Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

Published byArthur Harvey Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation."— Presentation transcript:

1 Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation

2 PCI Background PCI-DSS developed: –Encourage and enhance cardholder data security –Facilitate adoption of consistent data security measures globally –Provide a baseline of Operational and Technical requiremeents to protect data

3 Who does PCI-DSS Apply TO To ALL entities involved in Payment Card Processing –Merchants –Acquirers –Processors –Issuers –Service Providers

4 The Question is Do you STORE PROCESS Or TRANSMIT Cardholder Data?????

5 The Answer YES, if Store Cardholder Reports Card Data Module on your Data Processing System Process Card Files- Post Transactions Batch or On-line-ATM, Debit, Credit Transmit Files-PBF, Card Issuance, Online Authorizations

6 What are the Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy

7 Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to maintain data 2. Do not uses vendor-supplied defaults for system passwords and other security parameters

8 Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open,public networks

9 Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software and programs 6. Develop and maintain secure systems and applications

10 Implement Strong Access Control Measures 7. Restrict access to cardholder data and business NEED TO KNOW 8. Assign a unique ID to each person with computer and data access 9 Restrict physical access to cardholder data

11 Regularly Monitor and Test Networks 10. Track and Monitor all access to network resources and cardholder data 11. Regularly test security systems and processes

12 Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel

13 Requirements---Easy There are ONLY 12

14 PCI DSS Applicability Wherever account data is stored,processed or transmitted???? Account data is Cardholder Data PLUS sensitive Authentication Data: –Cardholder Data- Primary Account Number PAN –Cardholder Name –Expiration Date and Service Code

15 Applicability Information cont’d Sensitive Authentication Data includes: –Full magnetic stripe data or equivalent on a chip –CAV2/CVC2/CVV2/CID –PINs/PIN Blocks

16 Here’s THE Test

17 Is Storage Permitted PAN Yes Cardholder Name Yes Service Code Yes Expiration Date Yes Full Magnetic Stripe Data No CVV/CVC/CAV/CID No PIN/PIN Block No

18 If YES, now what? Stored data MUST be unreadable PAN YES Cardholder Name No Service Code No Expiration Date No Sensitive Authentication Data Cannot be stored period

19 What Next Perform a Risk Assessment Know what data you have, who has access and what you do with it Know how your network is secured Establish an Information Security Policy and Standards Document Engage the Board of Directors, Internal Auditor, External Auditor

20 What Next cont’d Make a Plan to become PCI Compliant Engage the services of a Qualified System Assessor (QSA) Validate your data providers are PCI Certified

21 Next Security Physical and Data is everyone’s responsibility Take it seriously and protect your member cardholder data

22 Questions???

23 Resources www.pcisecuritystandards.org

24 THANK YOU Cathy Pettis, SVP Cathy.pettis@ilcusys.org

Download ppt "Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
Where worlds collide… PCI-DSS for OWASP Practitioners OWASP Day NZ July 2009.

Where worlds collide… PCI-DSS for OWASP Practitioners OWASP Day NZ July 2009.
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
PCI DSS and MasterCard Site Data Protection Program Payment System Integrity September 2008.

PCI DSS and MasterCard Site Data Protection Program Payment System Integrity September 2008.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google