Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI Compliance Technical Overview 2008. RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI Compliance Technical Overview 2008. RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves."— Presentation transcript:

1 PCI Compliance Technical Overview 2008

2 RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves certification May 2007: Official 16.0 PCI Release Dec 2007: 16.0 certified PCI Compliant Awaiting VISA certification approval

3 Terms and Definitions n PCI DSS: Payment Card Industry Data Security Standard n PABP: Payment Application Best Practices n RM is a validated payment application that meets the PCI PABP n So what is “PCI Compliance”? Hint: It’s not simply installing RM 15.1.

4 The PCI Compliant Site To be a fully PCI compliant site, there are 4 areas needing attention: n Use PABP validated applications  Install RM 15.1 or later n Proper configuration  RM and Reseller PCI Guidance Doc RM and Reseller PCI Guidance n Proper procedures  Server machine access  Remote access n Site guidelines  Physical machine access  Network / Wireless

5 Basic Network Internet

6 Network w/ WiFi Internet

7 Network w/ WiFi Internet Symbol WS2000

8 Network w/ web svcs Internet Symbol WS2000 DMZ for Online Ordering Rmbrowser Write-On Phone Central Manager

9 What’s a DMZ? n DMZ: “De-Militarized Zone” n Separate network isolated from RM network n DMZ exposed to internet n RM network isolated from internet n All enforced through firewall configuration rules

10 Network with DMZ Internet DMZ 10.1.1.* RM 10.1.0.* 10.1.1.1 10.1.0.1 10.1.1.254 10.1.0.254

11 Setting up DMZ Server n RM and Reseller PCI Guidance : RM and Reseller PCI Guidance  Install NetworkActiv AUTAPF port forwarder as a service  Configure single port forwarding rule  Configure OO/RMbrowser/WO Phone setup to go to DMZ machine and port

12 Firewall Rules Internet DMZ 10.1.1.* RM 10.1.0.* Limited to proxy

13 Setting up the Firewall n Symbol WS2000 configuration  Two subnets  1 for RM  1 for DMZ  Firewall Rules n Now we’ll show you how…

14 Questions?

Download ppt "PCI Compliance Technical Overview 2008. RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.
ES-4000 Mail Server Appliance. Example Definition Combine RS-3000 and ES-4000 to setup mail server with Mail Security feature. RS-3000 – WAN IP: 60.250.158.64.

ES-4000 Mail Server Appliance. Example Definition Combine RS-3000 and ES-4000 to setup mail server with Mail Security feature. RS-3000 – WAN IP:
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal.

Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal.
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response

Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response
Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.

Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.
Larry Edie & Annie Ballew.  Who are you users?  What do you know about your users?  How can you cost-effectively manage this information?  How can.

Larry Edie & Annie Ballew.  Who are you users?  What do you know about your users?  How can you cost-effectively manage this information?  How can.
PCI and the Cloud Paul Court - Technical Operations Director - Claranet UK Payment and Fraud Conference - 11th February 2010.

PCI and the Cloud Paul Court - Technical Operations Director - Claranet UK Payment and Fraud Conference - 11th February 2010.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Wi-Fi Structures.

Wi-Fi Structures.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

Similar presentations

Ads by Google