1 / 18

PCI DSS for Retail Industry

PCI DSS for Retail Industry. March 21, 2014. Agenda. Threat Landscape Payment Ecosystem Overview of PCI DSS Bank’s Approach for PCIDSS Compliance. Threat Landscape. Increased focus at compromising POS systems at retail outlets

temira
Download Presentation

PCI DSS for Retail Industry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI DSS for Retail Industry March 21, 2014

  2. Agenda • Threat Landscape • Payment Ecosystem • Overview of PCI DSS • Bank’s Approach for PCIDSS Compliance

  3. Threat Landscape • Increased focus at compromising POS systems at retail outlets • Successful data breaches resulting in leakage of millions of cardholder data • Sophisticated attack vectors being used to breach the security controls

  4. Threat landscape

  5. Payment Ecosystem– Terminologies

  6. Payment Card Transaction Flow – Terminologies

  7. Payment Ecosystem – Authorization Flow

  8. Payment Ecosystem – Settlement Flow

  9. PCIDSS Overview - Some Key Terminologies

  10. Payment Card Industry – Security Standards Council

  11. PCI DSS Overview – The standard

  12. Merchant Levels Payment Brand reserves the right to deem the level irrespective of transaction volume

  13. Merchant Reporting Requirements OA: Onsite Assessment R: Recommended IA: Internal Auditor

  14. Service Provider Levels TPP: Third Party Processors Payment Brand reserves the right to deem the level irrespective of transaction volume

  15. Service Provider Reporting Requirements OA: Onsite Assessment IA: Internal Auditor

  16. Need for PCIDSS Compliance

  17. Bank’s Approach for PCIDSS Compliance Two streams of compliance program HDFC Bank has taken the initiative to share the data security alerts and advisories received from Payment brands with all its merchants. Take these alerts/advisories seriously. If not actioned on time you will get hit – as a target or by a random attack.

  18. Thank You Manish Pal, Information Security Group

More Related