New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution.

Slides:



Advertisements
Similar presentations
Electronic Payments: PCI Compliance Program Overview Rick Dakin, QSA August 2008.
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry
UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.
Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
Central Michigan University Payroll and Travel Services 3.
MasterCard Site Data Protection Program Program Alignment.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
PCI requirements in business language What can happen with the cardholder data?
Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release.
Smart Payment Processing ™ Recur} Happen again. Persist. Return. Come back. Reappear. Come again.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
Langara College PCI Awareness Training
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
TYLER GROUP
Credit Cards at Fermilab Irwin Gaines Computer Security Awareness Day 9-Nov-2010.
Payment Card Industry (PCI) Rules and Standards
Performing Risk Analysis and Testing: Outsource or In-house
Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March,
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
2013 PCI:DSS Meeting OSU Business Affairs
Internet Payment.
Session 11 Other Assurance Services
UGA Extension Credit Card Processing Training
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Presentation transcript:

New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution

Discussion Outline Today’s Security Environment New PCI requirements & Compliance Validation GMU evaluation & process Dept roles: ITU & Fiscal Services Data Flow- Manual & Online processes Implementation timeline Summary- Concerns - Questions

Today’s Security Environment Track data stored –merchants & 3 rd parties Payment applications –track data storage Network vulnerabilities Cardholders- negative impact Identity theft implications Proposed federal legislation

New PCI requirements CISP(Visa) compliance req’d for E merchants - 6/5/01 CISP(Visa) expanded to merchant & service providers PCI security standard developed Standardized PCI requirements for members, merchants & service providers

Compliance Validation- Merchants Level 1: >6 million transactions/year Level 2: 150,000 – 6 million e- commerce trans/year Level 3: 20,000 – 150,000 e-commerce trans/year Level 4: < 20,000 e-commerce tran/yr and all other merchants up to 6 mill/yr

Standardized Requirements 12 PCI Data Security Standards PCI Security Audit Procedures-Onsite PCI Self-Assessment Questionnaire PCI Security Scanning Procedures Resource for the above: Approved vendor list & FAQ’s

Merchant Compliance Doc by level Level On-site Security Audit Network Scan Self- Assessmen t Questionair e Validation Dates OneRequired Annually Required Quarterly 9/30/04 Two & Three Required Quarterly Required Annually 6/30/05 FourRecommen d Annually Recommen d Annually TBD

GMU Evaluation & Process * Issues for Higher Education- Institutions have high visibility Web savvy customer base Many online points of service Prone to attacks- store lots of info * Education- NACUBO, NOVA & approved vendor * Need to get started – ASAP *

Dept roles- ITU & Fiscal Services ITU- Audit Plan Step 1: Identification CISP Requirements Review Step 2: Analysis & Review Data flow,physical environment, system admin Step 3: Recommendation for remediation Step 4: Bring in vendor

Dept roles- ITU & Fiscal Services Fiscal Services Evaluation & Education (NACUBO) Discussions with NOVA & Vendor Coordinate plan with ITU Meet with applicable depts Questionnaire Credit Cd Security-Policy & Procedures

Data Flow- Manual & Online All points that collect CC data Collection Processing Transmittal Storage Disposal

Implementation timeline August 2005: Education & Analysis Sept-Oct 2005: ITU/Fiscal Service Meetings NOVA & Vendor Discussion. Nov 2005: ITU Audit Plan Step 1 Dec 05- Jan 06: ITU Audit Plan Step 2 & Fiscal Services Questionnaire & Policy Jan- Feb 06: ITU Audit Plan Step 3 Feb – March 06: Vendor & Implementation

Summary,Concerns & Questions Summary: This is a huge undertaking!! Summary: Potential fines are scary!! Concerns: Are we ever 100% secure?? Concerns: What if we do have a compromise?? Questions???? Please share your stories!!

GMU Resources & Help Mira L. Levine, CPA Director of Accounting- Internal Controls & Cost Accounting (703) Cathy Hubbs IT Security Coordinator

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.