PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

Slides:

Advertisements

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Advertisements

PCI DSS for Retail Industry

Troy Leach April 2012 The PCI Security Standards Council.

Navigating the New SAQs (Helping the 99% validate PCI compliance)

Complying With Payment Card Industry Data Security Standards (PCI DSS)

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Security Controls – What Works

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.

Why Comply with PCI Security Standards?

Introduction to PCI DSS

Northern KY University Merchant Training

Payment Card Industry (PCI) Data Security Standard

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.

PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.

Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

SEC835 Database and Web application security Information Security Architecture.

PCI requirements in business language What can happen with the cardholder data?

Inventory Management & Administration System Tourism suite What is the PCI DSS? The PCI DSS stands for Payment Card Industry Data Security Standard.

DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.

North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.

NON-COMPULSORY BRIEFING SESSION REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019 Date: 29 September 2015 Time: 10:00.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

e-Learning Module Credit/Debit Payment Card Acceptance and Security

Langara College PCI Awareness Training

Payment Card Industry (PCI) Data Security Standard Version 3.1

Jon Bonham, CISA, QSA Director, ERC

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

PCI 3.1 Boot Camp Payment Card Industry Data Security Standards 3.1.

Introduction to PCI DSS

Payment Card Industry Data Security Standards

Presented by UT System Administration Information Security Office

Payment Card Industry (PCI) Rules and Standards

Summary of Changes PCI DSS V. 3.1 to V. 3.2

Payment Card Industry (PCI) Rules and Standards

PCI-DSS Security Awareness

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

Where Do You Have Cardholder Data?

Internet Payment.

UGA Extension PCI DSS Awareness Training

UGA Extension Credit Card Processing Training

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

cyberopsalliance.com |

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

PCI Device Inspections

UD PCI GUIDELINES A guide for compliance with PCI DSS and the University of Delaware Payment Card Program ALWAYS Process payments immediately using a solution.

Presentation transcript:

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0

INTRODUCTIONS PCI 3.0 Boot Camp - March 20152

PURPOSE Why am I here? PCI 3.0 Boot Camp - March 20153

Changes in SAQs Added two new SAQs A-EP – merchants whose payment page begins at their website or who have some control over the payment page B-IP – merchants using stand-alone credit card terminals via Internet SAQ B, C and C-VT all specifically state they cannot be used if merchant uses ecommerce channels PCI 3.0 Boot Camp - March 20154

Trustwave Portal Answering Multiple SAQs Merchants accepting in more than one environment will answer an SAQ to address each environment. Cash Management will open additional Trustwave account for each “hybrid” merchant. The new account will address the lesser involved SAQ (A, A-EP or B) Merchants have the option to terminate the activity related to multiple payment channel PCI 3.0 Boot Camp - March 20155

UPDATES TO REQUIREMENTS PCI 3.0 Boot Camp - March 20156

Penetration Testing What? An attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data (Short form known as a Pen Test) Do I need one? PCI 3.0 Boot Camp - March 2015

Anti-Virus Updates Requirement #5 Clarified Requirement – Protect all systems against malware New Requirements – Evaluate evolving malware threats – Anti-Virus solutions actively run, used, and managed – Must be logged in accordance with req. 10 How to Implement Change – Build into computer imaging and deployment process – Use centrally managed tools, Like LANDesk, where available – Work with technical contact to come up with a process – HUIT IT Security and Support Services are there to help PCI 3.0 Boot Camp - March 20158

Log Review Updates Requirement #10 Clarified Requirements – Granular audit trails linking users to system actions – What access is logged – Log all sec events & system components that deal with CHD – Log review – Store logs for at least one year How to Implement Change – Build into computer imaging and deployment process – Use central logging server where available (Splunk in the FAS) – Work with technical contact to come up with process – HUIT IT Support Services and Info Sec can help PCI 3.0 Boot Camp - March 20159

Cardholder Data Requirement #3 Clarified Requirements – Handling of sensitive authentication data – Logical access for disk encryption – Key management procedures How to Implement Change – Limit cardholder storage and retention time. Purge at least quarterly – Do not store sensitive authentication data – Render PAN unreadable – Document and implement procedures to protect encryption keys – Document and implement key management processes and procedures for encrypting cardholder data PCI 3.0 Boot Camp - March

Point of Sale Devices Requirement #9 New Requirement – Protect devices from tampering or substitution – Maintain list of devices and inspect periodically – Train personnel to be aware of suspicious behavior and to report tampering of devices How to Implement Change – Place sticker on side/joint of terminal – Request new or replacement terminals from Cash Management for inventory control – Provide employee training to address suspicious behavior or tampering of devices PCI 3.0 Boot Camp - March

Service Providers Requirement #12 New Requirement – Document which PCI DSS requirements are managed by each service provider, and which are managed by merchant. – Service providers provide the written acknowledgement to their customers of services provided and security of card data. How to Implement Change – Incorporate delineation of responsibilities within service agreement (eg., application updates) – All service providers must include Harvard PCI Rider and HRCI Rider in Service Agreement – Service Providers must submit Attestation of Compliance from QSA PCI 3.0 Boot Camp - March

MORE INFORMATION PCI 3.0 Boot Camp - March

Resources – – SAQs ocuments.php?category=saqs ocuments.php?category=saqs – Harvard Support/Questions – Trustwave QSA – Cash Management will arrange teleconference – otm.finance.harvard.edu otm.finance.harvard.edu PCI 3.0 Boot Camp - March