Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Payment.

Published byCoral Gregory Modified over 6 years ago

Similar presentations

Presentation on theme: "Internet Payment."— Presentation transcript:

1 Internet Payment

2 Security Sensitive information must be kept secure
Payments – how to ensure security Do it yourself? Hire another organization?

3 PCI Payment Card Industry
The payment card industry (PCI) denotes the cards and associated businesses to process: Debit Credit Prepaid e-purse ATM POS

4 PCI Payment Card Industry
Payment Card Industry Security Standards Council Council originally formed on Sept. 7, 2006 by: American Express Discover Financial Services JCB MasterCard Worldwide Visa International Goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard Council itself claims to be independent of the various card vendors that make up the council

5 PCI Payment Card Industry
Council formed a body of security standards known as the PCI Data Security Standards (PCI DSS) Consist of 12 significant requirements including multiple sub-requirements Contain numerous directives against which businesses may: Measure their own payment card security policies, procedures and guidelines By complying with qualified assessments of these standards, businesses can become accepted by the PCI Standards Council as compliant with the 12 requirements Receive a compliance certification and a listing on the PCI Standards Council website Compliance efforts and acceptance must be completed on a periodic basis

6 PCI Payment Card Industry
When the acronym PCI is listed within job requirements: Most frequently refers the many disciplines of managing the PCI compliance effort within the applicable business entity PCI Council compliance within any card handling business' security process can be considered part of inter-related disciplines Governance, risk, and compliance measurement GRCM Part of Information Security

7 PCI DSS Payment Card Industry Data Security Standard (PCI DSS)
Proprietary information security standard for organizations Those that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards Defined by the Payment Card Industry Security Standards Council Standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure Validation of compliance is performed annually by one of: An external Qualified Security Assessor (QSA) For organizations handling large volumes of transactions Creates a Report on Compliance (ROC) Self-Assessment Questionnaire (SAQ) For companies handling smaller volumes

8 PCI DSS Control Objectives PCI DSS Requirements
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software on all systems commonly affected by malware 6. Develop and maintain secure systems and applications

9 PCI DSS Control Objectives PCI DSS Requirements
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security

10 PCI Providers Link to PCI provider guide

11 PCI Costs What is Interchange?
The percentage and transaction fee charged to merchants to process credit/debit card transactions Interchange is priced at the transaction level Depends upon the combination of industry category code the method by which cards are accepted the card product transaction size All banks and merchant processing companies operate from the exact same Interchange, Dues and Assessment costs

12 PCI Costs What are Dues & Assessments?
Processing fees merchants pay to the Card Associations A set percentage of the sales Generally collected on a daily or monthly basis

Download ppt "Internet Payment."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

Similar presentations

Ads by Google