PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

TeBAS Tourism suite Technical Business Application System.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
PCI PABP Training Module
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Information Security Policies and Standards
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Security Analysis and Recommendations. PB’s&J Presenters & Topics David Bihm User Account Management Nathan Julson Data Classification Firewall Architectures.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Why Comply with PCI Security Standards?
Introduction to PCI DSS
Payment Card Industry (PCI) Data Security Standard
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
Getting Started and Introduction. Free to Receive messages and files Free low use account or Professional account allow file sending Easy and completely.
Security Guide for Interconnecting Information Technology Systems
PCI DSS Managed Service Solution October 18, 2011.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
Automated Backup, Recovery, Inventory and Management for Security and Networking Devices.
The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
PCI requirements in business language What can happen with the cardholder data?
Inventory Management & Administration System Tourism suite What is the PCI DSS? The PCI DSS stands for Payment Card Industry Data Security Standard.
PCI: As complicated as it sounds? Gerry Lawrence CTO
Introduction to Payment Card Industry Data Security Standard
North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Getting Started with REACH Delivery. Free to Receive messages and files Easy and completely free to install Comprehensive online help Free Support Forum.
Chapter 2 Securing Network Server and User Workstations.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
Payment Card Industry (PCI) Data Security Standard Version 3.1
PCI-DSS: Guidelines & Procedures When Working With Sensitive Data.
APolicy EASy Security Project Analysis and Recommendations for TJX Companies, Inc.
Chapter 8 Auditing in an E-commerce Environment
Policies and Security for Internet Access
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Payment Card Industry Data Security Standards
Payment Card Industry (PCI) Rules and Standards
Summary of Changes PCI DSS V. 3.1 to V. 3.2
Blackboard Security System
Payment Card Industry (PCI) Rules and Standards
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Module Overview Installing and Configuring a Network Policy Server
Internet Payment.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Contact Center Security Strategies
Introduction to the PACS Security
Presentation transcript:

PCI Training for PointOS Resellers PointOS Updated September 28, 2010

Introduction Purpose of this training

What is PCI / PA-DSS? The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

What actions are resellers and integrators responsible for? All installations of PointOS must be reviewed for PCI Compliance under the guidelines set forth in this document and the PointOS Implementation Guide.

The PA-DSS Implementation Guide This document is available on our website at

The Requirements Please review the following requirements.

PA-DSS PA-DSS Topic Customer/reseller Responsibility Delete sensitive authentication data stored by previous payment application versions. Delete any historical data per the PA-DSS Implementation Guide and PA-DSS Requirement

PA-DSS PA-DSS Topic Customer/reseller Responsibility Delete any sensitive authentication data (pre-authorization) gathered as a result of troubleshooting the payment application. Troubleshoot any problems per the PA- DSS Implementation Guide and PA-DSS Requirement a.

PA-DSS 2.1 PA-DSS Topic Customer/reseller Responsibility Purge cardholder data after customer- defined retention period. Purge cardholder data exceeding customer- defined retention period.

PA-DSS 2.7 PA-DSS Topic Customer/reseller Responsibility Delete cryptographic key material or cryptograms stored by previous payment application versions. Delete any historical cryptographic material per PA-DSS Implementation Guide and PA-DSS Requirement

PA-DSS 3.1 PA-DSS Topic Customer/reseller Responsibility Use unique user IDs and secure authentication for administrative access and access to cardholder data. Establish and maintain unique user IDs and secure authentication per the PA-DSS Implementation Guide and PCI DSS Requirements 8.1 and 8.2.

PA-DSS 3.2 PA-DSS Topic Customer/reseller Responsibility Use unique user IDs and secure authentication for access to PCs, servers, and databases with payment applications. Establish and maintain unique user IDs and secure authentication per the PA-DSS Implementation Guide and PCI DSS Requirements 8.1, 8.2, and 8.5.8–

PA-DSS 4.2 PA-DSS Topic Customer/reseller Responsibility Implement automated audit trails. Establish and maintain PCI DSS-compliant logs per the PA-DSS Implementation Guide and PCI DSS Requirement 10.

PA-DSS 6.1 PA-DSS Topic Customer/reseller Responsibility Securely implement wireless technology. For wireless implemented into the payment environment by customers or resellers/integrators, install a firewall per the PA-DSS Implementation Guide and PCI DSS Requirement

PA-DSS 6.2 PA-DSS Topic Customer/reseller Responsibility Secure transmissions of cardholder data over wireless networks. For wireless implemented into the payment environment by customers or resellers/integrators, use secure encrypted transmissions per the PA-DSS Implementation Guide and PCI DSS Requirement

PA-DSS 9.1 PA-DSS Topic Customer/reseller Responsibility Store cardholder data only on servers not connected to the Internet. Establish and maintain payment applications so that cardholder data is not stored on Internet-accessible systems, per the PA- DSS Implementation Guide and PCI DSS Requirement

PA-DSS 10.1 PA-DSS Topic Customer/reseller Responsibility Securely deliver remote payment application updates. Receive remote payment application updates from vendor securely, per the PA- DSS Implementation Guide and PCI DSS Requirements 1, 1.3.9, and

PA-DSS 11.2 PA-DSS Topic Customer/reseller Responsibility Implement two-factor authentication for remote access to payment application. Establish and maintain two-factor authentication for remote access to payment application, per the PA-DSS Implementation Guide and PCI DSS Requirement 8.3.

PA-DSS 11.2 PA-DSS Topic Customer/reseller Responsibility Implement two-factor authentication for remote access to payment application. Establish and maintain two-factor authentication for remote access to payment application, per the PA-DSS Implementation Guide and PCI DSS Requirement 8.3.

PA-DSS 11.3 PA-DSS Topic Customer/reseller Responsibility Securely implement remote access software. Use remote access security features if you allow remote access to payment applications, per the PA-DSS Implementation Guide and PA-DSS Requirement 11.3.b.

PA-DSS 12.1 PA-DSS Topic Customer/reseller Responsibility Secure transmissions of cardholder data over public networks. Establish and maintain secure transmissions of cardholder data, per the PA-DSS Implementation Guide and PCI DSS Requirement 4.

PA-DSS 12.2 PA-DSS Topic Customer/reseller Responsibility Encrypt cardholder data sent over end- user messaging technologies. Encrypt all PANs sent with end-user messaging technologies, per the PA- DSS Implementation Guide and PCI DSS Requirement 4.2.

PA-DSS 13.1 PA-DSS Topic Customer/reseller Responsibility Encrypt non-console administrative access. Encrypt all non- console administrative access, per the PA- DSS Implementation Guide and PCI DSS Requirement 2.3.

Questions Please direct any questions, to