Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jay Baucom, Chief Information Officer Arthur Hohnsbehn, Director of Information Technology Jason Godfrey, Security Manager North Carolina Community College.

Similar presentations


Presentation on theme: "Jay Baucom, Chief Information Officer Arthur Hohnsbehn, Director of Information Technology Jason Godfrey, Security Manager North Carolina Community College."— Presentation transcript:

1 Jay Baucom, Chief Information Officer Arthur Hohnsbehn, Director of Information Technology Jason Godfrey, Security Manager North Carolina Community College System

2 The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

3 The PCI Security Standards Councils mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

4 Understanding the Intent of the Requirements (version 1.1, February 2008) Payment Card Industry (PCI) Data Security Standard (DSS) Navigating PCI DSS – Understanding the Intent of the Requirements (version 1.1, February 2008) Self–Assessment Questionnaire – Instructions and Guidelines (version 1.1, February 2008) Payment Card Industry (PCI) Data Security Standard (DSS) Self–Assessment Questionnaire – Instructions and Guidelines (version 1.1, February 2008) Self–Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers (version 1.1, February 2008) Payment Card Industry (PCI) Data Security Standard (DSS) Self–Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers (version 1.1, February 2008) Glossary, Abbreviations and Acronyms Payment Card Industry (PCI) Data Security Standard (DSS) Glossary, Abbreviations and Acronyms

5 Account Number or PAN (Primary Account Number): Account Number or PAN (Primary Account Number): payment card number that identifies the issuer and card holder. Acquirer: Acquirer: Bankcard association member that initiates and maintains relationships with the merchants that accept payment cards. Cardholder data: Cardholder data: Full magnetic strip or the PAN plus any of the following: Cardholder name Expiration date Service Code

6 DSS: DSS: Data Security Standard Penetration Test: Penetration Test: Security-oriented probing of computer system or network to seek out vulnerabilities that an attacker could exploit. Threat: Threat: Condition that may cause information or information processing resources to be intentionally or accidentally lost, modified, exposed, made inaccessible, or otherwise affected to the detriment of the organization.

7 Vulnerability: Vulnerability: Weakness in system security procedures, system design, implementation, or internal controls that could be exploited to violate system security policy. Vulnerability Scan: Vulnerability Scan: Scans used to identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the companys private network. Payment Provider: Payment Provider: PayPal (Verisign) or Official Payments (OPC).

8 The Office of State Controller (OSC) has a master service agreement with Trustwave to perform vulnerability scans, online SAQ and answer general questions. 30 of the 58 colleges participate in the OSCs master agreement. Colleges work directly with the OSC for portal access, service delivery, and remediation. The acquirer (bank) is SunTrust. The remaining 28 colleges are offered services through a supplemental agreement under the OSC master agreement. Colleges work directly with the NCCCS for portal access, service delivery, and remediation. The acquirer (bank) is selected by the college.

9 AttestationAttestation Compliance (Process\Procedures) Validation (SAQ\ Vulnerability Scans)

10 e- Commerce transaction Datatel defines any payment card transaction processed via Colleague to a payment provider (PayPal\OPC) as an e- Commerce transaction. Payment card information is processed and transmitted, but never stored. entered (CREN) Non e-Commerce transaction Datatel defines any payment card information entered into Colleague (CREN) as a Non e-Commerce transaction. This information is encrypted.

11 Datatel e-Commerce requires: Licensing e-Commerce Installing e-Commerce (InstallShield) Enabling e-Commerce CORE – ECS (e-Commerce Setup) ECPR – e-Commerce Providers ECPA – e-Commerce Provider Account EPAM - e-Comm Provider Acct Mapping ST – FIWP (Financial Web Parameters)

12 e-Commerce 3.7 Release Highlights (Release18.0) (September 18, 2006) e-Commerce Installation and Administration (August 5, 2008)

13

14

15

16

17 Accepting Payment via Telephone (TREG) Colleague Server via DMI EPOS (TREG) Server Payment Verification CC Clearing House Internet

18 Accepting Payment via WebAdvisor (WA) Colleague Server via DMI WA Server Payment Verification CC Clearing House Internet

19 Accepting Payment via Colleague (CREN) Colleague Server via DMI Side Terminal (CC entered via CREN) Payment Verification CC Clearing House Internet

20 COCD Develop a policy for maintaining payment card data. Non e-Commerce should be purged via COCD. COCD Purge payment card information in Production before cloning the Production environment to Test using COCD. -t –v If troubleshooting e-Commerce with the DMI listener in debug ( -t –v options), remove the log immediately after the debug information has been obtained. You are not compliant with debug turned on. Work with your Bookstore provider to determine compliance.

21 PCI Security Standards Council https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/educa tion/webinars.shtmlhttps://www.pcisecuritystandards.org/educa tion/webinars.shtml (webinars) Datatel AnswerNet Document # How to remove sensitive credit card data for PCI Compliance NC Office of the State Controller ion_pci.html

22 NC Office of State Controller NCCCS System Office Jay Baucom - (919) Jason Godfrey - (919) Kim Van Metre - (919) Trustwave General Questions – (800)

23


Download ppt "Jay Baucom, Chief Information Officer Arthur Hohnsbehn, Director of Information Technology Jason Godfrey, Security Manager North Carolina Community College."

Similar presentations


Ads by Google