Presentation is loading. Please wait.

Presentation is loading. Please wait.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

Published byAsher Gibbar Modified over 10 years ago

Similar presentations

Presentation on theme: "MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager."— Presentation transcript:

1 MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager

2 MARTAs PCI Requirement As an acceptor of payment cards, MARTA is required to certify its Automated Fare Collection Payment Application to the PCI DSS requirements. MARTA is classified as a Level 2 merchant; processing more than 1 million credit transactions annually. PCI DSS certification requires a certified Fare Collection System including Payment Application software to be developed by the Fare Collection vendor. This software operates in the TVM, Ride Store TOM, and Fare Collection Central System. 2

3 AFC Overview The MARTA Automated Fare Collection system also known as Breeze entered revenue service in 2005. The system supports Regional operators including Cobb County, Gwinnett County, and Georgia Regional Transit Authority, and Atlanta Regional Commission databases. There are over 1 Million active Breeze cards system wide. COMPONENTQTY Automated Fare Gates470 Automated Fare Boxes on Big buses626 Light Validators on Para transit buses175 Ticket Vending Machines349 Ticket office machines16 Automated parking gates50 High Performance Encoding Machines6 Money Room Facilities and Equipment1 Central Computing System (1 Online, 1 Stand-by, 1 DR, 1 QA)20 3

4 AFC PCI Project Scope Central System Improvements Improved credit card security management More patron search capabilities Database Security Data at rest encryption higher security Separated storage of credit card information Ticket Vending Machine and Ticket Office Machine Higher security PIN PAD for debit transactions New internal computer New Operating System (Window 7) Remote Monitoring of all AFC Components Anti-virus management File Integrity Monitoring Network Security Access controls 4

5 MARTA AFC Team Project Oversight Remediation tasks Application Support Network & Server Support Enterprise Security Qualified Security Assessor (QSA) Assessment Gap Analysis Compliance Roadmap Report of Compliance Merchant Bank Manage PCI mandates on behalf of VISA, MasterCard, American Express, Discover Fare Collection Vendor Software development Hardware upgrades PCI DSS certification of payment applications software AFC PCI Project Team 5

6 AFC PCI Project Timeline 2008 - MARTA is deemed as a Level 2 Merchant - Completed the PCI Data Security Standard Self-Assessment Questionnaire (SAQ) and quarterly scan results. 2009 - MARTA began the partnership with BOA and Fare Collection vendor to complete PCI requirements. 2010 - GAP Analysis completed by QSA - Attestation of Compliance sent to Merchant Bank - QSA provided Remediation Roadmap 2011 – MARTA issues Notice to Proceed to Fare Collection vendor to begin software development - AFC system PCI Migration begins 2012 - AFC system PCI Migration completed - Attestation of Compliance completed - PCI Compliance obtained from Merchant Bank 6

7 PCI Project Migration – Phase 1 AFC Network Access Control Build secure data network Segment AFC Traffic from the Enterprise Network traffic Develop Information Security Team Develop Information Security Policies 7

8 Phase 1: Network Access Control TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Merchant Bank Old Database AFC Network Restricted Rule Base Internet VLAN Enterprise Network VLAN 8

9 PCI Project Migration – Phase 2 Central System Upgrade Upgrade Servers (Production, Stand by, DR, and QA) Migrate Central System software Migrate Database Migrate Web Ticketing 9

10 Phase 2: Central System Upgrade TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices SettlementSettlement TOM Merchant Bank Old Database PCI Compliant Compliant System System Upgraded Database Merchant Bank Production Stand-By DR QA Server Farm 10

11 PCI Project Migration – Phase 3 Payment Processing Device Upgrade Replace TOM Hardware & Software including 3DES Pin Pad Replace TVM Hardware & Software including 3DES Pin Pad Deploy Anti-Virus software and File Integrity Monitoring process to all components Migrate TOM and TVM 11

12 Phase 3: Device Upgrade TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Merchant Bank Old Database Merchant Bank Settlement PCI Compliant Compliant System System Upgraded Database 12

13 Phase 3: Device Upgrade Complete TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Old Database Merchant Bank Settlement PCI Compliant Compliant System System Upgraded Database 13

14 PCI Project Migration – Compliant Final Report of Compliance to Merchant Bank Review of Remediation Roadmap tasks QSA Assessment of GAPS QSA Vulnerability Scan Report of Compliance Attestation of Compliance PCI DSS v2.0 Certificate of Compliance from Merchant Bank 14

15 Thank You 15

Download ppt "MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry

PCI DSS for Retail Industry
LESSONS LEARNED ON THE WAY TO PCI COMPLIANCE

LESSONS LEARNED ON THE WAY TO PCI COMPLIANCE
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
UCSB Credit Card Processing and PCI Compliance

UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.

PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Similar presentations

Ads by Google