Presentation is loading. Please wait.

Presentation is loading. Please wait.

payment card industry compliance project

Published byBetty Stevenson Modified over 6 years ago

Similar presentations

Presentation on theme: "payment card industry compliance project"— Presentation transcript:

1 payment card industry compliance project
Michelle Langehennig Chief Information Officer Eric Scott Network Administrator Supervisor

2 RLD Vision and Mission RLD Vision:
To ensure New Mexicans receive quality care and services from qualified professionals. RLD Mission RLD is in the business of ensuring that New Mexicans receive quality care and services from qualified individuals and businesses in 35 different industries, professions and trades. We touch everyday activities of every New Mexican, while ensuring fair and prompt administrative process to help spur economic development. Construction Industries Division: Provide code compliance oversight; issue licenses, permits and citations; perform inspections; administer exams; process complaints; and enforce laws, rules and regulations relating to general construction and manufactured housing standards to industry professionals.

3 Project Description RLD PCI Compliance is a two part project.
Completed in Phase I: RLD separated all traffic through the firewall and segmented the traffic by a demilitarized zone(DMZ) allowing the cardholder traffic to be separate from the network traffic. The Accela application redirect is complete and is no longer storing data on the RLD network. The Accela and MLO data is now separated in the current data storage environment. Installed Cisco Umbrella to provide a view of DNS traffic. To Be Completed in Phase II: Move payment providers from PayPal to Wells Fargo. Saving RLD over $150,000 in fees. Replace core equipment and host to eliminate aging equipment, obtain more data storage and allow RLD to remain PCI compliant.

4 Accomplishments Achieved full PCI compliance for RLD and associated Permitting and Licensing application to increase the security of the card-holder data environment (CDE). Separated all Card holder data and regular network traffic making RLD a more secure environment. Separated applications taking credit cards from the rest of the network creating a compliant environment to take credit cards. Provide a view of DNS traffic to protect the network from threats. Replaced out dated firewalls to create a hardened and safer environment for the public and the RLD network.

5 Objectives Move payment providers from PayPal to Wells Fargo to eliminate over $150,000 of fees imposed by financial service provider. Maintain PCI compliance through the life of the Permitting and Licensing programs and for as long as the PCI DSS compliance specification is relevant. Eliminate aging equipment and obtain more data storage allowing RLD to remain PCI compliant.

6 Deliverables PCI DSS 3.2 compliant payment portal that takes credit card payments from existing RLD applications, customizable and configurable by RLD IT staff. Customized code within existing RLD applications that point to the new payment portal. Policies and Procedures appropriate to the new SAQ-A environment. DNS protection software Core hardware to replace the current infrastructure

7 Project Budget Item Cost Estimate Phase 1 Hardware $32,100
Phase 1 Software $8,900 Phase 1 Implementation $26,000 Phase 2 Hardware $267,400 *Total $334,400 *IV&V not currently budgeted, as waiver was granted by DoIT on 7/26/2018

8 Conclusion RLD is requesting certification of $267,400 for the Planning / Implementation Phase to complete phase 2 of the PCI Compliance Project.

Download ppt "payment card industry compliance project"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
1 Presented to Department of Information Technology Jan 28, 2009 New Mexico Department of Health ELECTRONIC REPORTING (e-Reporting) e-Reporting.

1 Presented to Department of Information Technology Jan 28, 2009 New Mexico Department of Health ELECTRONIC REPORTING (e-Reporting) e-Reporting.
NEW MEXICO DRIVER REENGINEERING SOLUTION Initiation Certification November 19, 2008 Project Certification Committee.

NEW MEXICO DRIVER REENGINEERING SOLUTION Initiation Certification November 19, 2008 Project Certification Committee.
Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27, 2009 1.

Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27,
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17, 2009.  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.

Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI DSS Managed Service Solution October 18, 2011.

PCI DSS Managed Service Solution October 18, 2011.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Similar presentations

Ads by Google