business keeps all cardholder details safe, you need to create and maintain an information security policy. You are required to set a security policy that lets all employees know what is expected of them and that they must follow. Maintain an information security policy

Becoming compliant with SaferPayments How can SaferPayments help? What are the benefits of SaferPayments? How to get started?

Becoming compliant with SaferPayments How can SaferPayments help? What are the benefits of SaferPayments? How to get started? We know that when you re running a business, you don t always have a lot of time on your hands. But along with completing your annual tax return, your building and contents insurance, your PCI DSS compliance is also a necessity. So it should be as quick and simple for you as possible. Worldpay s SaferPayments programme is designed to do just that. It makes confirming compliance with the Payment Card Industry Data Security Standard (PCI DSS) quicker and easier and can take as little as 30 minutes to confirm or renew your compliance with the PCI DSS.

Becoming compliant with SaferPayments Saving you valuable time Becoming certified takes as little as 30 minutes How can SaferPayments help? What are the benefits of SaferPayments? How to get started? Online SaferPayments portal Use our online SaferPayments portal on your computer or smartphone Dedicated telephone support Telephone, email and chat support 7 days a week Vulnerability scanning Quarterly PCI DSS vulnerability scanning (if required)

Becoming compliant with SaferPayments How can SaferPayments help? What are the benefits of SaferPayments? How to get started? Every time you accept card payments, you need to make sure that you are protecting your business and your customer s card data. We re all consumers, so we d be concerned if every time we made a purchase by card, there was a risk your card information could be exposed to potential data theft. Becoming PCI DSS compliant with Worldpay s SaferPayments programme minimises that risk and in the unlikely event that something were to happen, your business would be protected and data compromise assessments would be reduced. Find out more

Get started. Becoming compliant with SaferPayments Become compliant Log on to SaferPayments Follow the simple steps to confirm your compliance or if already compliant with another QSA upload your certificate Protect your business

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV)

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) The Payment Card Industry Data Security Standard is a set of 12 mandatory requirements for any business accepting card payments. All businesses must become PCI DSS compliant each year to help reduce data compromises and process payments securely. Attestation Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV)

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV) If you qualify for certain Self-Assessment Questionnaires (SAQs) or you electronically store cardholder data after authorising payments, you will need to complete a Vulnerability Scan. This is an automated tool which scans your systems for vulnerabilities, particularly on your networks and web applications on the external-facing internet protocol (IP) addresses. You ll need to do this every 90 days or once per quarter and it must be conducted by a PCI SSC Approved Scanning Vendor (ASV) such as the one provided by SaferPayments. Once you ve completed the Self-assessment questionnaire, you will be notified if you need to complete a Vulnerability Scan.

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation A Qualified Security Assessor (QSA) is a person or entity who has been certified by the PCI Security Standards Council to audit merchants for PCI DSS compliance. Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV)

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) As part of the renewal process you ll need to confirm your compliance, this is also known as attesting. Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV)

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) Information Security Policy As part of the PCI DSS process you ll need to complete a self-assessment questionnaire. Vulnerability Management Program Approved Scanning Vendors (ASV)

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program To make sure your business keeps all cardholder details safe, download our Information Security Policy from the SaferPayments portal. Approved Scanning Vendors (ASV)

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV) Keep your customers data safe by maintaining a Vulnerability Management Program. This includes using and regularly updating antivirus software and ensuring there are secure systems and applications in place.

Understanding the jargon PCI DSS Vulnerability Scan Qualified Security Assessor (QSA) Attestation Self-assessment questionnaires (SAQs) Information Security Policy Vulnerability Management Program Approved Scanning Vendors (ASV) Approved Scanning Vendors are organisations that can provide a business PCI DSS scan.

www.worldpay.com/uk/saferpayments worldpay.com Once you are certified as compliant with the SaferPayments programme, if we are fined by the Card Schemes because you experience a data breach, we will waive our right to pass the first 35,000/ 43,000 of fines on to you. To qualify for this waiver, you must meet the conditions below. - Have answered the online questionnaire honestly and in good faith when self-certifying compliance - Within 7 working days of discovery of the data compromise advise us in writing of any failure of security within your business or your card acceptance systems - Retain records, logs and electronic evidence relating to a data compromise and make this available promptly upon request by Worldpay or the Card Schemes - Co-operate with Worldpay and the involved payment networks in all investigations relating to any data compromise, including allowing forensic investigators, appointed by Worldpay, to carry out investigations and comply with all remedial actions identified by the forensic investigators at your own cost. ^ compared to remaining non-compliant on the SaferPayments fee structure Worldpay 2016. All rights reserved. This document and its content are proprietary to Worldpay and may not be reproduced, published or resold. The information is provided on an AS IS basis for information purposes only and Worldpay makes no warranties of any kind including in relation to the content or sustainability. Terms and Conditions apply to all our services. Worldpay (UK) Limited (Company No. 07316500 / FCA No. 530923), Worldpay Limited (Company No. 03424752 / FCA No. 504504), Worldpay AP Limited (Company No. 5593466 / FCA No. 502597). Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AF and authorised by the Financial Conduct Authority under the Payment Service Regulations 2009 for the provision of payment services. Worldpay (UK) Limited is authorised and regulated by the Financial Conduct Authority for consumer credit activities. Worldpay, the logo and any associated brand names are all trade marks of the Worldpay group of companies. SP GUIDE FEB2016

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information