Presentation is loading. Please wait.

Presentation is loading. Please wait.

Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March, 2007 www.burtongroup.com.

Published byJulie Barber Modified over 6 years ago

Similar presentations

Presentation on theme: "Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March, 2007 www.burtongroup.com."— Presentation transcript:

1 Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March, 2007

2 The PCI Half-Dozen It’s 5pm – do you know where your credit card numbers are? “BJ'S Wholesale Club Settles FTC Charges” ~Thousands of credit and debit card numbers “Customer Data Breach Began in 2005, TJX Says” ~card numbers impacted?– still investigating “CardSystems' Data Left Unsecured” ~40 million card numbers impacted

3 The PCI Half-Dozen Data element Storage permitted Protection required
PCI DSS Requirement 3.4 Cardholder data PAN Yes Cardholder name No Service code Expiration data Sensitive authentication data Full magnetic stripe N/A—Storage not allowed CVC2/CVV2/CID PIN/PIN block Covered Data Elements (Data Source: PCI DSS Version 1.1, September 2006)

4 The PCI Half-Dozen Get the Facts
Go to the source – the PCI Data Security Standard and the PCI DSS Security Audit Procedures Self assess – uncover and remediate gaps in advance 2. Segment the Scope  PCI DSS applies to the cardholder data environment Reduce scope through zoning and segmentation 3. Don’t Store What You Don’t Need No Track II/Sensitive Auth Data! But do you need the Cardholder data at all?

5 The PCI Half-Dozen 4. Be Prepared and Be a Partner
Work with Qualified Security Assessors (QSA) or in-house assessors Agree on the scope up-front Prepare supporting documentation – including for compensating controls Build remediation plans – and follow them 5. Get Involved Changes were made between v1.0 and v1.1 in part, due to feedback Merchants and Payment Service Providers can become “Participating Organizations” of the SSC 6. Build a Compliance Program Compliance is about more than PCI Take a long-view approach to compliance as a whole

6 Thank you! For more information:
Burton Group Security and Risk Management Strategies Overview – “What and Why PCI? Inside the Payment Card Industry Data Security Standards,” The PCI Security Standards Council, Payment Card Industry (PCI) Data Security Standard, Version 1.1, PCI DSS Security Audit Procedures,

Download ppt "Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March, 2007 www.burtongroup.com."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry

PCI DSS for Retail Industry
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
1 Presented By: David Kidd, Director of Compliance, Peak 10 & Brian Herman, VP of Managed Security Sales, Still Secure.

1 Presented By: David Kidd, Director of Compliance, Peak 10 & Brian Herman, VP of Managed Security Sales, Still Secure.
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Similar presentations

Ads by Google