Presentation on theme: "New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution."— Presentation transcript:
New PCI Credit Card Security Requirements An in depth look at how to apply the new standards and protect your institution
Discussion Outline Today’s Security Environment New PCI requirements & Compliance Validation GMU evaluation & process Dept roles: ITU & Fiscal Services Data Flow- Manual & Online processes Implementation timeline Summary- Concerns - Questions
Today’s Security Environment Track data stored –merchants & 3 rd parties Payment applications –track data storage Network vulnerabilities Cardholders- negative impact Identity theft implications Proposed federal legislation
New PCI requirements CISP(Visa) compliance req’d for E merchants - 6/5/01 CISP(Visa) expanded to merchant & service providers- 2003 PCI security standard developed 2004-05 Standardized PCI requirements for members, merchants & service providers
Compliance Validation- Merchants Level 1: >6 million transactions/year Level 2: 150,000 – 6 million e- commerce trans/year Level 3: 20,000 – 150,000 e-commerce trans/year Level 4: < 20,000 e-commerce tran/yr and all other merchants up to 6 mill/yr
Standardized Requirements 12 PCI Data Security Standards PCI Security Audit Procedures-Onsite PCI Self-Assessment Questionnaire PCI Security Scanning Procedures Resource for the above: www.visa.com/cisp Approved vendor list & FAQ’s
Merchant Compliance Doc by level Level On-site Security Audit Network Scan Self- Assessmen t Questionair e Validation Dates OneRequired Annually Required Quarterly 9/30/04 Two & Three Required Quarterly Required Annually 6/30/05 FourRecommen d Annually Recommen d Annually TBD
GMU Evaluation & Process * Issues for Higher Education- Institutions have high visibility Web savvy customer base Many online points of service Prone to attacks- store lots of info * Education- NACUBO, NOVA & approved vendor * Need to get started – ASAP *
Dept roles- ITU & Fiscal Services ITU- Audit Plan Step 1: Identification CISP Requirements Review Step 2: Analysis & Review Data flow,physical environment, system admin Step 3: Recommendation for remediation Step 4: Bring in vendor
Dept roles- ITU & Fiscal Services Fiscal Services Evaluation & Education (NACUBO) Discussions with NOVA & Vendor Coordinate plan with ITU Meet with applicable depts Questionnaire Credit Cd Security-Policy & Procedures
Data Flow- Manual & Online All points that collect CC data Collection Processing Transmittal Storage Disposal
Implementation timeline August 2005: Education & Analysis Sept-Oct 2005: ITU/Fiscal Service Meetings NOVA & Vendor Discussion. Nov 2005: ITU Audit Plan Step 1 Dec 05- Jan 06: ITU Audit Plan Step 2 & Fiscal Services Questionnaire & Policy Jan- Feb 06: ITU Audit Plan Step 3 Feb – March 06: Vendor & Implementation
Summary,Concerns & Questions Summary: This is a huge undertaking!! Summary: Potential fines are scary!! Concerns: Are we ever 100% secure?? Concerns: What if we do have a compromise?? Questions???? Please share your stories!!
GMU Resources & Help Mira L. Levine, CPA Director of Accounting- Internal Controls & Cost Accounting firstname.lastname@example.org (703) email@example.com Cathy Hubbs IT Security Coordinator firstname.lastname@example.org (703)email@example.com
Your consent to our cookies if you continue to use this website.