An Introduction to PCI Compliance - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

An Introduction to PCI Compliance

Description:

An Introduction to PCI Compliance Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits of PCI Compliance ... – PowerPoint PPT presentation

Number of Views:243
Avg rating:3.0/5.0
Slides: 18
Provided by: AmyAi
Learn more at: https://mobar.org
Category:

less

Transcript and Presenter's Notes

Title: An Introduction to PCI Compliance


1
An Introduction to PCI Compliance
2
  • Data Breach Trends
  • About PCI-SSC
  • 12 Requirements of PCI-DSS
  • Establishing Your Validation Level
  • PCI Basics
  • Benefits of PCI Compliance
  • Benefits of Accepting Credit Cards

3
Source http//www.verizonbusiness.com/resources/s
ecurity/reports/2009_databreach_rp.pdf
4
  • From the chart, it is evidentunauthorized
    access via
  • default, shared, or stolen credentials
    constituted more than a
  • third of the entire hacking category and over
    half of all
  • compromised records.
  • Example Titos Taco Shack

Source http//www.verizonbusiness.com/resources/s
ecurity/reports/2009_databreach_rp.pdf
5
PCI-SSC
6
Payment Card Industry - Security Standards
Council
Does
Does Not
Data Security Standard (DSS) Payment Application
Data Security Standard (PA-DSS) Pin Transaction
Security (PTS) Requirements.
Enforce standards Set fine and fee
structures Set validation levels
7
  • Build and Maintain a Secure Network
  • Requirement 1 Install and maintain a firewall
    configuration to protect cardholder data
  • Requirement 2 Do not use vendor-supplied
    defaults for system passwords and other security
    parameters
  • Protect Cardholder Data
  • Requirement 3 Protect stored cardholder data
  • Requirement 4 Encrypt transmission of cardholder
    data across open, public networks
  •  
  • Maintain a Vulnerability Management Program
  • Requirement 5 Use and regularly update
    anti-virus software
  • Requirement 6 Develop and maintain secure
    systems and applications
  • Implement Strong Access Control Measures
  • Requirement 7 Restrict access to cardholder data
    by business need-to-know
  • Requirement 8 Assign a unique ID to each person
    with computer access
  • Requirement 9 Restrict physical access to
    cardholder data
  •  
  • Regularly Monitor and Test Networks
  • Requirement 10 Track and monitor all access to
    network resources and cardholder data
  • Requirement 11 Regularly test security systems
    and processes
  • Maintain an Information Security Policy

8
State PCI Law
Breach Notification Laws
9
  • Any merchant that processes, transmits, or stores
    credit card data regardless of processing volume
    must comply to PCI-DSS regulations.
  • Every merchant must validate compliance every
    year.
  • MIDs under different TAXIDs will need to certify
    separately.
  • Check with your Acquiring bank for specific
    validation requirements and deadlines

10
(No Transcript)
11
Level Merchant Criteria Validation Requirements
1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance Form
2 Merchants processing 1 million to 6 million Visa transactions annually (all channels) Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance Form
3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually Annual SAQ Quarterly network scan by ASV Attestation of Compliance Form
4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. Annual SAQ recommended Quarterly network scan by ASV if applicable Compliance validation requirements set by acquirer
Source www.visa.com/cisp
12
Source www.pcisecuritystandards.org
13
(No Transcript)
14
  • Peace of mind for your business and clients
  • Decreased risk of security breaches
  • Boost in customer confidence
  • Protection from costly fines
  • Relatively quick and easy
  • Safeguard your business reputation

15
  • Stay viable in the marketplace The number of
    payments made by debit, credit, or EBT card grew
    by 12.8 billion from 2003 to 2006, reaching 48.1
    billion and exceeding the number of checks paid
    by 17.6 billion.
  • Offer payment flexibility to clients
  • Improve cash flow
  • Reduce the hassle of collections

http//www.federalreserve.gov/pubs/bulletin/2008/
articles/payments/default.htm
16
www.visa.com/cisp www.pcisecuritystandards.org w
ww.mastercard.com/us/sdp/education www.pcicentral
.com/docs/pciscc_ten_common_myths.pdf http//www.
federalreserve.gov/pubs/bulletin/2008/articles/pay
ments/default.htm http//www.verizonbusiness.com/
resources/security/reports/2009_databreach_rp.pdf

17
Amy Airhart 1-866-376-0947 info_at_pcicentral.com
www.pcicentral.com
Write a Comment
User Comments (0)
About PowerShow.com