1 / 17

An Introduction to PCI Compliance

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits of PCI Compliance Benefits of Accepting Credit Cards.

ramona
Download Presentation

An Introduction to PCI Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Introduction to PCI Compliance

  2. Data Breach Trends • About PCI-SSC • 12 Requirements of PCI-DSS • Establishing Your Validation Level • PCI Basics • Benefits of PCI Compliance • Benefits of Accepting Credit Cards

  3. Source: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

  4. “From the chart, it is evident…unauthorized access via default, shared, or stolen credentials constituted more than a third of the entire hacking category and over half of all compromised records. “ Example: “Tito’s Taco Shack” Source: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

  5. PCI-SSC

  6. Payment Card Industry - Security Standards Council Does Does Not Data Security Standard (DSS) Payment Application Data Security Standard (PA-DSS) Pin Transaction Security (PTS) Requirements. Enforce standards Set fine and fee structures Set validation levels

  7. Build and Maintain a Secure Network • Requirement 1: Install and maintain a firewall configuration to protect cardholder data • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters • Protect Cardholder Data • Requirement 3: Protect stored cardholder data • Requirement 4: Encrypt transmission of cardholder data across open, public networks • Maintain a Vulnerability Management Program • Requirement 5: Use and regularly update anti-virus software • Requirement 6: Develop and maintain secure systems and applications • Implement Strong Access Control Measures • Requirement 7: Restrict access to cardholder data by business need-to-know • Requirement 8: Assign a unique ID to each person with computer access • Requirement 9: Restrict physical access to cardholder data • Regularly Monitor and Test Networks • Requirement 10: Track and monitor all access to network resources and cardholder data • Requirement 11: Regularly test security systems and processes • Maintain an Information Security Policy • Requirement 12: Maintain a policy that addresses information security

  8. = State PCI Law = Breach Notification Laws

  9. Any merchant that processes, transmits, or stores credit card data regardless of processing volume must comply to PCI-DSS regulations. • Every merchant must validate compliance every year.* • MIDs under different TAXIDs will need to certify separately. * Check with your Acquiring bank for specific validation requirements and deadlines

  10. Source: www.visa.com/cisp

  11. Source: www.pcisecuritystandards.org

  12. Peace of mind for your business and clients • Decreased risk of security breaches • Boost in customer confidence • Protection from costly fines • Relatively quick and easy • Safeguard your business reputation

  13. Stay viable in the marketplace – “The number of payments made by debit, credit, or EBT card grew by 12.8 billion from 2003 to 2006, reaching 48.1 billion and exceeding the number of checks paid by 17.6 billion.“* • Offer payment flexibility to clients • Improve cash flow • Reduce the hassle of collections *http://www.federalreserve.gov/pubs/bulletin/2008/articles/payments/default.htm

  14. www.visa.com/cisp www.pcisecuritystandards.org www.mastercard.com/us/sdp/education www.pcicentral.com/docs/pciscc_ten_common_myths.pdf http://www.federalreserve.gov/pubs/bulletin/2008/articles/payments/default.htm http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

  15. Amy Airhart 1-866-376-0947 info@pcicentral.com www.pcicentral.com

More Related