La règlementation VisaCard, MasterCard PCI-DSS



Similar documents
How To Protect Your Business From A Hacker Attack

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standards.

How To Protect Your Credit Card Information From Being Stolen

Two Approaches to PCI-DSS Compliance

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Josiah Wilkinson Internal Security Assessor. Nationwide

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

How To Protect Visa Account Information

How To Comply With The Pci Ds.S.A.S

Payment Card Industry Data Security Standard Explained

PCI Compliance: Protection Against Data Breaches

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

PCI Standards: A Banking Perspective

PCI Security Compliance

PCI DATA SECURITY STANDARD OVERVIEW

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

PCI Compliance. Top 10 Questions & Answers

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

PCI Compliance Top 10 Questions and Answers

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Adyen PCI DSS 3.0 Compliance Guide

Payment Card Industry Data Security Standards Compliance

PCI Data Security Standards

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Merchant guide to PCI DSS

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

Frequently Asked Questions

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

Achieving Compliance with the PCI Data Security Standard

PCI DSS. CollectorSolutions, Incorporated

Payment Card Industry Data Security Standard

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

PAI Secure Program Guide

PCI DSS COMPLIANCE DATA

Achieving PCI Compliance for Your Site in Acquia Cloud

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

How To Program A Credit Card Terminal To Be A Pca Compliant (Cpo) Or Not (Pca) Compliant (Dns) (Cisp) (Dhs) (Pci) (Susu) (Usu/

PCI COMPLIANCE GUIDE For Merchants and Service Members

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

An article on PCI Compliance for the Not-For-Profit Sector

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

The Petroleum Marketer s PCI compliance Reference Guide

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

Credit Card Processing Overview

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI Compliance: How to ensure customer cardholder data is handled with care

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? Fiona Pattinson, SHARE: Seattle 2010

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

E Pay. A Case Study in PCI Compliance. Illinois State Treasurer. Dan Rutherford

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

SecurityMetrics Introduction to PCI Compliance

CardControl. Credit Card Processing 101. Overview. Contents

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

The PCI DSS Compliance Guide For Small Business

University of Sunderland Business Assurance PCI Security Policy

Payment Card Industry Compliance

Project Title slide Project: PCI. Are You At Risk?

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

PCI Compliance Overview

Payment Card Industry Data Security Standard (PCI DSS) v1.2

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

PCI Compliance for Large Computer Systems

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

Dartmouth College Merchant Credit Card Policy for Processors

Why Is Compliance with PCI DSS Important?

Transcription:

La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune

Overview of PCI DSS Payment Card Industry Data Security Standard Prior to September 2004 no standardization across card companies on credit card security requirements difficult for merchants to become familiar with and adhere to competing standards from VISA, MasterCard, and others As fraud losses increased, card industry realized the need for consistent and well defined security standards

Overview of PCI DSS Payment Card Industry Data Security Standard PCI DSS announced in September 2004 collaboration between VISA and MasterCard endorsed by other card companies as well offers a single approach to safeguarding sensitive data for all card brands

Overview of PCI DSS Payment Card Industry Data Security Standard Applies to all merchants that store, process, or transmit cardholder data all payment (acceptance) channels, including brick-andmortar, mail, telephone, e-commerce (Internet) Includes 12 requirements, based on administrative controls (policies, procedures, etc.) physical security (locks, physical barriers, etc.) technical security (passwords, encryption, etc.)

Card Security Programs The following programs incorporate PCI DSS: VISA Cardholder Information Security Program (CISP) MasterCard Site Data Protection (SDP) Program American Express Data Security Requirements Discover Discover Information Security and Compliance (DISC) Program

PCI DSS requirements Payment Card Industry Data Security Standard Each requirement has many sub-requirements! 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect stored data

PCI DSS requirements 4. Encrypt transmission of cardholder data and sensitive information across public networks 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications 7. Restrict access to data by business needto-know

PCI DSS requirements 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security

Merchant levels Merchant levels are based on yearly transaction volume of merchant Specific criteria for placement in merchant levels varies across card companies All merchants, regardless of level, must adhere to PCI DSS requirements Level into which merchant is placed determines PCI DSS compliance validation (and ultimately cost) Let s take a quick look at Visa s levels

Merchant levels - Visa Level 1: merchants, regardless of acceptance channel, processing over 6,000,000 Visa transactions any merchant that has suffered a data compromise any merchant so selected by Visa any merchant identified by other card brand as level 1

Merchant levels - Visa Level 2: merchants, regardless of acceptance channel, processing 1,000,000 to 6,000,000 Visa transactions Level 3: any merchant processing 20,000 to 1,000,000 Visa e-commerce (Internet) transactions

Merchant levels - Visa Level 4: any merchant processing fewer than 20,000 Visa e-commerce (Internet) transactions all other merchants, regardless of acceptance channel, processing up to 1,000,000 Visa transactions

PCI DSS compliance validation Level 1 merchants annual on-site assessment by approved assessor (generates a report on compliance) quarterly network security scan by approved scan vendor Level 2 and 3 merchants self-assessment questionnaire quarterly network security scan by approved scan vendor

PCI DSS compliance validation Level 4 merchants self-assessment questionnaire if required by acquirer quarterly network security scan by approved scan vendor if required by acquirer will most likely hold merchants to higher standard than dictated by PCI DSS especially for level 4 merchants

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information