Title: An Introduction to PCI Compliance
1An Introduction to PCI Compliance
2- Data Breach Trends
- About PCI-SSC
- 12 Requirements of PCI-DSS
- Establishing Your Validation Level
- PCI Basics
- Benefits of PCI Compliance
- Benefits of Accepting Credit Cards
3Source http//www.verizonbusiness.com/resources/s
ecurity/reports/2009_databreach_rp.pdf
4- From the chart, it is evidentunauthorized
access via - default, shared, or stolen credentials
constituted more than a - third of the entire hacking category and over
half of all - compromised records.
- Example Titos Taco Shack
Source http//www.verizonbusiness.com/resources/s
ecurity/reports/2009_databreach_rp.pdf
5PCI-SSC
6Payment Card Industry - Security Standards
Council
Does
Does Not
Data Security Standard (DSS) Payment Application
Data Security Standard (PA-DSS) Pin Transaction
Security (PTS) Requirements.
Enforce standards Set fine and fee
structures Set validation levels
7- Build and Maintain a Secure Network
- Requirement 1 Install and maintain a firewall
configuration to protect cardholder data - Requirement 2 Do not use vendor-supplied
defaults for system passwords and other security
parameters - Protect Cardholder Data
- Requirement 3 Protect stored cardholder data
- Requirement 4 Encrypt transmission of cardholder
data across open, public networks -
- Maintain a Vulnerability Management Program
- Requirement 5 Use and regularly update
anti-virus software - Requirement 6 Develop and maintain secure
systems and applications - Implement Strong Access Control Measures
- Requirement 7 Restrict access to cardholder data
by business need-to-know - Requirement 8 Assign a unique ID to each person
with computer access - Requirement 9 Restrict physical access to
cardholder data -
- Regularly Monitor and Test Networks
- Requirement 10 Track and monitor all access to
network resources and cardholder data - Requirement 11 Regularly test security systems
and processes - Maintain an Information Security Policy
8 State PCI Law
Breach Notification Laws
9- Any merchant that processes, transmits, or stores
credit card data regardless of processing volume
must comply to PCI-DSS regulations. - Every merchant must validate compliance every
year. - MIDs under different TAXIDs will need to certify
separately. - Check with your Acquiring bank for specific
validation requirements and deadlines
10(No Transcript)
11Level Merchant Criteria Validation Requirements
1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance Form
2 Merchants processing 1 million to 6 million Visa transactions annually (all channels) Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance Form
3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually Annual SAQ Quarterly network scan by ASV Attestation of Compliance Form
4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. Annual SAQ recommended Quarterly network scan by ASV if applicable Compliance validation requirements set by acquirer
Source www.visa.com/cisp
12Source www.pcisecuritystandards.org
13(No Transcript)
14- Peace of mind for your business and clients
- Decreased risk of security breaches
- Boost in customer confidence
- Protection from costly fines
- Relatively quick and easy
- Safeguard your business reputation
15- Stay viable in the marketplace The number of
payments made by debit, credit, or EBT card grew
by 12.8 billion from 2003 to 2006, reaching 48.1
billion and exceeding the number of checks paid
by 17.6 billion. - Offer payment flexibility to clients
- Improve cash flow
- Reduce the hassle of collections
http//www.federalreserve.gov/pubs/bulletin/2008/
articles/payments/default.htm
16www.visa.com/cisp www.pcisecuritystandards.org w
ww.mastercard.com/us/sdp/education www.pcicentral
.com/docs/pciscc_ten_common_myths.pdf http//www.
federalreserve.gov/pubs/bulletin/2008/articles/pay
ments/default.htm http//www.verizonbusiness.com/
resources/security/reports/2009_databreach_rp.pdf
17Amy Airhart 1-866-376-0947 info_at_pcicentral.com
www.pcicentral.com