Presentation is loading. Please wait.

Presentation is loading. Please wait.

New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution.

Published byAlexis Walley Modified over 10 years ago

Similar presentations

Presentation on theme: "New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution."— Presentation transcript:

1 New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution

2 Discussion Outline Today’s Security Environment New PCI requirements & Compliance Validation GMU evaluation & process Dept roles: ITU & Fiscal Services Data Flow- Manual & Online processes Implementation timeline Summary- Concerns - Questions

3 Today’s Security Environment Track data stored –merchants & 3 rd parties Payment applications –track data storage Network vulnerabilities Cardholders- negative impact Identity theft implications Proposed federal legislation

4 New PCI requirements CISP(Visa) compliance req’d for E merchants - 6/5/01 CISP(Visa) expanded to merchant & service providers- 2003 PCI security standard developed 2004-05 Standardized PCI requirements for members, merchants & service providers

5 Compliance Validation- Merchants Level 1: >6 million transactions/year Level 2: 150,000 – 6 million e- commerce trans/year Level 3: 20,000 – 150,000 e-commerce trans/year Level 4: < 20,000 e-commerce tran/yr and all other merchants up to 6 mill/yr

6 Standardized Requirements 12 PCI Data Security Standards PCI Security Audit Procedures-Onsite PCI Self-Assessment Questionnaire PCI Security Scanning Procedures Resource for the above: www.visa.com/cisp Approved vendor list & FAQ’s

7 Merchant Compliance Doc by level Level On-site Security Audit Network Scan Self- Assessmen t Questionair e Validation Dates OneRequired Annually Required Quarterly 9/30/04 Two & Three Required Quarterly Required Annually 6/30/05 FourRecommen d Annually Recommen d Annually TBD

8 GMU Evaluation & Process * Issues for Higher Education- Institutions have high visibility Web savvy customer base Many online points of service Prone to attacks- store lots of info * Education- NACUBO, NOVA & approved vendor * Need to get started – ASAP *

9 Dept roles- ITU & Fiscal Services ITU- Audit Plan Step 1: Identification CISP Requirements Review Step 2: Analysis & Review Data flow,physical environment, system admin Step 3: Recommendation for remediation Step 4: Bring in vendor

10 Dept roles- ITU & Fiscal Services Fiscal Services Evaluation & Education (NACUBO) Discussions with NOVA & Vendor Coordinate plan with ITU Meet with applicable depts Questionnaire Credit Cd Security-Policy & Procedures

11 Data Flow- Manual & Online All points that collect CC data Collection Processing Transmittal Storage Disposal

12 Implementation timeline August 2005: Education & Analysis Sept-Oct 2005: ITU/Fiscal Service Meetings NOVA & Vendor Discussion. Nov 2005: ITU Audit Plan Step 1 Dec 05- Jan 06: ITU Audit Plan Step 2 & Fiscal Services Questionnaire & Policy Jan- Feb 06: ITU Audit Plan Step 3 Feb – March 06: Vendor & Implementation

13 Summary,Concerns & Questions Summary: This is a huge undertaking!! Summary: Potential fines are scary!! Concerns: Are we ever 100% secure?? Concerns: What if we do have a compromise?? Questions???? Please share your stories!!

14 GMU Resources & Help Mira L. Levine, CPA Director of Accounting- Internal Controls & Cost Accounting mlevine1@gmu.edu (703) 993-2566mlevine1@gmu.edu Cathy Hubbs IT Security Coordinator chubbs@gmu.edu (703)993-4183chubbs@gmu.edu

Download ppt "New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution."

Similar presentations

Electronic Payments: PCI Compliance Program Overview Rick Dakin, QSA August 2008.

Electronic Payments: PCI Compliance Program Overview Rick Dakin, QSA August 2008.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry

PCI DSS for Retail Industry
UCSB Credit Card Processing and PCI Compliance

UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.

PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Similar presentations

Ads by Google