EDUCAUSE Security Professionals Conference 2009

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
Navigating the New SAQs (Helping the 99% validate PCI compliance)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Credit / Debit Card Electronic Payments Industry Update on Convenience Fees, Utility Program and More! Presented by: Presented by: Michael Hodge, Regional.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento
Beta Program for The Raiser’s Edge 7.86 PA DSS version Anne McDonell & Bucky Wall Corporate Readiness.
Credit Card Changes that Impact You! Changes to Accounts Receivable, Cash Receipts and Student Billing 7.77 Wanda Mahon & Bucky Wall Corporate Readiness.
Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Why Comply with PCI Security Standards?
Northern KY University Merchant Training
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI DSS Managed Service Solution October 18, 2011.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
Top 10 Things Your Merchants Should Know about PCI Presenters: Chris Bucolo – Senior Business Development Manager, ControlScan Stephanie Sperry – Senior.
PCI requirements in business language What can happen with the cardholder data?
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Payment Card PCI DSS Compliance SAQ-A Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Smart Payment Processing ™ Recur} Happen again. Persist. Return. Come back. Reappear. Come again.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
TransArmorSM A Secure Transaction ManagementSM Solution
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
PCI 3.1 Boot Camp Payment Card Industry Data Security Standards 3.1.
Introduction to PCI DSS
Credit Card Compliance
MARTA’s Road to PCI Compliance
Wake Forest University
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Case Study - Target.
Team 1 – Incident Response
Internet Payment.
Breaches by Merchant Type
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI)
MARTA’s Road to PCI Compliance
National Cyber Security
Utility Payment Conference
Presentation transcript:

EDUCAUSE Security Professionals Conference 2009 PCI DSS Compliance Assessments (a proactive approach @ Penn State) Jenn Stewart, Project Technical Coordinator Michael Leach, Project Manager  EDUCAUSE Security Professionals Conference 2009

Objectives for Today Background on Penn State environment Current threats/vulnerabilities PCI DSS trends PCI lifecycle change Need for assessments Conducting assessments Dealing with compromises Resources

We Are! Penn State!

Collaboration Efforts Compliance team-IPAS Senior leadership Corporate Controller Designated contacts Budget executives Merchants Incident response team

Threats and Vulnerabilities Older terminals Residual data of older software programs Physical intrusion Network intrusion Grey market sales

PCI Trends Introduced in 2005 Merchant Level-Do I have to comply? New version 1.5 years PA DSS PCI PED Security Requirements Self Assessment Questionnaire (SAQ)

PCI Lifecycle Change

PSU Processing Environments Dial-up swipe terminals Network based terminals Third party providers Internal applications Wireless devices -802.11

Need for Assessments Remember the diverse, statewide network? Known areas of deficiency Suspected areas of weakness Distributed Responsibility Converging Initiatives Methods of Intrusion

Question Does having a new firewall, still in the box, mean I am compliant with PCI DSS requirement 1? After all, it was purchased with good intent.

Conducting Assessments What we are not Informational, not a punitive review Hit the high points we’ve found glossed over Response requested within two weeks Escalate to Corporate Controller if needed Merchant ID may be suspended

Compromise Occurs Audience--Show of hands – who has an incident response team to deal with PCI incidents? Overview of PSU Process Required Reporting Process

Compromise in a Nutshell Visa, other brands are similar 3-day report 10 day report Card brands fine the acquiring bank Acquiring bank passes fines to merchant Levying fines One time Monthly

Resources PCI Security Standards Council www.pcisecuritystandards.org Visa usa.visa.com/merchants/risk_management/ cisp.html Privacy Rights Clearing House http://privacyrights.org DATALOSSdb http://datalossdb.org/

DISCUSSION Information Privacy and Security www.ipas.psu.edu | ipas@psu.edu 814-867-1340 Mike Leach, Project Manager Jenn Stewart, Technical Coordinator

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.