Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

PowerPoint

advertisement 
An Introduction to PCI Compliance
•Data Breach Trends
•About PCI-SSC
•12 Requirements of PCI-DSS
•Establishing Your Validation Level
•PCI Basics
•Benefits of PCI Compliance
•Benefits of Accepting Credit Cards
Source: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
“From the chart, it is evident…unauthorized access via
default, shared, or stolen credentials constituted more than a
third of the entire hacking category and over half of all
compromised records. “
Example: “Tito’s Taco Shack”
Source: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
PCI-SSC
Payment Card Industry - Security Standards Council
Does
Data Security Standard (DSS)
Payment Application Data Security
Standard (PA-DSS)
Does Not
Enforce standards
Set fine and fee structures
Set validation levels
Pin Transaction Security (PTS)
Requirements.
•
Build and Maintain a Secure Network
–
–
•
Protect Cardholder Data
–
–
•
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
–
–
•
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
–
–
–
•
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
–
–
•
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
–
Requirement 12: Maintain a policy that addresses information security
= State PCI Law
= Breach Notification Laws
•
Any merchant that processes, transmits, or stores credit card data regardless of
processing volume must comply to PCI-DSS regulations.
•
Every merchant must validate compliance every year.*
•
MIDs under different TAXIDs will need to certify separately.
* Check with your Acquiring bank for specific validation requirements and deadlines
Step 1
• Identify Validation Type
• Complete the applicable Self Assessment Questionnaire (SAQ)
Step 2
Step 3
Step 4
• Complete and obtain evidence of passing vulnerability scan with an
Approved Scanning Vendor (ASV on a quarterly basis, if necessary.
• Complete and obtain evidence of passing vulnerability scan with an
Approved Scanning Vendor (ASV on a quarterly basis, if necessary.
Level
Merchant Criteria
Validation Requirements
1
Merchants processing over 6 million Visa
transactions annually (all channels) or Global
merchants identified as Level 1 by any Visa region
•Annual Report on Compliance
(ROC) by Qualified Security
Assessor (QSA)
•Quarterly network scan by
Approved Scan Vendor (ASV)
•Attestation of Compliance Form
2
Merchants processing 1 million to 6 million Visa
transactions annually (all channels)
•Annual Self-Assessment
Questionnaire (SAQ)
•Quarterly network scan by ASV
•Attestation of Compliance Form
3
Merchants processing 20,000 to 1 million Visa ecommerce transactions annually
•Annual SAQ
•Quarterly network scan by ASV
•Attestation of Compliance Form
4
Merchants processing less than 20,000 Visa ecommerce transactions annually and all other
merchants processing up to 1 million Visa
transactions annually.
•Annual SAQ recommended
•Quarterly network scan by ASV if
applicable
•Compliance validation
requirements set by acquirer
Source: www.visa.com/cisp
Source: www.pcisecuritystandards.org
Credit Card
Processing
Methods
Fill out
appropriate
SAQ
Remediation
Monitoring
Reporting
•
Peace of mind for your business and clients
•
Decreased risk of security breaches
•
Boost in customer confidence
•
Protection from costly fines
•
Relatively quick and easy
•
Safeguard your business reputation
•Stay viable in the marketplace – “The number of payments made by debit,
credit, or EBT card grew by 12.8 billion from 2003 to 2006, reaching 48.1 billion
and exceeding the number of checks paid by 17.6 billion.“*
•Offer payment flexibility to clients
•Improve cash flow
•Reduce the hassle of collections
*http://www.federalreserve.gov/pubs/bulletin/2008/articles/payments/default.htm
www.visa.com/cisp
www.pcisecuritystandards.org
www.mastercard.com/us/sdp/education
www.pcicentral.com/docs/pciscc_ten_common_myths.pdf
http://www.federalreserve.gov/pubs/bulletin/2008/articles/payments/default.htm
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
Amy Airhart
1-866-376-0947
info@pcicentral.com
www.pcicentral.com
Related documents
PCI Presentation
PCI Presentation
View - Tenable Discussions Forum
View - Tenable Discussions Forum
Merchante Solutions - Security
Merchante Solutions - Security
Chapter 12: Labor Forces
Chapter 12: Labor Forces
SAQ C - Merchant Guide - ADK Merchant Services
SAQ C - Merchant Guide - ADK Merchant Services
Immigration Proposals and Foreign Investment
Immigration Proposals and Foreign Investment
Security Update - Information Security Office
Security Update - Information Security Office
Leading Causes of a Data Breach
Leading Causes of a Data Breach
SAQ-A only - Enterprise Financial System
SAQ-A only - Enterprise Financial System
SAQ-A - Enterprise Financial System
SAQ-A - Enterprise Financial System
The PCI DSS - Protect IU
The PCI DSS - Protect IU
fp-36 credit card processing and security policy
fp-36 credit card processing and security policy
Download
advertisement