The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

Similar documents
PCI DSS 3.2 AWARENESS NOVEMBER 2017

PCI Compliance: It's Required, and It's Good for Your Business

PCI COMPLIANCE IS NO LONGER OPTIONAL

Navigating the PCI DSS Challenge. 29 April 2011

Merchant Guide to PCI DSS

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

PCI DSS COMPLIANCE 101

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

Commerce PCI: A Four-Letter Word of E-Commerce

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

Site Data Protection (SDP) Program Update

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

Will you be PCI DSS Compliant by September 2010?

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

University of Sunderland Business Assurance PCI Security Policy

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Payment Card Industry Data Security Standards Version 1.1, September 2006

Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions

Payment Card Industry (PCI) Compliance

City of Portland Audit: Follow-Up on Compliance with Payment Card Industry Data Security Standard BY ALEXANDRA FERCAK SENIOR MANAGEMENT AUDITOR

PCI compliance the what and the why Executing through excellence

PCI DSS COMPLIANCE DATA

GUIDE TO STAYING OUT OF PCI SCOPE

SIP Trunks. PCI compliance paired with agile and cost-effective telephony

Payment Card Industry (PCI) Data Security Standard

The IT Search Company

Managing Risk in the Digital World. Jose A. Rodriguez, Director Visa Consulting and Analytics

A QUICK PRIMER ON PCI DSS VERSION 3.0

PCI Compliance. What is it? Who uses it? Why is it important?

Payment Card Industry (PCI) Data Security Standard

The PCI Security Standards Council

Payment Card Industry (PCI) Data Security Standard

ISACA Kansas City Chapter PCI Data Security Standard v2.0 Overview

PCI DATA SECURITY STANDARDS VERSION 3.2. What's Next?

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager

Data Security Standard

Best Practices (PDshop Security Tips)

Protect Comply Thrive. The PCI DSS: Challenge or opportunity?

Payment Card Industry (PCI) Data Security Standard

THE PCI DSS IS NOT THE RESULT OF A KNEE-JERK REACTION TO AN INCREASE IN SECURITY BREACHES BUT IT IS A STUDIED APPROACH TO DATA SECURITY

Understanding PCI DSS Compliance from an Acquirer s Perspective

PCI Compliance Updates

Payment Card Industry (PCI) Data Security Standard

PCI DSS Illuminating the Grey 25 August Roger Greyling

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.2)

Payment Card Industry (PCI) Data Security Standard

Introduction to the PCI DSS: What Merchants Need to Know

Using GRC for PCI DSS Compliance

PCI DSS Q & A to get you started

Customer Compliance Portal. User Guide V2.0

Webinar: How to keep your hotel guest data secure

Payment Card Industry (PCI) Data Security Standard

All the Latest Data Security News. Best Practices and Compliance Information From the PCI Council

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

The Future of PCI: Securing payments in a changing world

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

A Perfect Fit: Understanding the Interrelationship of the PCI Standards

Attestation of Compliance for Onsite Assessments Service Providers

in PCI Regulated Environments

What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services

White paper PCI DSS. How do you manage your customers payment card details securely and responsibly?

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Payment Card Industry (PCI) Data Security Standard

PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

PCI DSS Compliance for Healthcare

A Financial Analysis of Payment Card Industry Compliance Journey of A Hotel: A Case Study

How do you manage your customers payment card details securely and responsibly? White paper PCI DSS

Section 1: Assessment Information

Protect Comply Thrive. The PCI DSS: Challenge or opportunity?

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Data Sheet The PCI DSS

PCI DSS. A Pocket Guide EXTRACT. Fourth edition ALAN CALDER GERAINT WILLIAMS

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

The Honest Advantage

Payment Card Compliance and Challenges

Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry (PCI) Data Security Standard

Comodo HackerGuardian PCI Approved Scanning Vendor

Payment Card Industry (PCI) Data Security Standard

PCI DSS v3. Justin

Achieving PCI-DSS Compliance with ZirMed financial services Darren J. Hobbs, CPA and James S. Lacy, JD

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

PCI Compliance. Network Scanning. Getting Started Guide

June 2012 First Data PCI RAPID COMPLY SM Solution

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Whitepaper. Simplifying the Payment Card Industry Data Security Standard. Abstract. A Security-Assessment.com Publication. Special points of interest:

Payment Card Industry (PCI) Data Security Standard

Transcription:

The Devil is in the Details: The Secrets to Complying with PCI Requirements Michelle Kaiser Bray Faegre Baker Daniels 1

PCI DSS: What? PCI DSS = Payment Card Industry Data Security Standard Payment card data technical security requirements (five founding global payment brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.) Process for maintaining a secure environment (prevention, detection and appropriate response to security incidents) State laws incorporating PCI DSS (Nevada, Minnesota, Washington) CREDIT CARDS DEBIT CARDS CHARGE CARDS DIGITAL WALLETS? 2

PCI DSS: Who? MERCHANTS Binding on ALL companies that process, store or transmit payment card information, i.e., any merchant that has a Merchant ID (MID) Merchants fall under four levels of compliance (based on number of transactions processed annually, and whether transactions are through brick and mortar or Internet) CORPORATE FRANCHISE SERVICERS Corporate entity or franchisor that provides or controls a centralized or hosted network environment, connected physical/logical assets or shared locations Level 1 Merchant Service Provider (Third Party Agent) VENDORS Service Providers (and Merchants) that use third party-provided payment applications are subject to Payment Card Industry Payment Application Data Security Standard (PCI PA-DSS) Device vendors and manufacturers (Pin Transaction Security (PTS) Requirements) 3

PCI DSS: When? NOW Privacy and security threats (computer hacking, credit card fraud and identity theft) are rapidly rising Hotel and restaurant franchises are most vulnerable to security breaches - preferred target of data thieves Hackers are using inadequate remote admin. services to take payment data from POS systems ONGOING Assess (Self-Assessment Questionnaires, Qualified Security Assessors (QSAs), Internal Security Assessor (ISA) (education program)) Remediate (Network scanning, reviewing/ranking/fixing vulnerabilities, patches) Report (Quarterly scan reports completed by a PCI SSC-approved ASV; annual onsite assessment completed by a PCI SSC-approved QSA and submission of findings to each acquirer (large businesses)) 4

PCI DSS: Where? PAYMENT BRAND OR ACQUIRING BANK American Express: www.americanexpress.com/datasecurity Discover Financial Services: http://www.discovernetwork.com/merchants/fraud-protection JCB International: http://partner.jcbcard.com/security/jcbprogram/index.html MasterCard Worldwide: http://www.mastercard.com/sdp Visa Inc: http://www.visa.com/cisp Visa Europe: http://www.visaeurope.com/ais 5

PCI DSS: How? TWELVE STEPS PCI DSS 2.0 Build and Maintain a Secure Network 1) Install and maintain firewall 2) No default system passwords Protect Cardholder Data 3) Protect stored data 4) Encrypt transmission of data across open public networks Maintain a Vulnerability Management Program 5) Use and regularly update anti-virus software/programs 6) Develop and maintain secure systems and applications 6

PCI DSS: How? (cont.) PCI DSS 2.0 (Twelve Steps) Implement Strong Access Control Measures 7) Restrict access to data (business need to know) 8) Assign unique IDs 9) Restrict physical access to data Regularly Monitor and Test Networks 10) Track and monitor access to network resources and data 11) Regularly test security systems and processes Maintain an Information Security Policy 12) Address information security for all personnel 7

PCI DSS: Why? Risk Fraud Identity Theft Insiders Cyber-Attacks Rules Fines Transaction Fees Termination Lawsuits Reputation Brand Customer 8

PCI DSS: Additional Resources PCI SSC Data Security Standards Overview: https://www.pcisecuritystandards.org/security_standards/index.php PCI DSS ROC (Report on Compliance) Reporting Instructions: https://www.pcisecuritystandards.org/documents/pci_dss_2.0_roc_reporting_instructions.pdf Corporate Franchise Servicer (Visa): http://usa.visa.com/merchants/risk_management/cisp_service_providers.html 2013 Data Breach Investigations Report: http://www.verizonenterprise.com/dbir/2013/ Partner with Payment Processing Providers! 9

The Devil is in the Details: The Secrets to Complying with PCI Requirements Michelle Kaiser Bray Faegre Baker Daniels 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback