SecurityMetrics Introduction to PCI Compliance

Similar documents
SecurityMetrics. PCI Starter Kit

Project Title slide Project: PCI. Are You At Risk?

PCI Compliance. Top 10 Questions & Answers

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

PAI Secure Program Guide

PCI Compliance Top 10 Questions and Answers

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI Compliance: How to ensure customer cardholder data is handled with care

Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

How To Protect Your Business From A Hacker Attack

Data Security Basics for Small Merchants

Josiah Wilkinson Internal Security Assessor. Nationwide

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI Security Compliance

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Merchant guide to PCI DSS

See page 16. Thomas A. Vallas

How To Protect Your Credit Card Information From Being Stolen

PCI Compliance Overview

Ecommerce Guide to PCI DSS 3.0

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

Payment Card Industry Data Security Standard

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

PCI Data Security Standards

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

An article on PCI Compliance for the Not-For-Profit Sector

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Payment Card Industry Data Security Standards.

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

Your Compliance Classification Level and What it Means

PCI DSS Presentation University of Cincinnati

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

PCI DSS. CollectorSolutions, Incorporated

PCI DSS. Payment Card Industry Data Security Standard.

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

PCI DSS Gap Analysis Briefing

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Payment Card Industry Data Security Standards

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

Payment Card Industry Data Security Standards Compliance

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Property of CampusGuard. Compliance With The PCI DSS

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Adyen PCI DSS 3.0 Compliance Guide

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

PCI DSS Compliance Information Pack for Merchants

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Payment Card Industry Data Security Standard

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

Becoming PCI Compliant

North Carolina Office of the State Controller Technology Meeting

Why Is Compliance with PCI DSS Important?

A PCI Journey with Wichita State University

Kim Decarolis Compliance and Security Specialist (248) Mark Wayne Vice President Compliance and Security Specialist

Payment Card Industry - Achieving PCI Compliance Steps Steps

Payment Card Industry Compliance Overview

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

Two Approaches to PCI-DSS Compliance

FAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees

SecurityMetrics Vision whitepaper

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Data Security for the Hospitality

How To Protect Visa Account Information

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

Credit Card Processing, Point of Sale, ecommerce

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

PCI DSS and SSC what are these?

PCI Compliance: Protection Against Data Breaches

Transcription:

SecurityMetrics Introduction to PCI Compliance

Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples of card data theft include: Theft of card data from merchant receipt copies or merchant transaction information (i.e. printed batch summaries) Internet hacking of card data from computer-based point of sale systems with Internet connections (common with restaurants and hotels) Internet hacking of card data from e-commerce websites Small merchants experience compromise Many businesses assume data compromise only happens to large companies. While you may have heard about several large-scale merchant compromises in the media, hundreds of small-merchant compromises happen every year that are not made public. The majority of data compromises happen to merchants who process fewer than 1 million transactions annually. Internet-connected businesses of all sizes face the same threat. Cybercriminals use similar techniques to hack small and large businesses. To prevent compromise, small Internet-connected merchants must apply the same data security principles used in large-scale corporations. A recent survey found the following consumer trends that result in the event of a data compromise: 55% of breach victims lost serious trust in the company responsible for their data being stolen 30% of victims state that they would never purchase products from the company again 29% would never maintain any relationship with the organization in the future Data compromise consequences Data compromise consequences depend on the status of your PCI DSS compliance at the time of the compromise. The costs for a compromise also vary depending on the size and scope of the incident. Forensic investigation costs vary by the investigator, the size and complexity of the systems being reviewed, the extent of the compromise, and other fees as required by the investigator. Card data compromise costs typically range from $12,000 to over $100,000 per investigation. If you suspect you ve been compromised, inform your merchant processor immediately. 2

About PCI DSS Compliance In an effort to reduce card data compromise and electronic data loss, the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, Visa Inc., and JCB International) created the Payment Card Industry Data Security Standard (PCI DSS). What is the PCI DSS? The PCI DSS is a list of card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with the PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS. Is PCI compliance mandatory? Yes. PCI DSS compliance is mandated by the card brands. What are the penalties for noncompliance? Failure to comply with the PCI DSS may result in the revocation of the merchant s card processing ability. In the event of a data breach, merchants found to be in violation of the PCI DSS are subject to fines, penalties, and associated costs resulting from the breach. These fees frequently total over $100,000. Why should I validate my compliance with the PCI DSS? The best reason to validate your compliance with the PCI DSS is to prevent a credit card breach. PCI compliance not only teaches you how to protect your business from hackers and data thieves, but can also limit your liability in the event of an unavoidable compromise. How do I validate my compliance? Validation requirements are based on how you handle and process payment cards and the number of transactions you process annually. Some of your requirements may include: Self-Assessment Questionnaire (SAQ) Internal vulnerability scanning External vulnerability scanning Penetration testing Security policy implementation 3

Commonly Neglected Points of Security SecurityMetrics is a Payment Card Industry Forensic Investigator (PFI) and has conducted hundreds of investigations on breached merchants. The following list contains commonly neglected points of security that result in card data compromise. Passwords Change default passwords. Ensure all authorized users have unique credentials Anti-Virus Software Regularly update antivirus software on all devices Payment Processing Software Ensure payment software is PA-DSS compliant and properly configured Separate payment processing software from all other systems Payment Card Data Encrypt, truncate, and/or tokenize payment card data PCI Compliance Achieve and maintain PCI DSS compliance Wireless Security Secure remote access and wireless network access Event Logging Store and review computer event logs for malicious activity Firewall Properly configure firewalls Social Be cautious, don t provide information to just anyone 4

Getting Started To get started with your PCI compliance call SecurityMetrics at 801.705.5665 or click here: www.securitymetrics.com/create-account About SecurityMetrics SecurityMetrics is a global leader in merchant data security and compliance for all business sizes and merchant levels, and has helped over 1 million organizations manage PCI DSS compliance and/or secure their network infrastructure, data communication, and other information assets. As an Approved Scanning Vendor (ASV), Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), Point-to-Point Encryption Qualified Security Assessor (P2PE QSA), Penetration Test Analyst, and Payment Card Industry Forensic Investigator (PFI), SecurityMetrics has the tools available to help businesses achieve lasting security and validate accurate PCI compliance. SecurityMetrics Social Media To get more educated about all aspects of business security, subscribe to our You- Tube channel, follow us on twitter, like us on Facebook, and follow us on Linked In. www.blog.securitymetrics.com www.youtube.com/securitymetricsinc www.facebook.com/securitymetrics www.twitter.com/securitymetrics www.linkedin.com/company/securitymetrics 5 2015 SecurityMetrics

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information