MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

Slides:



Advertisements
Similar presentations
Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry
LESSONS LEARNED ON THE WAY TO PCI COMPLIANCE
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Credit / Debit Card Electronic Payments Industry Update on Convenience Fees, Utility Program and More! Presented by: Presented by: Michael Hodge, Regional.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.
Joe SimonettiT-FLEx Workshop T-FLEx October Workshop The Future of Fare Collection Bank Card Transactions & Merchant Processing Joseph Simonetti October.
Northern KY University Merchant Training
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
The ABC’s of PCI DSS Eric Beschinski Relationship Manager Utility Payment Conference Kay Limbaugh Specialist, Electronic Bills & Payments &
MasterCard Site Data Protection Program Program Alignment.
Trust Guard PCI Certification Service Technical White Paper Trust Guard provides PCI DSS Compliant Scans that exceed PCI requirements. What’s more, your.
PCI DSS Managed Service Solution October 18, 2011.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
PCI requirements in business language What can happen with the cardholder data?
Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Presented by Bob Wesolowski James R. Rennert, CFRE President Dir. of Mission Advancement Caring Habits, Inc. Sisters of St. Joseph Briarcliff Manor, NY.
North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Jon Bonham, CISA, QSA Director, ERC
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Credit Card Compliance
MARTA’s Road to PCI Compliance
Payment Card Industry (PCI) Rules and Standards
Technology Core Functions
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Internet Payment.
Session 11 Other Assurance Services
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Rld pci compliance project
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI)
MARTA’s Road to PCI Compliance
MARTA Revenue Operations
Utility Payment Conference
Presented by: Jeff Soukup
Presentation transcript:

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager

MARTAs PCI Requirement As an acceptor of payment cards, MARTA is required to certify its Automated Fare Collection Payment Application to the PCI DSS requirements. MARTA is classified as a Level 2 merchant; processing more than 1 million credit transactions annually. PCI DSS certification requires a certified Fare Collection System including Payment Application software to be developed by the Fare Collection vendor. This software operates in the TVM, Ride Store TOM, and Fare Collection Central System. 2

AFC Overview The MARTA Automated Fare Collection system also known as Breeze entered revenue service in The system supports Regional operators including Cobb County, Gwinnett County, and Georgia Regional Transit Authority, and Atlanta Regional Commission databases. There are over 1 Million active Breeze cards system wide. COMPONENTQTY Automated Fare Gates470 Automated Fare Boxes on Big buses626 Light Validators on Para transit buses175 Ticket Vending Machines349 Ticket office machines16 Automated parking gates50 High Performance Encoding Machines6 Money Room Facilities and Equipment1 Central Computing System (1 Online, 1 Stand-by, 1 DR, 1 QA)20 3

AFC PCI Project Scope Central System Improvements Improved credit card security management More patron search capabilities Database Security Data at rest encryption higher security Separated storage of credit card information Ticket Vending Machine and Ticket Office Machine Higher security PIN PAD for debit transactions New internal computer New Operating System (Window 7) Remote Monitoring of all AFC Components Anti-virus management File Integrity Monitoring Network Security Access controls 4

MARTA AFC Team Project Oversight Remediation tasks Application Support Network & Server Support Enterprise Security Qualified Security Assessor (QSA) Assessment Gap Analysis Compliance Roadmap Report of Compliance Merchant Bank Manage PCI mandates on behalf of VISA, MasterCard, American Express, Discover Fare Collection Vendor Software development Hardware upgrades PCI DSS certification of payment applications software AFC PCI Project Team 5

AFC PCI Project Timeline MARTA is deemed as a Level 2 Merchant - Completed the PCI Data Security Standard Self-Assessment Questionnaire (SAQ) and quarterly scan results MARTA began the partnership with BOA and Fare Collection vendor to complete PCI requirements GAP Analysis completed by QSA - Attestation of Compliance sent to Merchant Bank - QSA provided Remediation Roadmap 2011 – MARTA issues Notice to Proceed to Fare Collection vendor to begin software development - AFC system PCI Migration begins AFC system PCI Migration completed - Attestation of Compliance completed - PCI Compliance obtained from Merchant Bank 6

PCI Project Migration – Phase 1 AFC Network Access Control Build secure data network Segment AFC Traffic from the Enterprise Network traffic Develop Information Security Team Develop Information Security Policies 7

Phase 1: Network Access Control TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Merchant Bank Old Database AFC Network Restricted Rule Base Internet VLAN Enterprise Network VLAN 8

PCI Project Migration – Phase 2 Central System Upgrade Upgrade Servers (Production, Stand by, DR, and QA) Migrate Central System software Migrate Database Migrate Web Ticketing 9

Phase 2: Central System Upgrade TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices SettlementSettlement TOM Merchant Bank Old Database PCI Compliant Compliant System System Upgraded Database Merchant Bank Production Stand-By DR QA Server Farm 10

PCI Project Migration – Phase 3 Payment Processing Device Upgrade Replace TOM Hardware & Software including 3DES Pin Pad Replace TVM Hardware & Software including 3DES Pin Pad Deploy Anti-Virus software and File Integrity Monitoring process to all components Migrate TOM and TVM 11

Phase 3: Device Upgrade TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Merchant Bank Old Database Merchant Bank Settlement PCI Compliant Compliant System System Upgraded Database 12

Phase 3: Device Upgrade Complete TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Old Database Merchant Bank Settlement PCI Compliant Compliant System System Upgraded Database 13

PCI Project Migration – Compliant Final Report of Compliance to Merchant Bank Review of Remediation Roadmap tasks QSA Assessment of GAPS QSA Vulnerability Scan Report of Compliance Attestation of Compliance PCI DSS v2.0 Certificate of Compliance from Merchant Bank 14

Thank You 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.