PCI PA-DSS Implementation Guide Onslip PAYAPP V2.0 for Onslip S80, Onslip S90

Size: px
Start display at page:

Download "PCI PA-DSS Implementation Guide Onslip PAYAPP V2.0 for Onslip S80, Onslip S90"

Transcription

1 PCI PA-DSS Implementation Guide Onslip PAYAPP V2.0 for Onslip S80, Onslip S90

2 Revision history Revision Date Author Comments Robert Hansson Created Robert Hansson Review and update of document Page 2 of 12

3 References #no Reference title Version [1] Payment Card Industry Payment Application Data Security Standard 2.0 [2] Payment Card Industry Data Security Standard 2.0 [3] Security Requirements for an EFTPOS Terminal 3.0 [4] PCI PIN Security Requirements 1.0 Page 3 of 12

4 Table of Contents REVISION HISTORY 2 REFERENCES 3 INTRODUCTION 6 BACKGROUND 6 PURPOSE 6 USAGE FEL! BOKMÄRKET ÄR INTE DEFINIERAT. ABBREVIATIONS 6 PA-DSS REQUIREMENTS DELETE SENSITIVE AUTHENTICATION DATA STORED BY PREVIOUS PAYMENT APPLICATION VERSIONS DELETE SENSITIVE AUTHENTICATION DATA STORED BY PREVIOUS PAYMENT APPLICATION VERSIONS PURGE CARDHOLDER DATA AFTER CUSTOMER-DEFINED RETENTION PERIOD PROTECT KEYS USED TO SECURE CARDHOLDER DATA AGAINST DISCLOSURE AND MISUSE IMPLEMENT KEY MANAGEMENT PROCESSES AND PROCEDURES FOR CRYPTOGRAPHIC KEYS USED FOR ENCRYPTION OF CARDHOLDER DATA RENDER IRRETRIEVABLE CRYPTOGRAPHIC KEY MATERIAL OR CRYPTOGRAMS STORED BY PREVIOUS PAYMENT APPLICATION VERSIONS USE UNIQUE USER IDS AND SECURE AUTHENTICATION FOR ADMINISTRATIVE ACCESS AND ACCESS TO CARDHOLDER DATA USE UNIQUE USER IDS AND SECURE AUTHENTICATION FOR ACCESS TO PCS, SERVERS, AND DATABASES WITH PAYMENT APPLICATIONS IMPLEMENT AUTOMATED AUDIT TRAILS FACILITATE CENTRALIZED LOGGING USE ONLY NECESSARY AND SECURE SERVICES, PROTOCOLS, COMPONENTS, AND DEPENDENT SOFTWARE AND HARDWARE, INCLUDING THOSE PROVIDED BY THIRD PARTIES SECURELY IMPLEMENT WIRELESS TECHNOLOGY Page 4 of 12

5 6.2 SECURE TRANSMISSIONS OF CARDHOLDER DATA OVER WIRELESS NETWORKS STORE CARDHOLDER DATA ONLY ON SERVERS NOT CONNECTED TO THE INTERNET IMPLEMENT TWO-FACTOR AUTHENTICATION FOR REMOTE ACCESS TO PAYMENT APPLICATION SECURELY DELIVER REMOTE PAYMENT APPLICATION UPDATES SECURELY IMPLEMENT REMOTE ACCESS SOFTWARE SECURE TRANSMISSIONS OF CARDHOLDER DATA OVER PUBLIC NETWORKS ENCRYPT CARDHOLDER DATA SENT OVER ENDUSER MESSAGING TECHNOLOGIES ENCRYPT NON-CONSOLE ADMINISTRATIVE ACCESS Page 5 of 12

6 Introduction Background The Payment Card Industry Data Security Standard (PCI-DSS) defines specific requirements to make sure that the payment equipment are configured, used and maintained in the merchant s payment environment in a way that card transactions are stored, processed and transferred in a secure way. The requirements for the Payment Application Data Security Standard (PA-DSS) are derived from the PCI DSS Requirements and Security Assessment Procedures. The PA-DSS applies to terminal vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. In order to help merchants to fulfill those requirements the terminal vendor obtains a PA-DSS approval to demonstrate that the payment application follows the PCI DSS. The purpose of this guide The purpose of this PA DSS implementation guide is to provide merchants and integrators with information on how to use, install, maintain and secure a PCI DSS compliant environment for Onslip PAYAPP and the Onslip payment equipment in a way that does not compromise the PCI DSS compliance. The merchant is responsible for creating and maintaining a PCI compliant environment with the help of this guide and the PCI regulations. The merchant will also find installation guides, quick guides for how to install and use a card terminal and this implementation guide at Onslip support web site, Abbreviations Abbreviation Full name PCI-DSS PA DSS ECR PNC E2EE PPL SSL IPSEC Payment Industry Data Security Standard Payment Application Data Security Standard Electronic Cash Register Pan Nordic Card Association End To End Encryption Program and parameter loading Secure Sockets Layer Internet Protocol Security Page 6 of 12

7 PA-DSS Requirements Delete sensitive authentication data stored by previous payment application versions Historical data must be removed (magnetic stripe data, card verification codes, PINs, or PIN blocks stored by previous versions of the payment application) How to remove historical data Such removal is absolutely necessary for PCI DSS compliance The payment application does not store any historical cardholder data in the payment application from any processed and transmitted card transaction. Therefor there is no need to delete historical cardholder data and such functionality is not provided. The merchant is responsible to make sure that any historical cardholder data (magnetic stripe data, card verification codes, Pins or Pin blocks) is removed from all surrounding storage devices used in the merchant s computers, ECRs, data storage or electronic cash registers. If the merchants absolutely need to enter PAN, expiration date and CVV2 manually the merchant shall never ever write down or otherwise store such sensitive cardholder data Delete sensitive authentication data stored by previous payment application versions Sensitive authentication data (pre-authorization) must only be collected when needed to solve a specific problem Such data must be stored only in specific, known locations with limited access Only collect a limited amount of such data as needed to solve a specific problem Sensitive authentication data must be encrypted while stored Such data must be securely deleted immediately after use The payment application does not store any historical cardholder data in the payment application from any processed and transmitted card transaction. The payment application will check if there exist any store-andforward (S&F) transactions that have not been transferred to the host using previous application version of payment application. The new payment application will make sure that all transaction data in S&F will be sent and thereafter be completely erased from payment application. 2.1 Purge cardholder data after customer-defined retention period. Cardholder data must be purged after it exceeds the customer-defined retention period All locations where payment application stores cardholder data Cardholder data is sent encrypted in the authorization message making the transaction end-to-end encrypted required by PNC, the E2EE requirement and the requirements described in the specification Security Requirements for an EFTPOS Terminal. If the host is unavailable sensitive cardholder data of the transaction will be stored fully encrypted in a store-and-forward (S&F) queue. All transaction data in S&F will be sent immediately when host is available and will thereafter be completely erased from S&F queue when host have accepted the transaction. Page 7 of 12

8 2.5 Protect keys used to secure cardholder data against disclosure and misuse. Restrict access to keys to the fewest number of custodians necessary. Store keys securely in the fewest possible locations and forms All keys used to secure encryption are stored in a secure memory of the terminal, which is never allowed to be accessed by the payment application. The key loading is handled in a secure environment where a limited amount of key custodians have access to the key loading facility following PCI PIN Security Requirements. 2.6 Implement key management processes and procedures for cryptographic keys used for encryption of cardholder data. How to securely generate, distribute, protect, change, store, and retire/replace encryption keys, where customers or resellers/integrators are involved in these key management activities. A sample Key Custodian form for key custodians to acknowledge that they understand and accept their key-custodian responsibilities. How to perform key management functions defined in PA-DSS requirements through The key management process where the most secure keys are loaded in a secure environment follows procedures defined by the PCI PIN Security Requirements and the specifications defined by acquiring banks. 2.7 Render irretrievable cryptographic key material or cryptograms stored by previous payment application versions. Cryptographic material must be rendered irretrievable How to render cryptographic material irretrievable Such irretrievability is absolutely necessary for PCI compliance How to re-encrypt historic data with new keys The payment application does not store any cryptographic key material or cryptograms. 3.1 Use unique user IDs and secure authentication for administrative access and access to cardholder data. That the payment application enforces secure authentication for any authentication credentials (e.g. users, passwords) that the application generates by: - Enforcing secure changes to authentication credentials by the completion of installation and for any subsequent changes (after installation) per PA-DSS requirements through 3.1. Assign secure authentication to default accounts (even if not used), and disable or do not use the accounts. Page 8 of 12

9 How to change and create authentication credentials when such credentials are not generated or managed by the payment application, per PCI DSS Requirements through , by the completion of installation and for subsequent changes after installation, for all application level accounts with administrative access or access to cardholder data. The payment application has no administrative access to any sensitive cardholder data. Any existing administrative access is used for common configuration of the terminal. 3.2 Use unique user IDs and secure authentication for access to PCs, servers, and databases with payment applications. Use unique user names and secure authentication to access any PCs, servers, and databases with payment applications and/or cardholder data, PA-DSS requirements through The payment application has no administrative access to any sensitive cardholder data. Any existing administrative access is used for common configuration of the terminal. 4.1 Implement automated audit trails. Set PCI DSS-compliant log settings, per PA-DSS Requirements 4.2, 4.3 and 4.4 Logs must be enabled, and disabling the logs will result in non-compliance with PCI DSS. The payment application has no administrative access to any sensitive cardholder data. 4.4 Facilitate centralized logging. Provide instructions and procedures for incorporating the payment application logs into a centralized logging server. The payment application has no administrative access to any sensitive cardholder data. 5.4 Use only necessary and secure services, protocols, components, and dependent software and hardware, including those provided by third parties. Document all required protocols, services, components, and dependent software and hardware that are necessary for any functionality of the payment application. Any data sent over public networks are either SSL/TLS- or IPSec-encrypted. Page 9 of 12

10 6.1 Securely implement wireless technology. If wireless is used within payment environment: Change wireless vendor defaults, including default wireless encryption keys, passwords, and SNMP community strings Install a firewall: - Between any wireless networks and systems that store cardholder data, and - Configured to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment Any wireless network shall be setup and maintained as a secure wireless network at all times. If the merchant uses a wireless network within the office network the merchant must make sure to: 1. Always change all wireless vendor default settings of wireless encryption keys, passwords or SNMP community strings and other related security settings for any wireless product used in the network. 2. Always use a minimum of WPA2 for encryption for wireless traffic and never use any wireless network without encryption or any less secure encryption such as WEP. 3. Always update firmware for any wireless products used in the network to support strongest possible encryption using IEEE i (WPA2) for authentication and data transmission over the wireless network. 4. Always change encryption keys, router/firewall settings or any other security issues each time an merchant employee leaves the company, have no need of knowing such security details or changing position where access to such security details are not needed anymore. 5. Always configure to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. 6.2 Secure transmissions of cardholder data over wireless networks. If payment application is implemented into a wireless environment, use industry best practices (for example, IEEE i) to implement strong encryption for authentication and transmission of cardholder data. Any wireless network shall be setup and maintained as a secure wireless network at all times. If the merchant uses a wireless network within the office network the merchant must make sure to: 1. Always change all wireless vendor default settings of wireless encryption keys, passwords or SNMP community strings and other related security settings for any wireless product used in the network. 2. Always use a minimum of WPA2 for encryption for wireless traffic and never use any wireless network without encryption or any less secure encryption such as WEP. 3. Always update firmware for any wireless products used in the network to support strongest possible encryption using IEEE i (WPA2) for authentication and data transmission over the wireless network. 4. Always change encryption keys, router/firewall settings or any other security issues each time an merchant employee leaves the company, have no need of knowing such security details or changing position where access to such security details are not needed anymore. 5. Always configure to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. 9.1 Store cardholder data only on servers not connected to the Internet. Do not store cardholder data on Internet-accessible systems (for example, web server and database server must not be on same server). Page 10 of 12

11 No sensitive cardholder data are stored on any servers Implement two-factor authentication for remote access to payment application. Use two-factor authentication (user ID and password and an additional authentication item such as a token) if the payment application may be accessed remotely. There is no remote access allowed to the payment application Securely deliver remote payment application updates. Activate remote-access technologies for payment application updates only when needed for downloads, and turn off immediately after download completes, per PCI DSS Requirement If computer is connected via VPN or other high-speed connection, receive remote payment application updates via a securely configured firewall or personal firewall per PCI DSS Requirement 1. The payment application will initiate an update when needed by fetching software and parameters over secure Internet connection using secure FTP connection to PPL terminal management system following the PPL specification. The merchant need to make sure that a merchant managed PPL terminal management system or other third party PPL terminal management system have been implemented in a PCI DSS certified environment Securely implement remote access software. Implement and use remote access software security features if remote access software is used to remotely access the payment application or payment environment. There is no remote access allowed to the payment application Secure transmissions of cardholder data over public networks. Implement and use strong cryptography and security protocols for secure cardholder data transmission over public networks. Cardholder data is sent encrypted in the authorization message making the transaction end-to-end encrypted required by PNC, the E2EE requirement and the requirements described in the specification Security Requirements for an EFTPOS Terminal. The encrypted transaction is transferred to the bank hosts using SSL and IPSEC protocols to make it secure and not transferred on open public networks. Page 11 of 12

12 11.2 Encrypt cardholder data sent over enduser messaging technologies. Implement and use a solution that renders the PAN unreadable or implements strong cryptography if PANs can be sent with end-user messaging technologies. There are no such messaging technologies Encrypt non-console administrative access. Implement and use strong cryptography (such as SSH, VPN, or SSL/TLS) for encryption of any non-console administrative access to payment application or servers in cardholder data environment. There is no remote access allowed to the payment application. Page 12 of 12

PCI PA-DSS Implementation Guide Onslip PAYAPP V2.1.x for Onslip S80, Onslip S90

PCI PA-DSS Implementation Guide Onslip PAYAPP V2.1.x for Onslip S80, Onslip S90 PCI PA-DSS Implementation Guide Onslip PAYAPP V2.1.x for Onslip S80, Onslip S90 Revision history Revision Date Author Comments 0.1 2013-10-04 Robert Hansson Created 1.0 2014-01-14 Robert Hansson Review

More information

Point PA-DSS. Implementation Guide. Banksys Yomani VeriFone & PAX VPFIPA0201

Point PA-DSS. Implementation Guide. Banksys Yomani VeriFone & PAX VPFIPA0201 Point PA-DSS Implementation Guide Banksys Yomani 1.04 VeriFone & PAX VPFIPA0201 Implementation Guide Contents 1 Revision history 1 2 Introduction 2 3 Document use 2 3.1 Important notes 2 4 Summary of requirements

More information

PCI PA DSS. PBMUECR Implementation Guide

PCI PA DSS. PBMUECR Implementation Guide Point Transaction Systems SIA PCI PA DSS PBMUECR 02.21.002 Implementation Guide Author: Filename: D01_PBMUECR_Implementation_Guide_v1_3.docx Version: 1.3 Date: 2014-07-17 Circulation: Edited : 2014-07-17

More information

PCI PA DSS. MultiPOINT Implementation Guide

PCI PA DSS. MultiPOINT Implementation Guide PCI PA DSS MultiPOINT 02.20.071 Implementation Guide Author: Sergejs Melnikovs Filename: D01_MultiPOINT_Implementation_Guide_v1_9_1.docx Version: 1.9.1 (ORIGINAL) Date: 2015-02-20 Circulation: Restricted

More information

Verifone Finland PA-DSS

Verifone Finland PA-DSS Verifone Finland PA-DSS Implementation Guide Atos Worldline Yomani & Yomani ML 3.00.xxxx.xxxx Verifone Vx520, Vx520C, Vx680, Vx690, Vx820 & Ux300 VPFIPA0401.xx.xx Implementation Guide Contents 1 Revision

More information

PA-DSS Implementation Guide For

PA-DSS Implementation Guide For PA-DSS Implementation Guide For, CAGE (Card Authorization Gateway Engine), Version 4.0 PCI PADSS Certification 2.0 December 10, 2013. Table of Contents 1. Purpose... 4 2. Delete sensitive authentication

More information

PCI PA DSS Implementation Guide For Atos Worldline Banksys YOMANI XR terminals using the SAPC Y02.01.xxx Payment Core (Stand Alone)

PCI PA DSS Implementation Guide For Atos Worldline Banksys YOMANI XR terminals using the SAPC Y02.01.xxx Payment Core (Stand Alone) PCI PA DSS Implementation Guide For Atos Worldline Banksys YOMANI XR terminals using the SAPC Y02.01.xxx Payment Core (Stand Alone) Version 2.0 Date: 12-Jun-2016 Page 2 (18) Table of Contents 1. INTRODUCTION...

More information

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,

More information

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC) PCI PA - DSS Point Vx Implementation Guide For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC) Version 2.02 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm,

More information

PCI PA DSS Implementation Guide

PCI PA DSS Implementation Guide PCI PA DSS Implementation Guide MultiPOINT 03.20.072.xxxxx & 04.20.073.xxxxx Version 3.1(Release) Date: 2017-04-07 Page 2 (18) Contents Contents... 2 1. Introduction... 3 1.1 Purpose... 3 1.2 Document

More information

Ready Theatre Systems RTS POS

Ready Theatre Systems RTS POS Ready Theatre Systems RTS POS PCI PA-DSS Implementation Guide Revision: 2.0 September, 2010 Ready Theatre Systems, LLC - www.rts-solutions.com Table of Contents: Introduction to PCI PA DSS Compliance 2

More information

PCI PA-DSS Implementation Guide

PCI PA-DSS Implementation Guide PCI PA-DSS Implementation Guide For Atos Worldline Banksys XENTA, XENTEO, XENTEO ECO, XENOA ECO YOMANI and YOMANI XR terminals using the Point BKX Payment Core Software Versions A05.01 and A05.02 Version

More information

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Google Cloud Platform: Customer Responsibility Matrix. December 2018 Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

PA-DSS Implementation Guide for Sage MAS 90 and 200 ERP. and Sage MAS 90 and 200 Extended Enterprise Suite

PA-DSS Implementation Guide for Sage MAS 90 and 200 ERP. and Sage MAS 90 and 200 Extended Enterprise Suite for Sage MAS 90 and 200 ERP Versions 4.30.0.18 and 4.40.0.1 and Sage MAS 90 and 200 Extended Enterprise Suite Versions 1.3 with Sage MAS 90 and 200 ERP 4.30.0.18 and 1.4 with Sage MAS 90 and 200 ERP 4.40.0.1

More information

PCI PA-DSS Implementation Guide

PCI PA-DSS Implementation Guide PCI PA-DSS Implementation Guide For Verifone VX 820 and Verifone VX 825 terminals using the Verifone ipos payment core I02.01 Software Page number 2 (21) Revision History Version Name Date Comments 1.00

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

PA-DSS Implementation Guide

PA-DSS Implementation Guide PA-DSS Implementation Guide PayEx Nordic Payment v1.1.x Version: 1.7 Copyright 2013-2018 Swedbank PayEx Holding AB (Release) Page 2 (16) Revision History Ver. Name Date Comments 1.0 JTK (CT) 2016-11-01

More information

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005 85 Grove Street - Peterboro ugh, N H 0345 8 voice 603-924-6 079 fax 60 3-924- 8668 CN!Express CX-6000 Single User Version 3.38.4.4 PCI Compliance Status Version 1.0 28 June 2005 Overview Auric Systems

More information

Epicor Eagle PA-DSS 2.0 Implementation Guide

Epicor Eagle PA-DSS 2.0 Implementation Guide EPICOR EAGLE PA-DSS IMPLEMENTATION GUIDE PA-DSS IMPLEMENTATION GUIDE Epicor Eagle PA-DSS 2.0 Implementation Guide EL2211-02 This manual contains reference information about software products from Epicor

More information

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard Introduction Verba provides a complete compliance solution for merchants and service providers who accept and/or process payment card data over the telephone. Secure and compliant handling of a customer

More information

University of Sunderland Business Assurance PCI Security Policy

University of Sunderland Business Assurance PCI Security Policy University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director

More information

Stripe Terminal Implementation Guide

Stripe Terminal Implementation Guide Stripe Terminal Implementation Guide 12/27/2018 This document details how to install the Stripe Terminal application in compliance with PCI 1 PA-DSS Version 3.2. This guide applies to the Stripe Terminal

More information

Implementation Guide paypoint version 5.08.xx, 5.11.xx, 5.13.xx, 5.14.xx, 5.15.xx

Implementation Guide paypoint version 5.08.xx, 5.11.xx, 5.13.xx, 5.14.xx, 5.15.xx Implementation Guide paypoint version 5.08.xx, 5.11.xx, 5.13.xx, 5.14.xx, 5.15.xx 1 Introduction This PA-DSS Implementation Guide contains information for proper use of the paypoint application. Verifone

More information

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 1 The PCI Data Security

More information

Implementation Guide. Payment Card Industry Data Security Standard 2.0. Guide version 4.0

Implementation Guide. Payment Card Industry Data Security Standard 2.0. Guide version 4.0 Implementation Guide Payment Card Industry Data Security Standard 2.0 Guide version 4.0 Copyright 2012 Payment Processing Partners Inc. All rights reserved. ChargeItPro and ChargeItPro EasyIntegrator are

More information

Qualified Integrators and Resellers (QIR) TM. QIR Implementation Statement, v2.0

Qualified Integrators and Resellers (QIR) TM. QIR Implementation Statement, v2.0 Qualified Integrators and Resellers (QIR) TM Implementation Statement For each Qualified Installation performed, the QIR Employee must complete this document and confirm whether the Validated Payment Application

More information

Implementation Guide paypoint v5.08.x, 5.11.x, 5.12.x, 5.13.x and 5.14.x

Implementation Guide paypoint v5.08.x, 5.11.x, 5.12.x, 5.13.x and 5.14.x Implementation Guide paypoint v5.08.x, 5.11.x, 5.12.x, 5.13.x and 5.14.x 1 Introduction This PA-DSS Implementation Guide contains information for proper use of the paypoint application. Verifone Norway

More information

Sage Payment Solutions

Sage Payment Solutions Sage Payment Solutions Sage Exchange Desktop (SED) v2.0 PA-DSS Implementation Guide January 2016 This is a publication of Sage Software, Inc. Copyright 2016 Sage Software, Inc. All rights reserved. Sage,

More information

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0 Payment Card Industry (PCI) Data Security Standard Summary of s from PCI DSS Version 1.2.1 to 2.0 October 2010 General General Throughout Removed specific references to the Glossary as references are generally

More information

Advanced Certifications PA-DSS and P2PE. Erik Winkler, VP, ControlCase

Advanced Certifications PA-DSS and P2PE. Erik Winkler, VP, ControlCase Advanced Certifications PA-DSS and P2PE Erik Winkler, VP, ControlCase ControlCase Annual Conference Miami, Florida USA 2017 PCI Family of Standards Ecosystem of payment devices, applications, infrastructure

More information

Payment Card Industry (PCI) Payment Application Data Security Standard. Requirements and Security Assessment Procedures. Version 2.0.

Payment Card Industry (PCI) Payment Application Data Security Standard. Requirements and Security Assessment Procedures. Version 2.0. Payment Card Industry (PCI) Payment Application Data Security Standard Requirements and Security Assessment Procedures Version 2.0 October 2010 Document Changes Date Version Description Pages October 1,

More information

PA DSS Implementation Guide For Verifone terminals e355 and Vx690 using the VEPP NB application version x

PA DSS Implementation Guide For Verifone terminals e355 and Vx690 using the VEPP NB application version x PA DSS Implementation Guide For Verifone terminals e355 and Vx690 using the VEPP NB application version 1.2.1.x Date: 2017-05-04 Page 2 Table of Contents 1. INTRODUCTION... 4 1.1 PURPOSE... 4 1.2 DOCUMENT

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants All other SAQ-Eligible Merchants Version 3.0 February 2014 Document Changes

More information

Payment Card Industry Data Security Standard (PCI-DSS) Implementation Guide For XERA POS Version 1

Payment Card Industry Data Security Standard (PCI-DSS) Implementation Guide For XERA POS Version 1 Payment Card Industry Data Security Standard (PCI-DSS) Implementation Guide For XERA POS Version 1 2 XERA POS Payment Card Industry Data Security Standard (PCI-DSS) Implementation Guide XERA POS Version

More information

Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS)

Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS) Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS) January 2009 1 January 2009 Polycom White Paper: Complying with PCI-DSS Page 2 1.

More information

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

Payment Card Industry Internal Security Assessor: Quick Reference V1.0 PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 2.0 October 2010 Document Changes Date Version Description Pages October 2008 July 2009 October

More information

The Prioritized Approach to Pursue PCI DSS Compliance

The Prioritized Approach to Pursue PCI DSS Compliance PCI DSS PrIorItIzeD APProACh The Prioritized Approach to Pursue PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) provides a detailed, requirements structure for securing cardholder

More information

QuickSale for QuickBooks Version 2.2.*.* Secure Payment Solutions Client Implementation Document PA-DSS 3.2 Last Revision: 03/14/2017

QuickSale for QuickBooks Version 2.2.*.* Secure Payment Solutions Client Implementation Document PA-DSS 3.2 Last Revision: 03/14/2017 QuickSale for QuickBooks Version 2.2.*.* Secure Payment Solutions Client Implementation Document PA-DSS 3.2 Last Revision: 03/14/2017 Revision Date Name Description # 1 11/08/07 CP Added sections 13 and

More information

Voltage SecureData Mobile PCI DSS Technical Assessment

Voltage SecureData Mobile PCI DSS Technical Assessment White Paper Security Voltage SecureData Mobile PCI DSS Technical Assessment Prepared for Micro Focus Data Security by Tim Winston, PCI/P2PE Practice Director, Coalfire Systems, Inc., June 2016 Table of

More information

Activant Eagle PA-DSS Implementation Guide

Activant Eagle PA-DSS Implementation Guide ACTIVANT EAGLE PA-DSS IMPLEMENTATION GUIDE PA-DSS IMPLEMENTATION GUIDE Activant Eagle PA-DSS Implementation Guide EL2211 This manual contains reference information about software products from Activant

More information

Summary of Changes from PA-DSS Version 2.0 to 3.0

Summary of Changes from PA-DSS Version 2.0 to 3.0 Payment Card Industry (PCI) Payment Application Data Security Standard Summary of s from Version 2.0 to 3.0 November 2013 Provided by: Introduction This document provides a summary of changes from v2.0

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants All other SAQ-Eligible Merchants Version 3.1 April 2015 Document Changes Date

More information

Information about this New Document

Information about this New Document Information about this New Document New Document This Payment Card Industry Security Audit Procedures, dated January 2005, is an entirely new document. Contents This document contains audit procedures

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants All other SAQ-Eligible Merchants For use PCI DSS Version 3.1 Revision 1.1

More information

Rural Computer Consultants

Rural Computer Consultants Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Rural Computer Consultants PCI 2-12-15 All other Merchants Version : 2.0 page 1 Part

More information

Installation & Configuration Guide

Installation & Configuration Guide IP/Dial Bridge Installation & Configuration Guide IP/Dial Bridge for Mercury Payment Systems Part Number: 8660.30 IP/Dial Bridge for Mercury Payment Systems 1 IP/Dial Bridge Installation & Configuration

More information

Daxko s PCI DSS Responsibilities

Daxko s PCI DSS Responsibilities ! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise

More information

Understanding the Intent of the Requirements

Understanding the Intent of the Requirements Payment Card Industry (PCI) Data Security Standard Navigating PCI DSS Understanding the Intent of the Requirements Version 1.2 October 2008 Document Changes Date Version Description October 1, 2008 1.2

More information

GlobalSCAPE EFT Server. HS Module. High Security. Detail Review. Facilitating Enterprise PCI DSS Compliance

GlobalSCAPE EFT Server. HS Module. High Security. Detail Review. Facilitating Enterprise PCI DSS Compliance GlobalSCAPE EFT Server HS Module High Security Facilitating Enterprise PCI DSS Compliance Detail Review Table of Contents Understanding the PCI DSS 3 The Case for Compliance 3 The Origin of the Standard

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Merchants Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission This

More information

NETePay 5.0 CEPAS. Installation & Configuration Guide. (for the State of Michigan) Part Number:

NETePay 5.0 CEPAS. Installation & Configuration Guide. (for the State of Michigan) Part Number: NETePay 5.0 Installation & Configuration Guide CEPAS (for the State of Michigan) Part Number: 8660.58 NETePay Installation & Configuration Guide Copyright 2012 Datacap Systems Inc. All rights reserved.

More information

Total Security Management PCI DSS Compliance Guide

Total Security Management PCI DSS Compliance Guide Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to

More information

University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C

University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C All university merchant departments accepting credit cards

More information

Document No.: VCSATSP Restricted Data Protection Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Protection Policy

Document No.: VCSATSP Restricted Data Protection Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Protection Policy DOCUMENT INFORMATION VCSATS Policy Number: VCSATSP 100-070 Title: Restricted Data Protection Policy Policy Owner: Infrastructure Manager Effective Date: 5/1/2013 Revision: 4.0 TABLE OF CONTENTS DOCUMENT

More information

FTD MERCURY X2 IMPLEMENTATION GUIDE FOR PA-DSS

FTD MERCURY X2 IMPLEMENTATION GUIDE FOR PA-DSS FTD MERCURY X2 IMPLEMENTATION GUIDE FOR PA-DSS FTD Mercury X2 Implementation Guide for PA-DSS 2010 Florists Transworld Delivery, Inc. All Rights Reserved. Last Updated: March 1, 2010 Last Reviewed: February

More information

Payment Card Industry Data Security Standard Self-Assessment Questionnaire C Guide

Payment Card Industry Data Security Standard Self-Assessment Questionnaire C Guide Payment Card Industry Data Security Standard Self-Assessment Questionnaire C Guide PCI DSS Version: V3.1, Rev 1.1 Prepared for: The University of Tennessee Merchants The University of Tennessee Foundation

More information

IDPMS 4.1. PA-DSS implementation guide. Document version D01_IDPMS.1.1. By Dennis van Hilten. Amadeus Breda The Netherlands

IDPMS 4.1. PA-DSS implementation guide. Document version D01_IDPMS.1.1. By Dennis van Hilten. Amadeus Breda The Netherlands IDPMS 4.1. PA-DSS implementation guide Document version D01_IDPMS.1.1 By Dennis van Hilten Amadeus Breda The Netherlands Note This PA-DSS Implementation Guide must be reviewed on a yearly basis, whenever

More information

Oracle Hospitality Suite8 Property Version: x PA-DSS 3.2 Implementation Guide. Date: 07/11/2017

Oracle Hospitality Suite8 Property Version: x PA-DSS 3.2 Implementation Guide. Date: 07/11/2017 Wv Oracle Hospitality Suite8 Property Version: 8.10.1.x PA-DSS 3.2 Implementation Guide Date: 07/11/2017 Table of Contents Notice... 3 About this Document... 4 Revision Information... 5 Executive Summary...

More information

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3. INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for

More information

Oracle Hospitality OPERA Cloud Services PA-DSS 3.1 Implementation Guide Release 1.20 Part Number: E February 2016

Oracle Hospitality OPERA Cloud Services PA-DSS 3.1 Implementation Guide Release 1.20 Part Number: E February 2016 Oracle Hospitality OPERA Cloud Services PA-DSS 3.1 Implementation Guide Release 1.20 Part Number: E69080-01 February 2016 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software

More information

Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard

Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard Systems Security Standard ( v3.2) Page 1 of 11 Version and Ownership Version Date Author(s) Comments 0.01 26/9/2016

More information

Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1)

Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1) Appendixes Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1) 1.0 Scope All credit card data and its storage

More information

The Prioritized Approach to Pursue PCI DSS Compliance

The Prioritized Approach to Pursue PCI DSS Compliance PCI DSS Prioritized Approach for PCI DSS.0 PCI DSS Prioritized Approach for PCI DSS.0 The Prioritized Approach to Pursue PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) provides

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire A For use with PCI DSS Version 3.2 Revision 1.1 January 2017 Section 1: Assessment Information

More information

Oracle Hospitality OPERA 5 PA-DSS 3.1 Implementation Guide Release (5.5.X.X) Part Number: E

Oracle Hospitality OPERA 5 PA-DSS 3.1 Implementation Guide Release (5.5.X.X) Part Number: E Oracle Hospitality OPERA 5 PA-DSS 3.1 Implementation Guide Release 5.5.1.0 (5.5.X.X) Part Number: E72248-01 September 2017 Copyright 1987, 2017, Oracle and/or its affiliates. All rights reserved. This

More information

Payment Card Industry (PCI) Data Security Standard and Bsafe/Enterprise Security

Payment Card Industry (PCI) Data Security Standard and Bsafe/Enterprise Security Payment Card Industry (PCI) Data Security Standard and Bsafe/Enterprise Security Mapping of Bsafe/Enterprise Security Controls to PCI-DSS Requirements and Security Assessment Procedures Version 1.2 vember

More information

University of Colorado

University of Colorado University of Colorado Information Technology Services 2007 CU-Boulder Restricted Data System Security Requirements Table of Contents 1 GE ERAL COMPLIA CE... 1 2 ETWORK SECURITY... 1 3 PROTECT STORED DATA...

More information

Attestation of Compliance, SAQ D

Attestation of Compliance, SAQ D Attestation of Compliance, SAQ D Instructions for Submission The merchant must complete this Attestation of Compliance as a declaration of the merchant's compliance status with the Payment Card Industry

More information

Navigating the PCI DSS Challenge. 29 April 2011

Navigating the PCI DSS Challenge. 29 April 2011 Navigating the PCI DSS Challenge 29 April 2011 Agenda 1. Overview of Threat and Compliance Landscape 2. Introduction to the PCI Security Standards 3. Payment Brand Compliance Programs 4. PCI DSS Scope

More information

PCI DSS 3.2 AWARENESS NOVEMBER 2017

PCI DSS 3.2 AWARENESS NOVEMBER 2017 PCI DSS 3.2 AWARENESS NOVEMBER 2017 1 AGENDA PCI STANDARD OVERVIEW PAYMENT ENVIRONMENT 2ACTORS PCI ROLES AND RESPONSIBILITIES MERCHANTS COMPLIANCE PROGRAM PCI DSS 3.2 REQUIREMENTS 2 PCI STANDARD OVERVIEW

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each

More information

Third-Party Service Provider/Auto Club Group (ACG) PCI DSS Responsibility Matrix

Third-Party Service Provider/Auto Club Group (ACG) PCI DSS Responsibility Matrix / PCI DSS Matrix Joint sub-requirements is Requirement 1: Install and maintain a firewall configuration to protect cardholder data 1.1 Establish firewall and router configuration standards that include

More information

PCI Guidance for Restaurant Manager Versions

PCI Guidance for Restaurant Manager Versions PCI Guidance for Restaurant Manager Versions 15.1-18.0 Software, Installation, Server Network, Wireless, & Operations Last Update: 12/13/2011 Contents Notice... 3 About this Document... 3 Introduction...

More information

Applying Oracle Technologies in PCI DSS certification process

Applying Oracle Technologies in PCI DSS certification process Applying Oracle Technologies in PCI DSS certification process Ilonka Duka, dipl. ing.ele. IT Infrastruktura Splitska Banka Societe Générale d.d. ilonka.duka@splitskabanka.hr Agenda Introduction: SGSB,

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire A-EP For use with PCI DSS Version 3.2.1 July 2018 Section 1: Assessment Information Instructions

More information

CASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer

CASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer CASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer v1.0 December 2017 pci-dss@cryptosense.com 1 Contents 1. Introduction 3 2. Technical and Procedural Requirements 3 3. Requirements

More information

A Perfect Fit: Understanding the Interrelationship of the PCI Standards

A Perfect Fit: Understanding the Interrelationship of the PCI Standards A Perfect Fit: Understanding the Interrelationship of the PCI Standards 9/5/2008 Agenda Who is the Council? Goals and target for today s Webinar Overview of the Standards and who s who PCI DSS PA-DSS PED

More information

Oracle Hospitality OPERA Property Management Versions: , , , , and PA-DSS 3.0 Implementation Guide

Oracle Hospitality OPERA Property Management Versions: , , , , and PA-DSS 3.0 Implementation Guide v Oracle Hospitality OPERA Property Management Versions: 5.0.04.00, 5.0.04.01, 5.0.04.02, 5.0.04.03, and 5.0.05.00 PA-DSS 3.0 Implementation Guide Document Version: 1.0 Part Number: E68000-01 Date: 8/16/2017

More information

Old requirement New requirement Detail Effect Impact

Old requirement New requirement Detail Effect Impact RISK ADVISORY THE POWER OF BEING UNDERSTOOD PCI DSS VERSION 3.2 How will it affect your organization? The payment card industry (PCI) security standards council developed version 3.2 of the Data Security

More information

Oracle Hospitality RES 3700 PA-DSS 3.1 Implementation Guide Release 5.5 E June 2016

Oracle Hospitality RES 3700 PA-DSS 3.1 Implementation Guide Release 5.5 E June 2016 Oracle Hospitality RES 3700 PA-DSS 3.1 Implementation Guide Release 5.5 E76233-01 June 2016 Copyright 1998, 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants All other SAQ-Eligible Merchants For use PCI DSS Version 3.2 Revision 1.1

More information

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016 Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions. If your business processes Visa and MasterCard debit or credit card transactions, you need to have Payment Card Industry Data Security Standard (PCI DSS) compliance. We understand that PCI DSS requirements

More information

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4 Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of

More information

NETePay 5. Monetary Host. Installation & Configuration Guide. Part Number: Version Includes PCI PA-DSS 3.2 Implementation Guide

NETePay 5. Monetary Host. Installation & Configuration Guide. Part Number: Version Includes PCI PA-DSS 3.2 Implementation Guide NETePay 5 Installation & Configuration Guide Includes PCI PA-DSS 3.2 Implementation Guide Monetary Host Version 5.07 Part Number: 8728.18 NETePay Installation & Configuration Guide Copyright 2006-2017

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.2 April 2016 Section 1: Assessment Information Instructions for Submission

More information

Oracle Hospitality e7 PA-DSS 3.2 Implementation Guide Release 4.4.X E May 2018

Oracle Hospitality e7 PA-DSS 3.2 Implementation Guide Release 4.4.X E May 2018 Oracle Hospitality e7 PA-DSS 3.2 Implementation Guide Release 4.4.X E93952-01 May 2018 Copyright 2004, 2018, Oracle and/or its affiliates. All rights reserved. This software and related documentation are

More information

Requirements for University Related Activities that Accept Payment Cards

Requirements for University Related Activities that Accept Payment Cards Requirements for ersity Related Activities that Accept Payment Cards Last Updated: 20-Apr-2009 TABLE OF CONTENTS OBJECTIVE STATEMENT AND INTRODUCTION... 4 Compliance... 4 Environment... 4 Material... 5

More information

Assessor Company: Control Gap Inc. Contact Contact Phone: Report Date: Report Status: Final

Assessor Company: Control Gap Inc. Contact   Contact Phone: Report Date: Report Status: Final Payment Card Industry Payment Application Data Security Standard PCI PA-DSS v3.2 Before and After Redline View Change Analysis Between PCI PA-DSS v3.1 and v3.2 Assessor Company: Control Gap Inc. Contact

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance Merchants with Web-Based Virtual Payment Terminals No Electronic Cardholder Data Storage

More information

NETePay 5. TSYS Host. Installation & Configuration Guide V5.07. Part Number: With Dial Backup. Includes PA-DSS V3.2 Implementation Guide

NETePay 5. TSYS Host. Installation & Configuration Guide V5.07. Part Number: With Dial Backup. Includes PA-DSS V3.2 Implementation Guide NETePay 5 Installation & Configuration Guide TSYS Host With Dial Backup Includes PA-DSS V3.2 Implementation Guide V5.07 Part Number: 8660.62 NETePay Installation & Configuration Guide Copyright 2006-2017

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers SAQ-Eligible Service Providers For use PCI DSS Version 3.2 April 2016

More information

NETePay 5. Installation & Configuration Guide. Vantiv Integrated Payments. With Non-EMV Dial Backup V Part Number:

NETePay 5. Installation & Configuration Guide. Vantiv Integrated Payments. With Non-EMV Dial Backup V Part Number: NETePay 5 Installation & Configuration Guide Vantiv Integrated Payments (Formerly Mercury Payment Systems) With Non-EMV Dial Backup Includes PA-DSS V3.2 Implementation Guide V 5.07 Part Number: 8660.30

More information

PCI DSS Responsibility Matrix PCI DSS 3.2 Requirement

PCI DSS Responsibility Matrix PCI DSS 3.2 Requirement FTD Florist Requirement 1: Install and maintain a firewall configuration to protect 1.1 Establish firewall and router configuration standards that include the following: 1.1.1 A formal process for approving

More information

Payment Card Industry Self-Assessment Questionnaire

Payment Card Industry Self-Assessment Questionnaire Payment Card Industry Self-Assessment Questionnaire How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements

More information

Section 1: Assessment Information

Section 1: Assessment Information Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the merchant s self-assessment with the Payment Card Industry Data Security

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.2 Revision 1.1 January 2017 Section 1:

More information

Segmentation, Compensating Controls and P2PE Summary

Segmentation, Compensating Controls and P2PE Summary Segmentation, Compensating Controls and P2PE Summary ControlCase Annual Conference New Orleans, Louisiana USA 2016 Segmentation Reducing PCI Scope ControlCase Annual Conference New Orleans, Louisiana USA

More information