Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release.

Published byJanice Casey Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release."— Presentation transcript:

1 PCI Compliance Technical Overview

2 RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release Sept 2006: Validation Report sent to VISA Jan 2007: VISA approves certification

3 Card Data Compromises n 40% of all compromises involve a restaurant n Top 5 compromises:  Full track data retention  Default accounts  Insecure remote access  Non-use of security tools (antivirus, encryption)  SQL injection

4 Terms and Definitions n PCI DSS: Payment Card Industry Data Security Standard n PABP: Payment Application Best Practices n RM is a validated payment application that meets the PCI PABP n So what is “PCI Compliance”? Hint: It’s not simply installing RM 15.1.

5 The PCI Compliant Site Restaurant must use PCI PABP validated POS application, properly configured, implementing proper procedures, and installed following all site-specific PCI guidelines and rules. That’s 4 areas needing attention: n Use PABP validated applications n Proper configuration n Proper procedures n Follow site guidelines

6 1. Use PABP validated applications n Use RM 15.1 (final release Sept 2006 or later) n Use certified credit card processing gateways (e.g. Mercury Payment Systems, PC Charge, Datacap)

7 2. Proper Configuration n Follow ASI PCI configuration guidelines:  RM and Reseller PCI Guidance Doc RM and Reseller PCI Guidance  Logging, Audit Trail  Admin Password Expiration

8 3. Proper Procedures n Enforcing limited access to RM Server machine. n Internet use from Server machine n Remote access (allowed only during incident) n No emailing of card data

9 4. Site Guidelines n Secure RM Server (credit card server)  Physical access  Logical access (open ports)  Firewalled n Network n Remote Access 2-factor authentication (VPN + PCAnywhere passwords) n And Wireless …

10 4. Site Guidelines (WiFi) n Enable WPA with key rotation n Change SSID from default n Turn off SSID broadcast n Implement MAC address filtering n Install firewall services between APs and RM Server n Port/Service Restrictions  Only: TCP 80, DNS 53, ICMP

11 Basic Network Internet

12 Network w/ WiFi Internet

13 Network w/ WiFi Internet Symbol WS2000

14 Thank you Questions?

Download ppt "PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response

Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response
PCI Compliance Technical Overview 2008. RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves.

PCI Compliance Technical Overview RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Similar presentations

Ads by Google