pci compliance: is your campus at risk kris herrin, cso, heartland payment systems naccu   march 10, 2009

pci compliance: is your campus at risk kris herrin, cso, heartland payment systems naccu march 10, 2009 PowerPoint PPT Presentation


  • 211 Views
  • Uploaded on
  • Presentation posted in: General

Agenda. Introduction / Goals / ObjectivesDrivers: The

Download Presentation

pci compliance: is your campus at risk kris herrin, cso, heartland payment systems naccu march 10, 2009

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


2. Introduction / Goals / Objectives Drivers: The ‘Carding’ Market Important Roles and Terms Myths of PCI Data Security Standard PCI DSS Compliance in 5 Easy Steps Step 1: No Prohibited Data Step 2: Scope, Scope, Scope Step 3: Payment Application (PA-DSS) Step 4: The DSS Requirements Step 5: Compensating Controls What’s New in PCI DSS v1.2 Tips and Tricks Q&A

3. DISCLAIMERS IANAL – I Am Not A Lawyer IANTPS – I Am Not The PCI SSC IANAQSA – I Am Not A Qualified Security Assessor

6. The stats: Card Present vs. Card Not Present Level 4 vs. Levels 1-3 Universities as % Compromised Compromised Merchants Storing Full Track Merchant Issue vs. Third-Party Issue All numbers available from Trustwave Global Compromise Statistics: https://www.trustwave.com/whitePapers.php

8. You can buy PCI compliance in a box Outsourcing processing makes you compliant PCI is an IT problem PCI Compliance = Security PCI compliance is impossible to obtain PCI requires an army of Qualified Security Assessors PCI is only for the big companies Filling out a SAQ makes you complaint PCI requires storing more data PCI is your processor’s responsibility

10. Definition #1: PCI applies to all system components that “store, process, or transmit cardholder data” Definition #2: “System components” are defined as network component, server, or application included in or connected to the cardholder data environment Definition #3: “Network components” include firewalls, switches, routers, wireless access points, network appliances, and other security appliances Definition #4: “Server” types include web application, database, authentication, mail, proxy, network time protocol, and domain name server Definition #5: “Applications” include all purchased and custom applications, including internal and external (internet) applications

  • Login