Presentation is loading. Please wait.

Presentation is loading. Please wait.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

Similar presentations


Presentation on theme: "MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager."— Presentation transcript:

1 MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager

2 MARTAs PCI Requirement As an acceptor of payment cards, MARTA is required to certify its Automated Fare Collection Payment Application to the PCI DSS requirements. MARTA is classified as a Level 2 merchant; processing more than 1 million credit transactions annually. PCI DSS certification requires a certified Fare Collection System including Payment Application software to be developed by the Fare Collection vendor. This software operates in the TVM, Ride Store TOM, and Fare Collection Central System. 2

3 AFC Overview The MARTA Automated Fare Collection system also known as Breeze entered revenue service in The system supports Regional operators including Cobb County, Gwinnett County, and Georgia Regional Transit Authority, and Atlanta Regional Commission databases. There are over 1 Million active Breeze cards system wide. COMPONENTQTY Automated Fare Gates470 Automated Fare Boxes on Big buses626 Light Validators on Para transit buses175 Ticket Vending Machines349 Ticket office machines16 Automated parking gates50 High Performance Encoding Machines6 Money Room Facilities and Equipment1 Central Computing System (1 Online, 1 Stand-by, 1 DR, 1 QA)20 3

4 AFC PCI Project Scope Central System Improvements Improved credit card security management More patron search capabilities Database Security Data at rest encryption higher security Separated storage of credit card information Ticket Vending Machine and Ticket Office Machine Higher security PIN PAD for debit transactions New internal computer New Operating System (Window 7) Remote Monitoring of all AFC Components Anti-virus management File Integrity Monitoring Network Security Access controls 4

5 MARTA AFC Team Project Oversight Remediation tasks Application Support Network & Server Support Enterprise Security Qualified Security Assessor (QSA) Assessment Gap Analysis Compliance Roadmap Report of Compliance Merchant Bank Manage PCI mandates on behalf of VISA, MasterCard, American Express, Discover Fare Collection Vendor Software development Hardware upgrades PCI DSS certification of payment applications software AFC PCI Project Team 5

6 AFC PCI Project Timeline MARTA is deemed as a Level 2 Merchant - Completed the PCI Data Security Standard Self-Assessment Questionnaire (SAQ) and quarterly scan results MARTA began the partnership with BOA and Fare Collection vendor to complete PCI requirements GAP Analysis completed by QSA - Attestation of Compliance sent to Merchant Bank - QSA provided Remediation Roadmap 2011 – MARTA issues Notice to Proceed to Fare Collection vendor to begin software development - AFC system PCI Migration begins AFC system PCI Migration completed - Attestation of Compliance completed - PCI Compliance obtained from Merchant Bank 6

7 PCI Project Migration – Phase 1 AFC Network Access Control Build secure data network Segment AFC Traffic from the Enterprise Network traffic Develop Information Security Team Develop Information Security Policies 7

8 Phase 1: Network Access Control TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Merchant Bank Old Database AFC Network Restricted Rule Base Internet VLAN Enterprise Network VLAN 8

9 PCI Project Migration – Phase 2 Central System Upgrade Upgrade Servers (Production, Stand by, DR, and QA) Migrate Central System software Migrate Database Migrate Web Ticketing 9

10 Phase 2: Central System Upgrade TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices SettlementSettlement TOM Merchant Bank Old Database PCI Compliant Compliant System System Upgraded Database Merchant Bank Production Stand-By DR QA Server Farm 10

11 PCI Project Migration – Phase 3 Payment Processing Device Upgrade Replace TOM Hardware & Software including 3DES Pin Pad Replace TVM Hardware & Software including 3DES Pin Pad Deploy Anti-Virus software and File Integrity Monitoring process to all components Migrate TOM and TVM 11

12 Phase 3: Device Upgrade TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Merchant Bank Old Database Merchant Bank Settlement PCI Compliant Compliant System System Upgraded Database 12

13 Phase 3: Device Upgrade Complete TOM LoadBalancer Non PCI Compliant Compliant System System Web BVM Devices Settlement TOM Old Database Merchant Bank Settlement PCI Compliant Compliant System System Upgraded Database 13

14 PCI Project Migration – Compliant Final Report of Compliance to Merchant Bank Review of Remediation Roadmap tasks QSA Assessment of GAPS QSA Vulnerability Scan Report of Compliance Attestation of Compliance PCI DSS v2.0 Certificate of Compliance from Merchant Bank 14

15 Thank You 15


Download ppt "MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager."

Similar presentations


Ads by Google