1 / 15

Tech Forum 2013 PCI Compliance

Tech Forum 2013 PCI Compliance. What is it ?. A set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID). What isn’t it ?.

williamsamanda
Download Presentation

Tech Forum 2013 PCI Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tech Forum 2013PCI Compliance

  2. What is it ? A set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID).

  3. What isn’t it ? • PCI is not, in itself, a law. The standard was created by the major card brands • merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, forensic audits, brand damage etc., should a breach event occur

  4. Basic Facts • launched on September 7, 2006 • focus on improving payment account security throughout the transaction process • administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands

  5. Coverage • In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International

  6. Why do it – the positive • your systems are secure • customers can trust you with their sensitive payment card information • improves your reputation with acquirers and payment brands • helps prevent security breaches and theft of payment card data • Compromised data negatively affects consumers, merchants, and financial institutions

  7. Why do it – avoid the negative • one incident can severely damage your reputation • Possible negative consequences also include: • Lawsuits • Insurance claims • Cancelled accounts • Payment card issuer fines • Government fines

  8. What are the penalties for noncompliance? • Acquiring banks are fined and typically pass the fines on • Transaction fees may increase • Bank relationship could be terminated • Check your merchant agreement

  9. The Banks • Most banks advertise a policy • Information should be available online • Talk to your account manager • The Reserve Bank: • Any merchant that is not PCI DSS compliant can potentially be prevented from processing card payments

  10. What the banks say - Westpac • Being compliant to the PCIDSS forms part of your merchant agreement • Westpac will review your transaction count annually and should we require you to validate compliance as a Level 1, 2 or 3 merchant we will advise you accordingly. • At all times, the Westpac PCIDSS Levels will take precedence over MasterCard and Visa levels for our merchants.

  11. Commonwealth

  12. ANZ • As a merchant, it is vital to protect your customers as well as your business against misuse of credit & debit account information. It is essential that you do not store prohibited cardholder data such as magnetic stripe data (track data) and Customer Verification Value (CVV) after a transaction is completed.

  13. How does it apply ?

  14. thankQ Processing • To store Credit Card details or not ? • Options for storing them outside of your business: • Macquarie • SecurePay • Remember the paperwork

More Related