Payment Card Industry (PCI) Compliance

Slides:



Advertisements
Similar presentations
Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Why Comply with PCI Security Standards?
Northern KY University Merchant Training
Payment Card Industry (PCI) Data Security Standard
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
MasterCard Site Data Protection Program Program Alignment.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
PCI requirements in business language What can happen with the cardholder data?
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Introduction to Payment Card Industry Data Security Standard
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
2014 Asia-Pacific Financial Forum Seattle, Washington July 7, 2014 Electronic Payments: Expanding Financial Access for Consumers and Businesses of Every.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
Jon Bonham, CISA, QSA Director, ERC
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Introduction to PCI DSS
Payment Card Industry (PCI) Rules and Standards
Summary of Changes PCI DSS V. 3.1 to V. 3.2
Payment Card Industry (PCI) Rules and Standards
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
2013 PCI:DSS Meeting OSU Business Affairs
Internet Payment.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Rld pci compliance project
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
payment card industry compliance project
Presented by: Jeff Soukup
Online Payment Options for Government
Payment Card Industry Data Security Standards (PCI-DSS) Training
Presentation transcript:

Payment Card Industry (PCI) Compliance 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Jay Baucom, Chief Information Officer Arthur Hohnsbehn, Director of Information Technology Jason Godfrey, Security Manager North Carolina Community College System

Payment Card Industry (PCI) Compliance The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

Payment Card Industry (PCI) Compliance The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

Payment Card Industry (PCI) Compliance PCI Documentation Payment Card Industry (PCI) Data Security Standard (DSS) Navigating PCI DSS – Understanding the Intent of the Requirements (version 1.1, February 2008) Payment Card Industry (PCI) Data Security Standard (DSS) Self–Assessment Questionnaire – Instructions and Guidelines (version 1.1, February 2008) Payment Card Industry (PCI) Data Security Standard (DSS) Self–Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers (version 1.1, February 2008) Payment Card Industry (PCI) Data Security Standard (DSS) Glossary, Abbreviations and Acronyms

Payment Card Industry (PCI) Compliance Common Terms 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Common Terms Account Number or PAN (Primary Account Number): payment card number that identifies the issuer and card holder. Acquirer: Bankcard association member that initiates and maintains relationships with the merchants that accept payment cards. Cardholder data: Full magnetic strip or the PAN plus any of the following: Cardholder name Expiration date Service Code

Payment Card Industry (PCI) Compliance Common Terms - Continued 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Common Terms - Continued DSS: Data Security Standard Penetration Test: Security-oriented probing of computer system or network to seek out vulnerabilities that an attacker could exploit. Threat: Condition that may cause information or information processing resources to be intentionally or accidentally lost, modified, exposed, made inaccessible, or otherwise affected to the detriment of the organization.

Payment Card Industry (PCI) Compliance Common Terms - Continued 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Common Terms - Continued Vulnerability: Weakness in system security procedures, system design, implementation, or internal controls that could be exploited to violate system security policy. Vulnerability Scan: Scans used to identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network. Payment Provider: PayPal (Verisign) or Official Payments (OPC).

Payment Card Industry (PCI) Compliance Trustwave Services 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Trustwave Services The Office of State Controller (OSC) has a master service agreement with Trustwave to perform vulnerability scans, online SAQ and answer general questions. 30 of the 58 colleges participate in the OSC’s master agreement. Colleges work directly with the OSC for portal access, service delivery, and remediation. The acquirer (bank) is SunTrust. The remaining 28 colleges are offered services through a supplemental agreement under the OSC master agreement. Colleges work directly with the NCCCS for portal access, service delivery, and remediation. The acquirer (bank) is selected by the college.

Payment Card Industry (PCI) Compliance Basic Steps to Compliance 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Basic Steps to Compliance Compliance (Process\Procedures) Validation (SAQ\ Vulnerability Scans) Compliance – Jason Godfrey Attestation

Payment Card Industry (PCI) Compliance Datatel Colleague e-Commerce Datatel defines any payment card transaction processed via Colleague to a payment provider (PayPal\OPC) as an e-Commerce transaction. Payment card information is processed and transmitted, but never stored. Datatel defines any payment card information entered into Colleague (CREN) as a Non e-Commerce transaction. This information is encrypted.

Payment Card Industry (PCI) Compliance Datatel Colleague e-Commerce Datatel e-Commerce requires: Licensing e-Commerce Installing e-Commerce (InstallShield) Enabling e-Commerce CORE – ECS (e-Commerce Setup) ECPR – e-Commerce Providers ECPA – e-Commerce Provider Account EPAM - e-Comm Provider Acct Mapping ST – FIWP (Financial Web Parameters)

Payment Card Industry (PCI) Compliance e-Commerce Documentation e-Commerce 3.7 Release Highlights (Release18.0) (September 18, 2006) e-Commerce Installation and Administration (August 5, 2008)

Determining My PCI Validation Type - SAQ 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Validation Type Determining My PCI Validation Type - SAQ

Payment Card Industry (PCI) Compliance Validation Types 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Validation Types Type 1 (SAQ A) – All cardholder data is outsourced. Type 2 (SAQ B) – Imprint only, no electronic cardholder data is stored. Type 3 (SAQ B) – Standalone dial-out terminals only, no electronic cardholder data is stored. Type 4 (SAQ C) – POS or payment system connected to the Internet, no electronic cardholder data is stored. Type 5 (SAQ D) – All other merchants and all service providers.

3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Validation Types - Continued Conclusion: With exception of payment card transactions processed utilizing a stand alone dial-up terminal where paper receipts are kept for refund purposes; all other payment card transactions within Colleague (CREN) or utilizing Datatel’s e-Commerce would require a college to submit SAQ D.

Payment Card Industry (PCI) Compliance Impact of Validation Type D 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Impact of Validation Type D What is the impact to the colleges? Arthur to provide some insight to what the colleges will be doing in addition to their normal processes.

Accepting Payment via Telephone (TREG) 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Datatel Colleague Environment Scenario 1 CC Clearing House Payment Verification Internet Colleague Server via DMI EPOS (TREG) Server Accepting Payment via Telephone (TREG)

Accepting Payment via WebAdvisor (WA) 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Datatel Colleague Environment Scenario 2 CC Clearing House Payment Verification Internet WA Server Colleague Server via DMI Accepting Payment via WebAdvisor (WA)

Accepting Payment via Colleague (CREN) 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Datatel Colleague Environment Scenario 3 CC Clearing House Payment Verification Internet Side Terminal (CC entered via CREN) Colleague Server via DMI Accepting Payment via Colleague (CREN)

Payment Card Industry (PCI) Compliance Datatel Best Practices 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Datatel Best Practices Develop a policy for maintaining payment card data. Non e-Commerce should be purged via COCD. Purge payment card information in Production before cloning the Production environment to Test using COCD. If troubleshooting e-Commerce with the DMI listener in debug ( -t –v options), remove the log immediately after the debug information has been obtained. You are not compliant with debug turned on. Work with your Bookstore provider to determine compliance.

Payment Card Industry (PCI) Compliance Additional Information 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Additional Information PCI Security Standards Council https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/education/webinars.shtml (webinars) Datatel AnswerNet Document #4397 - How to remove sensitive credit card data for PCI Compliance http://www.datatel.com NC Office of the State Controller http://www.ncosc.net/programs/risk_mitigation_pci.html

3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Contact Information NC Office of State Controller http://www.ncosc.net/SECP/SECP_PCIOverview.html NCCCS System Office Jay Baucom - (919) 807-6988 baucomj@nccommunitycolleges.edu Jason Godfrey - (919) 807-7054 godfreyj@nccommunitycolleges.edu Kim Van Metre - (919) 807-7071 vanmetrek@nccommunitycolleges.edu Trustwave General Questions – (800) 363-1621 support@trustwave.com

Q & A Payment Card Industry (PCI) Compliance Additional Information 3/31/2017 9:47 PM Payment Card Industry (PCI) Compliance Additional Information Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.