PCI: As complicated as it sounds? Gerry Lawrence CTO

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Why Comply with PCI Security Standards?
Introduction to PCI DSS
Northern KY University Merchant Training
Payment Card Industry (PCI) Data Security Standard
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
PCI DSS Managed Service Solution October 18, 2011.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.
PCI requirements in business language What can happen with the cardholder data?
Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.
BUSINESS B1 Information Security.
Introduction to Payment Card Industry Data Security Standard
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
PCI Training for PointOS Resellers PointOS Updated September 28, 2010.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
Janis Buikauskis Joe Kubena Kyle Nelson Chris Schrader.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Payment Card Industry (PCI) Rules and Standards
Performing Risk Analysis and Testing: Outsource or In-house
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Internet Payment.
Session 11 Other Assurance Services
I have many checklists: how do I get started with cyber security?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Contact Center Security Strategies
Presentation transcript:

PCI: As complicated as it sounds? Gerry Lawrence CTO

Background ► Experts in business critical hosting ► Wide range of customers ► …including many e-commerce sites

Growth of e-commerce Source: UK National Statistics Office

Card fraud Source: UK Card Association Reduction due to: Sophisticated fraud screening Cardholder authentication Awareness campaign PCI compliance improvements

Card fraud Source: Home Office statistics (534 businesses polled) At some point every business website will suffer an attempted attack in a year. In burglary's took place in the UK according to Home Office statistics yet the number of hacks that occur far outweigh this figure. According to Information Security Breaches survey % of business respondents suffered a security breach

Card fraud Source: Home Office statistics (534 businesses polled) ► PCI awareness increased ► PCI standards more organised more specific and tougher ► Banks now following through on non-compliance

Time/resource ► Many skills only needed some of the time ► Monitoring is very time consuming ► Monitoring needs to happen 24x7

Skills ► Deep understanding of the compliance and regulatory framework ► Secure network design ► Systems design ► Detailed log analysis ► Incident response

Typical system Internet Primary datacentre Secondary datacentre Firewalls Firewall Web servers Database servers Backup server Web server Database server Backup server SAN Load balanced

Choosing the right partner Selection criteria: ► Security industry expertise to compliment our own ► Specific PCI compliance experience ► Pro-active 24 hour monitoring and response service ► Cultural fit and great attitude

Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters 12 steps to achieve PCI Compliance

Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks 12 steps to achieve PCI Compliance

Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications 12 steps to achieve PCI Compliance

Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7:Restrict access to cardholder data by business need-to-know Requirement 8:Assign a unique ID to each person with computer access Requirement 9:Restrict physical access to cardholder data 12 steps to achieve PCI Compliance

Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7:Restrict access to cardholder data by business need-to-know Requirement 8:Assign a unique ID to each person with computer access Requirement 9:Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10:Track and monitor all access to network resources and cardholder data Requirement 11:Regularly test security systems and processes 12 steps to achieve PCI Compliance

Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7:Restrict access to cardholder data by business need-to-know Requirement 8:Assign a unique ID to each person with computer access Requirement 9:Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10:Track and monitor all access to network resources and cardholder data Requirement 11:Regularly test security systems and processes Maintain an Information Security Policy Requirement 12:Maintain a policy that addresses information security 12 steps to achieve PCI Compliance

12 steps to achieve PCI Compliance PCI compliance… Does it apply to me? No, because I use a 3 rd party payment provider…. ?

12 steps to achieve PCI Compliance PCI compliance… Does it apply to me? No, because I use a 3 rd party payment provider…. ….ever heard of ‘Man in the Middle’? ?

12 steps to avoid Snakes & Hackers What are the risks? ► Huge Fines ► Banks may refuse your business ► More expose to repeat hacking attacks ► Brand reputation ?

12 steps to avoid Snakes & Hackers How can NetBenefit help?

NetBenefit is located at Stand 930 ► Pick up our PCI whitepaper ► Speak to our PCI experts ► Happy to answer any questions

Working together

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.