Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Why Comply with PCI Security Standards?
Northern KY University Merchant Training
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
MasterCard Site Data Protection Program Program Alignment.
PCI DSS Managed Service Solution October 18, 2011.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.
PCI requirements in business language What can happen with the cardholder data?
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI: As complicated as it sounds? Gerry Lawrence CTO
Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Payment Card PCI DSS Compliance SAQ-A Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Introduction to Payment Card Industry Data Security Standard
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Introduction to PCI DSS
Credit Card Compliance
MARTA’s Road to PCI Compliance
Payment Card Industry Data Security Standards
Payment Card Industry (PCI) Rules and Standards
Performing Risk Analysis and Testing: Outsource or In-house
PCI-DSS Security Awareness
Payment card industry data security standards
Internet Payment.
Breaches by Merchant Type
Session 11 Other Assurance Services
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI)
Contact Center Security Strategies
Utility Payment Conference
Presented by: Jeff Soukup
Presentation transcript:

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007 PCI DSS Compliance -- March 2007

What is PCI DSS? Mandatory compliance program resulting from a collaboration between the credit card associations to create common industry security requirements for cardholder data. PCI DSS Compliance -- March 2007

More about PCI compliance…. Common set of industry tools and measurements to ensure safe handling of sensitive information. Actionable framework for developing a robust account data security process—including preventing, detecting, and reacting to security incidents. Technical requirements for secure storage, processing, and transmission of cardholder data. Common auditing and scanning procedures. PCI DSS Compliance -- March 2007

Who has to worry about it? If you transact credit card business, you have to worry about it. Merchants and third party providers who process, transmit, or store cardholder data are required to adhere to certain data security standards. Applies to credit card business transacted over all payment channels (POS, mail, IVR, and e-commerce). PCI DSS Compliance -- March 2007

Who are the stakeholders? Credit card industry – Founders of the PCI Security Standards Council are Visa, Mastercard, Amex, Discover, and JCB brands. Acquiring banks/member banks – must require PCI compliance from merchants and service providers doing credit card business. Merchants and service providers – must be PCI compliant, regardless of channel. Our customers. PCI DSS Compliance -- March 2007

PCI DSS: Covers 6 Areas/12 Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data and sensitive information across open public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications PCI DSS Compliance -- March 2007

PCI DSS: Covers 6 Areas/12 Requirements (continued) Implement Strong Access Control Measures 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security PCI DSS Compliance -- March 2007

Major Activity Areas Identify merchant level (dependent on volume). Subject matter expertise. Consulting and recommendations. Compliance – relates to infrastructure security and business procedures (may be supported by Qualified Security Assessor (QSA)). Annual self-assessment questionnaire Annual on-site security audit (depending on merchant level) Validation – process performed by an Approved Scanning Vendor (ASV) on all external-facing IP addresses. Possibly, audit (depending on merchant level). PCI DSS Compliance -- March 2007

Our Approach See what departments and other states are doing. Communicate – share information to promote awareness of the issue, identify participating departments, and gain support. Learn about PCI DSS Compliance. Check in with banks and service providers on their PCI Compliance status and requirements. Initiate a procurement to identify Qualified Security Assessors (QSVs) and Approved Scanning Vendors (ASVs) to assist departments in achieving compliance and validation. Identify costs and funding. PCI DSS Compliance -- March 2007

Consequences of Non-Compliance Forensic investigation Steep monetary fines (up to $500K) levied by the card associations plus damages Lawsuits Damage to reputation Bad publicity Revocation of credit card business privileges PCI DSS Compliance -- March 2007

For more information: See https://www.pcisecuritystandards.org/index.htm and http://www.pcicomplianceguide.org for general information. Check out the self-assessment questionnaire at: https://www.pcisecuritystandards.org/pdfs/pci_saq_v1-0.pdf to assess level of effort and resources to remediate problems and achieve compliance. See http://usa.visa.com and Visa Cardholder Information Program (CISP) links. See http://www.mastercard.com/us/sdp/assets/pdf/SDP_Presentation.pdf for Mastercard Site Data Protection (SDP) information Stay tuned for updates on RFR progress. PCI DSS Compliance -- March 2007

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.