Presentation is loading. Please wait.

Presentation is loading. Please wait.

New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution.

Similar presentations


Presentation on theme: "New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution."— Presentation transcript:

1 New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution

2 Discussion Outline Today’s Security Environment New PCI requirements & Compliance Validation GMU evaluation & process Dept roles: ITU & Fiscal Services Data Flow- Manual & Online processes Implementation timeline Summary- Concerns - Questions

3 Today’s Security Environment Track data stored –merchants & 3 rd parties Payment applications –track data storage Network vulnerabilities Cardholders- negative impact Identity theft implications Proposed federal legislation

4 New PCI requirements CISP(Visa) compliance req’d for E merchants - 6/5/01 CISP(Visa) expanded to merchant & service providers PCI security standard developed Standardized PCI requirements for members, merchants & service providers

5 Compliance Validation- Merchants Level 1: >6 million transactions/year Level 2: 150,000 – 6 million e- commerce trans/year Level 3: 20,000 – 150,000 e-commerce trans/year Level 4: < 20,000 e-commerce tran/yr and all other merchants up to 6 mill/yr

6 Standardized Requirements 12 PCI Data Security Standards PCI Security Audit Procedures-Onsite PCI Self-Assessment Questionnaire PCI Security Scanning Procedures Resource for the above: Approved vendor list & FAQ’s

7 Merchant Compliance Doc by level Level On-site Security Audit Network Scan Self- Assessmen t Questionair e Validation Dates OneRequired Annually Required Quarterly 9/30/04 Two & Three Required Quarterly Required Annually 6/30/05 FourRecommen d Annually Recommen d Annually TBD

8 GMU Evaluation & Process * Issues for Higher Education- Institutions have high visibility Web savvy customer base Many online points of service Prone to attacks- store lots of info * Education- NACUBO, NOVA & approved vendor * Need to get started – ASAP *

9 Dept roles- ITU & Fiscal Services ITU- Audit Plan Step 1: Identification CISP Requirements Review Step 2: Analysis & Review Data flow,physical environment, system admin Step 3: Recommendation for remediation Step 4: Bring in vendor

10 Dept roles- ITU & Fiscal Services Fiscal Services Evaluation & Education (NACUBO) Discussions with NOVA & Vendor Coordinate plan with ITU Meet with applicable depts Questionnaire Credit Cd Security-Policy & Procedures

11 Data Flow- Manual & Online All points that collect CC data Collection Processing Transmittal Storage Disposal

12 Implementation timeline August 2005: Education & Analysis Sept-Oct 2005: ITU/Fiscal Service Meetings NOVA & Vendor Discussion. Nov 2005: ITU Audit Plan Step 1 Dec 05- Jan 06: ITU Audit Plan Step 2 & Fiscal Services Questionnaire & Policy Jan- Feb 06: ITU Audit Plan Step 3 Feb – March 06: Vendor & Implementation

13 Summary,Concerns & Questions Summary: This is a huge undertaking!! Summary: Potential fines are scary!! Concerns: Are we ever 100% secure?? Concerns: What if we do have a compromise?? Questions???? Please share your stories!!

14 GMU Resources & Help Mira L. Levine, CPA Director of Accounting- Internal Controls & Cost Accounting (703) Cathy Hubbs IT Security Coordinator


Download ppt "New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution."

Similar presentations


Ads by Google