PCI Compliance Technical Overview - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

PCI Compliance Technical Overview

Description:

Sept 2006: Official 15.1 PCI Release. Sept 2006: Validation Report ... Firewalled. Network. Remote Access 2-factor authentication (VPN PCAnywhere passwords) ... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 15
Provided by: alexma3
Category:

less

Transcript and Presenter's Notes

Title: PCI Compliance Technical Overview


1
PCI ComplianceTechnical Overview
2
RM PCI Calendar
  • Dec 2005 Began PCI 15.1 development
  • Feb 2006 Initial PCI Audit
  • Sept 2006 Official 15.1 PCI Release
  • Sept 2006 Validation Report sent to VISA
  • Jan 2007 VISA approves certification

3
Card Data Compromises
  • 40 of all compromises involve a restaurant
  • Top 5 compromises
  • Full track data retention
  • Default accounts
  • Insecure remote access
  • Non-use of security tools (antivirus, encryption)
  • SQL injection

4
Terms and Definitions
  • PCI DSS Payment Card Industry Data Security
    Standard
  • PABP Payment Application Best Practices
  • RM is a validated payment application that meets
    the PCI PABP
  • So what is PCI Compliance? Hint Its not
    simply installing RM 15.1.

5
The PCI Compliant Site
  • Restaurant must use PCI PABP validated POS
    application, properly configured, implementing
    proper procedures, and installed following all
    site-specific PCI guidelines and rules.
  • Thats 4 areas needing attention
  • Use PABP validated applications
  • Proper configuration
  • Proper procedures
  • Follow site guidelines

6
1. Use PABP validated applications
  • Use RM 15.1 (final release Sept 2006 or later)
  • Use certified credit card processing gateways
    (e.g. Mercury Payment Systems, PC Charge, Datacap)

7
2. Proper Configuration
  • Follow ASI PCI configuration guidelines
  • RM and Reseller PCI Guidance Doc
  • Logging, Audit Trail
  • Admin Password Expiration

8
3. Proper Procedures
  • Enforcing limited access to RM Server machine.
  • Internet use from Server machine
  • Remote access (allowed only during incident)
  • No emailing of card data

9
4. Site Guidelines
  • Secure RM Server (credit card server)
  • Physical access
  • Logical access (open ports)
  • Firewalled
  • Network
  • Remote Access 2-factor authentication (VPN
    PCAnywhere passwords)
  • And Wireless

10
4. Site Guidelines (WiFi)
  • Enable WPA with key rotation
  • Change SSID from default
  • Turn off SSID broadcast
  • Implement MAC address filtering
  • Install firewall services between APs and RM
    Server
  • Port/Service Restrictions
  • Only TCP 80, DNS 53, ICMP

11
Basic Network
12
Network w/ WiFi
13
Network w/ WiFi
Symbol WS2000
14
Thank you
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com