PCI Compliance

1
PCI Compliance

• How Do I Become PCI Compliant

2
Agenda

• What Is PCI?
• Key Points of PCI
• How Do I Become Compliant?
• Questions and Answer

3
What is PCI

• Collaborative effort between major Credit Card
  companies
• Single standard created to Protect Consumers
• Payment Card Industry - Data Security Standards
  (PCI DSS) (Merchant)
• PA-DSS Payment Application Data Security
  Standards (Software Provider)
• Validated Payment Application
• QSA Qualified Security Assessor

4
Key Points of PCI
PCI Data Security Standard
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored data Encrypt transmission of cardholder data and sensitive information across public networks
Use and regularly update anti-virus software Develop and maintain secure systems and applications
Restrict access to data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data Regularly test security systems and processes
Maintain a policy that addresses information security
5
Key System Points

• Read the Path to PCI document or Implementation
  Guide
• Limit the amount of data stored Purge
• Verify Encryption
• Double Check Securities and user privileges
• Limit Scope Segment the network

6
How do I become compliant

• Self Assessment
• Quarterly Scans
• Work with your bank
• Show Progress

7
Shift4 Integration

• Third Party Company that handles the
  authorization and storage of credit cards.
• Per Transaction fee required

8
Questions