pci compliance technical overview n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
PCI Compliance Technical Overview PowerPoint Presentation
Download Presentation
PCI Compliance Technical Overview

Loading in 2 Seconds...

play fullscreen
1 / 14

PCI Compliance Technical Overview - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

PCI Compliance Technical Overview. RM PCI Calendar. Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release Sept 2006: Validation Report sent to VISA Jan 2007: VISA approves certification. Card Data Compromises.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PCI Compliance Technical Overview' - idola


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
rm pci calendar
RM PCI Calendar

Dec 2005: Began PCI 15.1 development

Feb 2006: Initial PCI Audit

Sept 2006: Official 15.1 PCI Release

Sept 2006: Validation Report sent to VISA

Jan 2007: VISA approves certification

card data compromises
Card Data Compromises
  • 40% of all compromises involve a restaurant
  • Top 5 compromises:
    • Full track data retention
    • Default accounts
    • Insecure remote access
    • Non-use of security tools (antivirus, encryption)
    • SQL injection
terms and definitions
Terms and Definitions
  • PCI DSS: Payment Card Industry Data Security Standard
  • PABP: Payment Application Best Practices
  • RM is a validated payment application that meets the PCI PABP
  • So what is “PCI Compliance”? Hint: It’s not simply installing RM 15.1.
the pci compliant site
The PCI Compliant Site

Restaurant must use PCI PABP validated POS application, properly configured, implementing proper procedures, and installed following all site-specific PCI guidelines and rules.

That’s 4 areas needing attention:

  • Use PABP validated applications
  • Proper configuration
  • Proper procedures
  • Follow site guidelines
1 use pabp validated applications
1. Use PABP validated applications
  • Use RM 15.1 (final release Sept 2006 or later)
  • Use certified credit card processing gateways (e.g. Mercury Payment Systems, PC Charge, Datacap)
2 proper configuration
2. Proper Configuration
  • Follow ASI PCI configuration guidelines:
    • RM and Reseller PCI Guidance Doc
    • Logging, Audit Trail
    • Admin Password Expiration
3 proper procedures
3. Proper Procedures
  • Enforcing limited access to RM Server machine.
  • Internet use from Server machine
  • Remote access (allowed only during incident)
  • No emailing of card data
4 site guidelines
4. Site Guidelines
  • Secure RM Server (credit card server)
    • Physical access
    • Logical access (open ports)
    • Firewalled
  • Network
  • Remote Access 2-factor authentication (VPN + PCAnywhere passwords)
  • And Wireless …
4 site guidelines wifi
4. Site Guidelines (WiFi)
  • Enable WPA with key rotation
  • Change SSID from default
  • Turn off SSID broadcast
  • Implement MAC address filtering
  • Install firewall services between APs and RM Server
  • Port/Service Restrictions
    • Only: TCP 80, DNS 53, ICMP
thank you
Thank you

Questions?