Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

Slides:

Advertisements

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Advertisements

The Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Property of CampusGuard Compliance With The PCI DSS.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Jeff Williams Information Security Officer CSU, Sacramento

Visa Cemea Account Information Security (AIS) Programme

Where worlds collide… PCI-DSS for OWASP Practitioners OWASP Day NZ July 2009.

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

PCI DSS and MasterCard Site Data Protection Program Payment System Integrity September 2008.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Why Comply with PCI Security Standards?

Introduction to PCI DSS

Northern KY University Merchant Training

Payment Card Industry (PCI) Data Security Standard

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

PCI DSS Managed Service Solution October 18, 2011.

Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.

PCI requirements in business language What can happen with the cardholder data?

PCI: As complicated as it sounds? Gerry Lawrence CTO

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Introduction to Payment Card Industry Data Security Standard

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Introduction to PCI DSS

Payment Card Industry Data Security Standards

Payment Card Industry (PCI) Rules and Standards

Wake Forest University

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March,

PCI-DSS Security Awareness

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

2013 PCI:DSS Meeting OSU Business Affairs

Internet Payment.

Session 11 Other Assurance Services

Payment Card Industry Data Security Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Contact Center Security Strategies

Presented by: Jeff Soukup

Payment Card Industry Data Security Standards (PCI-DSS) Training

Presentation transcript:

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation

PCI Background PCI-DSS developed: –Encourage and enhance cardholder data security –Facilitate adoption of consistent data security measures globally –Provide a baseline of Operational and Technical requiremeents to protect data

Who does PCI-DSS Apply TO To ALL entities involved in Payment Card Processing –Merchants –Acquirers –Processors –Issuers –Service Providers

The Question is Do you STORE PROCESS Or TRANSMIT Cardholder Data?????

The Answer YES, if Store Cardholder Reports Card Data Module on your Data Processing System Process Card Files- Post Transactions Batch or On-line-ATM, Debit, Credit Transmit Files-PBF, Card Issuance, Online Authorizations

What are the Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy

Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to maintain data 2. Do not uses vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open,public networks

Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software and programs 6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures 7. Restrict access to cardholder data and business NEED TO KNOW 8. Assign a unique ID to each person with computer and data access 9 Restrict physical access to cardholder data

Regularly Monitor and Test Networks 10. Track and Monitor all access to network resources and cardholder data 11. Regularly test security systems and processes

Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel

Requirements---Easy There are ONLY 12

PCI DSS Applicability Wherever account data is stored,processed or transmitted???? Account data is Cardholder Data PLUS sensitive Authentication Data: –Cardholder Data- Primary Account Number PAN –Cardholder Name –Expiration Date and Service Code

Applicability Information cont’d Sensitive Authentication Data includes: –Full magnetic stripe data or equivalent on a chip –CAV2/CVC2/CVV2/CID –PINs/PIN Blocks

Here’s THE Test

Is Storage Permitted PAN Yes Cardholder Name Yes Service Code Yes Expiration Date Yes Full Magnetic Stripe Data No CVV/CVC/CAV/CID No PIN/PIN Block No

If YES, now what? Stored data MUST be unreadable PAN YES Cardholder Name No Service Code No Expiration Date No Sensitive Authentication Data Cannot be stored period

What Next Perform a Risk Assessment Know what data you have, who has access and what you do with it Know how your network is secured Establish an Information Security Policy and Standards Document Engage the Board of Directors, Internal Auditor, External Auditor

What Next cont’d Make a Plan to become PCI Compliant Engage the services of a Qualified System Assessor (QSA) Validate your data providers are PCI Certified

Next Security Physical and Data is everyone’s responsibility Take it seriously and protect your member cardholder data

Questions???

Resources

THANK YOU Cathy Pettis, SVP