Certification Program Pre-Engagement Questionnaire



Similar documents
Your Compliance Classification Level and What it Means

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

THIRD PARTY AGENT REGISTRATION PROGRAM

Frequently Asked Questions

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Guide to Visa Inc. Agents

Payment Card Industry (PCI) Data Security Standard

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October cliftonlarsonallen.com CliftonLarsonAllen LLP

PCI Compliance Overview

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

How To Protect Your Data From Being Stolen

Payment Card Industry (PCI) Data Security Standard

How To Protect Your Credit Card Information From Being Stolen

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Payment Card Industry (PCI) Data Security Standard

The Comprehensive, Yet Concise Guide to Credit Card Processing

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Section 1: Assessment Information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Registry of Service Providers

Third Party Agent (TPA) Registration Program - TPA Types and Functional Descriptions

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

CREDIT CARD PROCESSING GLOSSARY OF TERMS

Payment Card Industry (PCI) Data Security Standard

PCI Data Security Standards

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

Guide to Visa Inc. Agents

Continuous compliance through good governance

Online Payment Processing Definitions From Credit Research Foundation (

Payment Card Industry (PCI) Data Security Standard

Project Title slide Project: PCI. Are You At Risk?

Becoming PCI Compliant

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

Westpac Merchant. A guide to meeting the new Payment Card Industry Security Standards

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

Registration and PCI DSS compliance validation

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Josiah Wilkinson Internal Security Assessor. Nationwide

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Payment Card Industry (PCI) Data Security Standard

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Card Industry Data Security Standard Explained

How To Protect Your Business From A Hacker Attack

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

CREDIT CARD PROCESSING POLICY AND PROCEDURES

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

THE ABC S of CREDIT CARD TERMINOLGY

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Policies and Procedures

Information Technology

Merchant guide to PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

Miami University. Payment Card Data Security Policy

UCSB Credit Card Processing and PCI Compliance

Payment Card Industry (PCI) Data Security Standard

DalPay Internet Billing. Technical Integration Overview

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Why Is Compliance with PCI DSS Important?

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

PCI Security Scan Procedures. Version 1.0 December 2004

PCI DSS and SSC what are these?

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

PCI DSS. CollectorSolutions, Incorporated

How To Protect Visa Account Information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Third Party Agent Registration and PCI DSS Compliance Validation Guide

Three Critical Success Factors for PCI Assessment. Seth Peter NetSPI April 21, 2010

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Transcription:

Certification Program Pre-Engagement Questionnaire

Page 1 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire 1 Introduction A first step towards Visa Payment Security Services (VPSS) Certification is to complete this Pre-Engagement Questionnaire and return it to us. Information you provide will help us gain an understanding of the nature and extent of your organization s involvement in payment security. The questionnaire would also give us a sufficient data to evaluate the scope and complexity of the review. Following receipt of your questionnaire, we will send you a proposal which would set forth key elements of the review including the scope of audit, project plan and quotation. Glossary of Terms and Abbreviations Terms PIN Processing Authorization E-Commerce Merchant Internet Payment Service Providers (IPSP) Mobile Commerce (M-Commerce) MOTO Retail Merchants Risk Management Service Settlement Sponsored Merchants Definition Process transactions for terminals (ATMs or POS) that accept PINs. A process where an Issuer, an Authorizing Processor, or Stand-In Processing approves a Transaction. A merchant who sell goods or services electronically over the Internet and other networks. An online entity that contracts with an Acquirer/Processor to provide payment related services to Sponsored Merchants. The IPSP interfaces with an Acquirer/Processor on behalf of its Sponsored Merchants and must ensure that its Sponsored Merchants are contractually obligated to operate in accordance with Visa requirements. An acceptance channel where cardholder data is passed from cardholder to merchant using wireless devices such as mobile phones, Personal Digital Assistants (PDA), etc. Mail/Phone Order Transactions. A Merchant that is not one of the following: Mail/Phone Order Merchant, E-Commerce or Recurring Services Merchant Provides a service that evaluates and reports potentially fraudulent activity to or on behalf of members, merchants or other service providers. A process where funds are transferred between an issuer and an acquirer. A merchant that contracts with a Payment Service Provider to obtain payment services. Visa Payment Security Services Risk Management, Asia Pacific Visa International 30 Raffles Place #10-00 Caltex House Singapore 048622 www.visa-asia.com/vpss Email: vpss@visa.com Facsimile: (65) 6437 5801

Page 2 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire 2 Company Information If this is a re-certification, please provide previous Certificate Number: _ Company Company Name: JEFFERY TAY TECHNOLOGY SERVICES PTE LTD Address of Corporate Office: Country or Countries of Operation: 1 JEFFERY PLACE #40-00 JEFF PLAZA 1 S(123456) SINGAPORE Number of Staff: 20 Number of years in operation: 2 Contact Information of Senior Manager responsible for Account Information Security and Data Security Name: JERRY TAY Title: Telephone Number: (Include Country Code and Area Code) Facsimile Number: (Include Country Code and Area Code) Email Address: CHIEF INFORMATION SECURITY OFFICER +65 61234567 +65 69876543 jerry.tay@jtts.com.sg Data Centre(s)* Address of Data Centre to be Reviewed: Address of Backup Data Centre: 1 JEFFERY PLACE #40-00 JEFF PLAZA 1 S(123456) 234 ABC AVE #05-00 JEFF BACKUP CENTRE S(765432) *If you have more than one data centre, please attach each data centre s details in the above format on a separate sheet.

Page 3 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire 3 Processing Services Transactions Transactions with PIN Processing Authorisation transactions processed or transmitted Settlement transactions processed or transmitted Other transactions that include account and/or cardholder information (e.g. risk management services) If YES, please state the service(s): If YES, state number of transactions per month 500,000 Merchants whom you have a direct contractual relationship(s) with If YES, state number of merchants* Retail E-commerce MOTO M-Commerce Sponsored merchants (via IPSPs) Other merchants 17 If YES, please state merchant types: List of Members that you provide services to ABC Bank of Singapore Please refer to Glossary of Terms and Abbreviations. * Include merchants that operate in multiple acceptance channels (e.g. in both retail and e-commerce or M-Commerce). For example, Lovely Bookstore has one physical location in Auckland, New Zealand, they also has an e-commerce site on the Internet. Assuming that ABC Processor has contractual relationship only with merchant Lovely Bookstore for all their businesses, then by definition, Number of Face-to-Face Merchant = 1, and Number of E-Commerce Merchant = 1

Page 4 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire 4 Processing Environment SERVERS Hardware or software which accepts, processes, and stores cardholder data. As software, a server is a program which provides some service to other programs. As hardware, a server provides some services for other computers connected to it via a network. Application Server (Hardware) Operating System Software installed SUN E1000 SOLARIS 9 SPARC IBM WEBSPHERE APP SERVER Database Server (Hardware) Operating System Software installed SUN E1000 SOLARIS 9 SPARC IBM DB2 UDB Web Server (Hardware) Operating System Software installed SUN V200 SOLARIS 9 SPARC Apache HTTP Server Other(s) Operating System Software installed

Page 5 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire FIREWALL - List of firewall(s) vendor / product NOKIA CHECKPOINT FIREWALL-1 REMOTE ACCESS Is remote access to host system available? If yes, please provide authentication and access technique ADMINISTRATORS HAVE REMOTE ACCESS TO SERVERS OUTSIDE THE DATA CENTER. WE USE PUTTY TO ACCESS OUR SOLARIS BOX. WIRELESS TECHNOLOGY Does your organization employ wireless technology? If YES, please provide information on the wireless technology employed Wireless technology is only deployed at the office network for the Managers with laptop. There is no wireless deployment in the data centre. PROCESSING CHANNELS Dial-up connection Leased line TCP/IP

Page 6 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire 5 Information Security TESTING Please indicate what type of security testing is currently performed. Vulnerability Scan? If YES, the scan is done by Internal Security Staff External Vendor Internal Scan External Scan If YES, what is the frequency of scan? Weekly Monthly Quarterly Yearly Others Penetration Test? If YES, the scan is done by Internal Security Staff External Vendor If YES, what is the frequency of scan? Weekly Monthly Quarterly Yearly Others

Page 7 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire CRYPTOGRAPHIC SYSTEM Please supply information on Cryptographic Systems Cryptographic System THALES HSM7000 Purpose Manages keys for encrypting cardholder account number. SECURITY CERTIFICATE Has your organization received certification against any international or national security standards (e.g. BS7799 / ISO17799)? If YES, please provide details (i.e. standards; certificate number; expiry date; any exclusions etc) POLICIES / MANUALS Does your organization currently have any policies, standards or manuals relating to information security? If YES, please provide details (e.g. Information Security Policy, Email Policy, Business Continuity, Internet Security Policy) INTERNET POLICY BUSINESS CONTINUITY POLICY

Page 8 of 8 2005 Visa Asia Pacific, VPSS Certification Program Pre-Engagement Questionnaire SYSTEM SCHEMATIC Please attach a high-level network diagram of your processing network. WEB SERVER INTERNET Firewall JTTS NETWORK APP SERVER CREDIT CARD TERMINAL PSTN DATABASE SERVER This questionnaire is authorized by: Name: Title: Telephone Number: (Include Country Code and Area Code) Facsimile Number: (Include Country Code and Area Code) Email Address: JEFFERY TAY CHIEF EXECUTIVE OFFICER +65 88884848 +65 66551122 jeffery@jtts.com Signature: JeffTAY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information