Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March, 2007 www.burtongroup.com.

Slides:



Advertisements
Similar presentations
Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
1 Presented By: David Kidd, Director of Compliance, Peak 10 & Brian Herman, VP of Managed Security Sales, Still Secure.
Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Payment Card Industry (PCI) Data Security Standards (DSS) Fundamentals
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
The ABC’s of PCI DSS Eric Beschinski Relationship Manager Utility Payment Conference Kay Limbaugh Specialist, Electronic Bills & Payments &
PCI DSS Managed Service Solution October 18, 2011.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
PCI requirements in business language What can happen with the cardholder data?
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Introduction to Payment Card Industry Data Security Standard
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
Walter Conway, QSA 403 Labs, LLC Sneak Preview: What to Expect from PCI DSS v. 2.0  Changes  Clarifications  Guidance.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Jon Bonham, CISA, QSA Director, ERC
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
PCI 3.1 Boot Camp Payment Card Industry Data Security Standards 3.1.
PCI COMPLIANCE & A/R AUTOMATION 101 Nodus Technologies, Inc.
MARTA’s Road to PCI Compliance
Payment Card Industry Data Security Standards
Payment Card Industry (PCI) Rules and Standards
Wake Forest University
Summary of Changes PCI DSS V. 3.1 to V. 3.2
Payment Card Industry (PCI) Rules and Standards
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Where Do You Have Cardholder Data?
2013 PCI:DSS Meeting OSU Business Affairs
Internet Payment.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Data Compliance.
PCI Compliance : Whys and wherefores
PCI DSS Erin Carrick.
Rld pci compliance project
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI)
MARTA’s Road to PCI Compliance
Utility Payment Conference
Presented by: Jeff Soukup
Payment Card Industry Data Security Standards (PCI-DSS) Training
Presentation transcript:

Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March, 2007 www.burtongroup.com

The PCI Half-Dozen It’s 5pm – do you know where your credit card numbers are? “BJ'S Wholesale Club Settles FTC Charges” ~Thousands of credit and debit card numbers http://www.ftc.gov/opa/2005/06/bjswholesale.htm “Customer Data Breach Began in 2005, TJX Says” ~card numbers impacted?– still investigating http://www.washingtonpost.com/wp-yn/content/article/2007/02/21/AR2007022102039_pf.html “CardSystems' Data Left Unsecured” ~40 million card numbers impacted http://www.wired.com/news/technology/0,1282,67980,00.html

The PCI Half-Dozen Data element Storage permitted Protection required PCI DSS Requirement 3.4 Cardholder data PAN Yes Cardholder name No Service code Expiration data Sensitive authentication data Full magnetic stripe N/A—Storage not allowed CVC2/CVV2/CID PIN/PIN block Covered Data Elements (Data Source: PCI DSS Version 1.1, September 2006) www.burtongroup.com

The PCI Half-Dozen Get the Facts Go to the source – the PCI Data Security Standard and the PCI DSS Security Audit Procedures Self assess – uncover and remediate gaps in advance 2. Segment the Scope  PCI DSS applies to the cardholder data environment Reduce scope through zoning and segmentation 3. Don’t Store What You Don’t Need No Track II/Sensitive Auth Data! But do you need the Cardholder data at all? www.burtongroup.com

The PCI Half-Dozen 4. Be Prepared and Be a Partner Work with Qualified Security Assessors (QSA) or in-house assessors Agree on the scope up-front Prepare supporting documentation – including for compensating controls Build remediation plans – and follow them 5. Get Involved Changes were made between v1.0 and v1.1 in part, due to feedback Merchants and Payment Service Providers can become “Participating Organizations” of the SSC 6. Build a Compliance Program Compliance is about more than PCI Take a long-view approach to compliance as a whole

Thank you! For more information: Burton Group Security and Risk Management Strategies Overview – “What and Why PCI? Inside the Payment Card Industry Data Security Standards,” http://www.burtongroup.com/content/doc.aspx?cid=1001 The PCI Security Standards Council, http://www.pcisecuritystandards.org Payment Card Industry (PCI) Data Security Standard, Version 1.1, https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm PCI DSS Security Audit Procedures, https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf www.burtongroup.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.