Payment Card Industry Data Security Standards.

Similar documents
How To Protect Your Business From A Hacker Attack

How To Protect Your Credit Card Information From Being Stolen

How To Protect Visa Account Information

La règlementation VisaCard, MasterCard PCI-DSS

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Merchant guide to PCI DSS

PCI Compliance: Protection Against Data Breaches

PCI COMPLIANCE GUIDE For Merchants and Service Members

How To Comply With The Pci Ds.S.A.S

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

PCI Compliance Top 10 Questions and Answers

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

PCI Compliance. Top 10 Questions & Answers

PCI Security Compliance

PCI Compliance: How to ensure customer cardholder data is handled with care

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standards Compliance

FAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees

Project Title slide Project: PCI. Are You At Risk?

An article on PCI Compliance for the Not-For-Profit Sector

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

PCI DSS Compliance Information Pack for Merchants

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

SecurityMetrics Introduction to PCI Compliance

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

PCI DSS. CollectorSolutions, Incorporated

Two Approaches to PCI-DSS Compliance

Frequently Asked Questions

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

PCI Standards: A Banking Perspective

And Take a Step on the IG Career Path

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

PCI Data Security Standards

University of Sunderland Business Assurance PCI Security Policy

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

PCI DSS. Payment Card Industry Data Security Standard.

PCI DSS Presentation University of Cincinnati

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

Why Is Compliance with PCI DSS Important?

Payment Card Industry - Achieving PCI Compliance Steps Steps

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

PCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION. Suresh Dadlani, ControlCase

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Payment Card Industry Data Security Standard

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

PAI Secure Program Guide

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

PCI Compliance for Cloud Applications

Western Australian Auditor General s Report. Information Systems Audit Report

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

PCI Compliance for Healthcare

Payment Card Industry Data Security Standard PCI DSS

PCI Data Security Standards (DSS)

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI DATA SECURITY STANDARD OVERVIEW

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

PCI: The Dark Side. May 2012 Roanoke, VA

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

PCI Security Standards Council

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

Dartmouth College Merchant Credit Card Policy for Processors

PCI Requirements Coverage Summary Table

Accepting Payment Cards and ecommerce Payments

Need to be PCI DSS compliant and reduce the risk of fraud?

Table of Contents. 2 TouchSuite Welcome Kit

Josiah Wilkinson Internal Security Assessor. Nationwide

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

Transcription:

Payment Card Industry Data Security Standards. Your guide to protecting cardholder data

Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing Australian consumers and businesses millions of dollars each year. Criminals use more and more sophisticated methods in an attempt to obtain cardholder information, making it critical for merchants to safeguard their customers payment card data. In response, MasterCard and Visa have together developed the Payment Card Industry Data Security Standard (PCI DSS), an industry-wide standard of data security aiming to manage the risk of both external and internal data compromises. PCI DSS is supported by all major international payment card systems through the PCI Security Standards Council. All organisations that store, process and transmit cardholder data, such as merchants, must comply with PCI DSS. Failure to do so will give rise to a breach of your Merchant Agreement and potentially lead to your merchant facilities being suspended or terminated.

Understanding your PCI DSS requirements. Suncorp Bank has engaged Vectra Corporation, a PCI DSS specialist, to assist you in this process. You can contact the Vectra PCI Helpdesk on 1800 558 522. PCI DSS comprises 12 basic requirements that aim to ensure merchants utilise secure systems, such as restricting access to cardholder data, using a firewall and antivirus software, and encrypting cardholder data transmission. By adhering to the PCI DSS requirements, your business can protect cardholder data more effectively. These requirements are: Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open public networks. 5. Use and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications. 7. Restrict access to cardholder data by business need-to-know. 8. Assign unique ID to each person with computer access. 9. Restrict physical access to cardholder data. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. 12. Maintain a policy that addresses information security for employees and contractors.

Protect your customers and your business. Protecting your customers cardholder data and personal information from criminal fraud is an important responsibility of your business. Payment card fraud is becoming more sophisticated, and any business that processes, stores or transmits cardholder account data is a potential target. As a merchant, you will need to understand what measures your business needs to take to ensure the security of your customers sensitive personal financial information. The steps you need to take to become PCI DSS compliant are dependent on: The size and nature of your business The configuration of your card acceptance system and processes How you process your transactions The service providers you work with and their respective roles You will need to complete this compliance every 12 months. Suncorp Bank will send you a reminder notice when your compliance is due for renewal.

How to ensure your business is PCI DSS compliant. To ensure that you have met your PCI DSS obligations, you will need to complete one or more of the following validation tasks, depending on the nature of your business. These validation tasks include: The Self-Assessment Questionnaire (SAQ) Vulnerability scan You will be guided by the SAQ as to which validation tasks your business is required to complete.

Your guide to validation tasks. The Self-Assessment Questionnaire The SAQ is a free online tool you can use to determine your compliance with the PCI DSS. It s a series of yes or no questions that will give you a good assessment of your risk level. You can complete online the appropriate SAQ from the Vectra Portal at http://suncorp.vectrapci.com.au Once you have successfully completed your SAQ, and if your business and systems are compliant, you will be provided with the option to print out your Confirmation of Compliance which is valid for 12 months. If your SAQ reveals areas which can be improved, you will need to put together a remediation plan to address these issues. Vectra Corporation can provide advice on how to meet your business s specific PCI DSS requirements.

Vulnerability Scan A vulnerability scan ensures that your internet facing systems are protected as much as possible from external threats such as unauthorised access, hacking or malicious viruses. It s a scanning tool that tests all your network equipment, hosts and applications for known vulnerabilities. Scans are intended to be non-intrusive and are conducted by our security services partner Vectra Corporation. You will need to conduct regular quarterly scans, to ensure that your systems and applications are still securely configured to provide satisfactory levels of protection. Contact Vectra Corporation for more information. How PCI DSS compliance can benefit your business. Compliance means your credit card systems are secure, so your customers will know they can purchase from you with confidence. With a reputation for protecting and valuing your customers personal data, your brand will be enhanced and potentially benefit from repeat sales. You ll also be lowering your business s exposure to potential financial losses and remediation costs.

To find out more about the PCI Security Standards Council, visit www.pcisecuritystandards.org For more information, contact the Vectra PCI Helpdesk on 1800 558 522. And if you have any questions or concerns, call Suncorp Bank on 13 11 75. Banking products are issued by Suncorp-Metway Ltd ABN 66 010 831 722. 21227 01/09/12 A SUN1639

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information