Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Published byGrant Fields Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI: As complicated as it sounds? Gerry Lawrence CTO"— Presentation transcript:

1 www.netbenefit.com PCI: As complicated as it sounds? Gerry Lawrence CTO gerry.lawrence@netbenefit.com

2 www.netbenefit.com Background ► Experts in business critical hosting ► Wide range of customers ► …including many e-commerce sites

3 www.netbenefit.com Growth of e-commerce Source: UK National Statistics Office

4 www.netbenefit.com Card fraud Source: UK Card Association Reduction due to: Sophisticated fraud screening Cardholder authentication Awareness campaign PCI compliance improvements

5 www.netbenefit.com Card fraud Source: Home Office statistics (534 businesses polled) At some point every business website will suffer an attempted attack in a year. In 2008 75600 burglary's took place in the UK according to Home Office statistics yet the number of hacks that occur far outweigh this figure. According to Information Security Breaches survey 2010 94% of business respondents suffered a security breach

6 www.netbenefit.com Card fraud Source: Home Office statistics (534 businesses polled) ► PCI awareness increased ► PCI standards more organised more specific and tougher ► Banks now following through on non-compliance

7 www.netbenefit.com Time/resource ► Many skills only needed some of the time ► Monitoring is very time consuming ► Monitoring needs to happen 24x7

8 www.netbenefit.com Skills ► Deep understanding of the compliance and regulatory framework ► Secure network design ► Systems design ► Detailed log analysis ► Incident response

9 www.netbenefit.com Typical system Internet Primary datacentre Secondary datacentre Firewalls Firewall Web servers Database servers Backup server Web server Database server Backup server SAN Load balanced

10 www.netbenefit.com Choosing the right partner Selection criteria: ► Security industry expertise to compliment our own ► Specific PCI compliance experience ► Pro-active 24 hour monitoring and response service ► Cultural fit and great attitude

11 www.netbenefit.com Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters 12 steps to achieve PCI Compliance

12 www.netbenefit.com Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks 12 steps to achieve PCI Compliance

13 www.netbenefit.com Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications 12 steps to achieve PCI Compliance

14 www.netbenefit.com Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7:Restrict access to cardholder data by business need-to-know Requirement 8:Assign a unique ID to each person with computer access Requirement 9:Restrict physical access to cardholder data 12 steps to achieve PCI Compliance

15 www.netbenefit.com Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7:Restrict access to cardholder data by business need-to-know Requirement 8:Assign a unique ID to each person with computer access Requirement 9:Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10:Track and monitor all access to network resources and cardholder data Requirement 11:Regularly test security systems and processes 12 steps to achieve PCI Compliance

16 www.netbenefit.com Build and Maintain a Secure Network Requirement 1:Install and maintain a firewall configuration to protect cardholder data Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3:Protect stored cardholder data Requirement 4:Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5:Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7:Restrict access to cardholder data by business need-to-know Requirement 8:Assign a unique ID to each person with computer access Requirement 9:Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10:Track and monitor all access to network resources and cardholder data Requirement 11:Regularly test security systems and processes Maintain an Information Security Policy Requirement 12:Maintain a policy that addresses information security 12 steps to achieve PCI Compliance

17 www.netbenefit.com 12 steps to achieve PCI Compliance PCI compliance… Does it apply to me? No, because I use a 3 rd party payment provider…. ?

18 www.netbenefit.com 12 steps to achieve PCI Compliance PCI compliance… Does it apply to me? No, because I use a 3 rd party payment provider…. ….ever heard of ‘Man in the Middle’? ?

19 www.netbenefit.com 12 steps to avoid Snakes & Hackers What are the risks? ► Huge Fines ► Banks may refuse your business ► More expose to repeat hacking attacks ► Brand reputation ?

20 www.netbenefit.com 12 steps to avoid Snakes & Hackers How can NetBenefit help?

21 www.netbenefit.com NetBenefit is located at Stand 930 ► Pick up our PCI whitepaper ► Speak to our PCI experts ► Happy to answer any questions

22 www.netbenefit.com Working together

Download ppt "PCI: As complicated as it sounds? Gerry Lawrence CTO"

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.

PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google