How To Protect Visa Account Information



Similar documents
How To Protect Your Business From A Hacker Attack

How To Protect Your Credit Card Information From Being Stolen

Payment Card Industry Data Security Standards.

PCI Compliance: How to ensure customer cardholder data is handled with care

La règlementation VisaCard, MasterCard PCI-DSS

An article on PCI Compliance for the Not-For-Profit Sector

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI Compliance. Top 10 Questions & Answers

Josiah Wilkinson Internal Security Assessor. Nationwide

Achieving Compliance with the PCI Data Security Standard

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI Compliance Top 10 Questions and Answers

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI Data Security Standards

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Project Title slide Project: PCI. Are You At Risk?

PAI Secure Program Guide

Adyen PCI DSS 3.0 Compliance Guide

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

Two Approaches to PCI-DSS Compliance

Westpac Merchant. A guide to meeting the new Payment Card Industry Security Standards

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Payment Card Industry Data Security Standard

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standards Compliance

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

PCI: The Dark Side. May 2012 Roanoke, VA

Payment Card Industry Data Security Standards

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Merchant guide to PCI DSS

Frequently Asked Questions

PCI Compliance Overview

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

PCI Security Compliance

Accepting Payment Cards and ecommerce Payments

PCI DSS COMPLIANCE DATA

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

SecurityMetrics Introduction to PCI Compliance

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

PCI DSS Compliance Information Pack for Merchants

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Property of CampusGuard. Compliance With The PCI DSS

A multi-layered approach to payment card security.

Payment Card Industry Data Security Standard Explained

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

PCI Compliance: Protection Against Data Breaches

Payment Card Industry Data Security Standard

Preventing. Payment Card Fraud. Is your business protected?

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

Registration and PCI DSS compliance validation

PCI Standards: A Banking Perspective

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

PCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION. Suresh Dadlani, ControlCase

Payment Card Industry - Achieving PCI Compliance Steps Steps

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Conquering PCI DSS Compliance

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Dartmouth College Merchant Credit Card Policy for Processors

PCI DSS Presentation University of Cincinnati

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

And Take a Step on the IG Career Path

PCI Data Security Standards (DSS)

PCI DSS. Payment Card Industry Data Security Standard.

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Your Compliance Classification Level and What it Means

PCI Security Standards Council

Office of Finance and Treasury

Transcription:

Account Information Security Merchant Guide

At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer and more secure. We also recognize that protecting cardholder information is critical to the business success of merchants around the world. That s why we make securing the payment system an ongoing priority. Our goal is to limit crime by making it more difficult to commit.

Visa s commitment to cardholder protection Growth in card usage has meant larger quantities of account information is processed and possibly stored by merchants and service providers. To protect the integrity of account information, all such entities must remain vigilant in safeguarding this sensitive data. Visa is committed to supporting financial institutions, merchants and their agents by ensuring that we all work together to help keep the payments system safe and reliable. Visa has an ongoing commitment to protecting the integrity of Visa account and transaction information. The Account Information Security Program, launched in 2000, is designed to help protect Visa account and transaction information, safeguarding both the integrity of operations and the goodwill of cardholders. Merchants and service providers who implement the controls outlined in this program can benefit in numerous ways. If applied properly and consistently, these controls can help merchants: GAIN a competitive edge INCREASE revenue and improve their bottom line MAINTAIN a positive image PROMOTE consumer confidence Benefits to merchants Visa helps build consumer trust and increase revenue by providing merchants with tools to help prevent fraud. These tools can help merchants: Protect the integrity of the merchant s brand and build consumer trust by demonstrating high levels of compliance with industry standards; Reduce the number of cardholder disputes, thereby increasing the number of sales that positively impact the bottom line; Improve data security awareness and knowledge and help merchants strengthen security measures to minimize the possibility of data security attacks; Minimize data exposure and loss in the event of a security breach; and Access information about industry best practices and Visa services such as security bulletins. 1

Securing data makes good business sense Tighter security benefits everyone. Protecting data is a good business investment. It may be difficult to quantify the return on investment for security-related costs as they have no direct effect on the bottom line. However, the potential cost of not securing data is far greater. Any merchant that has suffered a data security breach knows from hard experience the consequences of such an attack: Financial losses Reputation damage Exposure to legal risks Loss of business opportunities as a result of lack of trust Down time resulting from a data security breach Potential payment scheme fines, penalties, fees or termination of facility Cost of a forensic review Visa listened to the needs of the merchant community in developing a practical yet comprehensive program that helps protect sensitive Visa account information the AIS Program. What is AIS? The Account Information Security Program is a compliance validation program that requires anyone who stores, transmits or processes Visa account data financial institutions, merchants, Acquirers and Processors to assess whether cardholder data is secure within their organization. The program s standards-based, proven methodology then enables organizations to improve their level of security to meet or exceed industry standards. Whether data resides on a stand-alone server or on a merchant website, the AIS Program works to protect data at all points in the payments system. 2

3

For merchants, the AIS Program helps evaluate and improve organizational, physical and logical controls over data security. It is a requirement for all merchants participating in the Visa acceptance environment. AIS standards address things such as cryptographic operations, logical access controls, physical data protection and network security. Under the AIS Program, all merchants who store, transmit or processes Visa account information are required to do so in a safe and secure manner, as per the Payment Card Industry (PCI) Data Security Standard. Participation in this program will give merchants timely access to information and best practices relevant to data security. How do AIS and PCI work together? To be compliant with the AIS Program, merchants and service providers must adhere to the PCI Data Security Standard (DSS). This standard is a result of industry collaboration and is designed to create common industry security requirements. The AIS Program requires merchants and other service providers that come into contact with sensitive cardholder data are PCI DSS compliant. Select merchants must validate compliance in accordance with the AIS Program's implementation framework. The PCI Data Security Standard consists of 12 basic requirements. For more detailed information about these requirements or to download a PDF version of the standard, please visit www.visa.ca/ais. Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. Protect Cardholder Data 3. Protect stored data. 4. Encrypt transmission of cardholder data and sensitive information across public networks. 4

Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software. 6. Develop and maintain secure systems and applications. Implement Strong Access Control Measures 7. Restrict access to sensitive cardholder data on a business need-to-know basis. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. Maintain an Information Security Policy 12. Maintain a policy that addresses information security. 5

Does the AIS Program apply to me? All merchants who are involved in the Visa payment process are required to be compliant with the PCI Data Security Standard. The standard is the foundation for the Account Information Security Program. Requirements for validation of AIS Program compliance are based on the volume of transactions processed by a merchant and, therefore, the potential risk and exposure introduced into the Visa system. Acquirers are responsible for determining the compliance validation requirement levels of their merchants. All merchants will fall into one of the four merchant levels based on the annual Visa transaction volume of that merchant. For more information about merchant levels, please visit www.visa.ca/ais. We are here, along with your Acquirer, to help guide you through the most efficient and cost-effective way to comply with the AIS Program. A Visa-approved Qualified Security Assessor (QSA) can help guide you through the process, cut down on the guess work and reduce the time required for compliance. These approved QSAs can administer the validation process directly with the merchants on behalf of the Acquirer, and assure confidentiality. Contact your Acquirer or visit www.visa.ca/ais for more information on approved QSAs. 6

7

How do I enrol? The AIS compliance program may include some or all of the following elements, depending on the merchant's volume of transactions: 1. Online enrolment 2. Online completion of a self-assessment questionnaire 3. Remote vulnerability testing of the merchant s systems by a QSA 4. On-site review 5. Online Final Report of compliance by a QSA 6. Remediation Action Plan If a brick-and-mortar, e-commerce or mail order / telephone order (MOTO) merchant is required to validate compliance, they are required to enrol with a Qualified Security Assessor, undertake an annual self-assessment questionnaire and complete a quarterly network scan, which must be validated by a QSA. In order to fulfill Visa s AIS requirements, some merchants will also have to undertake an on-site PCI Data Security Assessment to ensure adherence to the industry-wide PCI standard that is a part of Visa s AIS compliance. For more detailed information about compliance requirements and validation procedures, please visit www.visa.ca/ais. Customer trust takes a long time to build. Don t lose it overnight. Safe Harbour : Compliance protection Merchants deemed to be AIS compliant will be granted safe harbour from any penalties, fees and fines by Visa Canada in the event of a hack or compromise. This applies to any merchants who have validated their AIS compliance according to the implementation framework and are deemed by a Visa-approved Qualified Incident Response Assessor s post-compromise forensic investigation to have been AIS compliant at the time of the data security breach. 8

Layers of protection working together: Security is everyone s responsibility Visa and its Visa-issuing financial institutions financial institutions recognize that, as business dependencies on technology continue to grow at an increasing pace, exposure to the wave of potential security threats mounts day by day. Visa is committed to working with the merchant community to ensure the security of the entire Visa payment system. Through significant investments in technology and the cooperative efforts between Visa and partners such as the merchant community, the incidence of Visa system fraud has stayed low even as the volume of Visa card transactions has grown dramatically. Visa s technology and experience work to keep all participants in the Visa payment system one step ahead of criminals and ensures seamless security in other words, every transaction is protected from end to end, so that no matter where you are in the transaction process, there are security measures in place to protect Visa cards and accounts. About VISA Visa operates the world's largest retail electronic payments network and is one of the most recognized global financial services brands. Visa facilitates global commerce through the transfer of value and information among financial institutions, merchants, consumers, businesses and government entities. We offer a range of branded payment product platforms, which our financial institution clients use to develop and offer credit, charge, deferred debit, prepaid and cash access programs to cardholders. Visa's card platforms provide consumers, businesses, merchants and government entities with a secure, convenient and reliable way to pay and be paid in 170 countries and territories. 9

/ Registered Trademarks / Trademarks of Visa International; Visa Canada is a licensed user.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information