Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

Published byCarmel Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "PCI Training for PointOS Resellers PointOS Updated September 28, 2010."— Presentation transcript:

1 PCI Training for PointOS Resellers PointOS Updated September 28, 2010

2 Introduction Purpose of this training

3 What is PCI / PA-DSS? The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

4 What actions are resellers and integrators responsible for? All installations of PointOS must be reviewed for PCI Compliance under the guidelines set forth in this document and the PointOS Implementation Guide.

5 The PA-DSS Implementation Guide This document is available on our website at http://www.pointos.com/pci.

6 The Requirements Please review the following requirements.

7 PA-DSS 1.1.4 PA-DSS Topic Customer/reseller Responsibility Delete sensitive authentication data stored by previous payment application versions. Delete any historical data per the PA-DSS Implementation Guide and PA-DSS Requirement 1.1.4.

8 PA-DSS 1.1.5 PA-DSS Topic Customer/reseller Responsibility Delete any sensitive authentication data (pre-authorization) gathered as a result of troubleshooting the payment application. Troubleshoot any problems per the PA- DSS Implementation Guide and PA-DSS Requirement 1.1.6.a.

9 PA-DSS 2.1 PA-DSS Topic Customer/reseller Responsibility Purge cardholder data after customer- defined retention period. Purge cardholder data exceeding customer- defined retention period.

10 PA-DSS 2.7 PA-DSS Topic Customer/reseller Responsibility Delete cryptographic key material or cryptograms stored by previous payment application versions. Delete any historical cryptographic material per PA-DSS Implementation Guide and PA-DSS Requirement 1.1.5.

11 PA-DSS 3.1 PA-DSS Topic Customer/reseller Responsibility Use unique user IDs and secure authentication for administrative access and access to cardholder data. Establish and maintain unique user IDs and secure authentication per the PA-DSS Implementation Guide and PCI DSS Requirements 8.1 and 8.2.

12 PA-DSS 3.2 PA-DSS Topic Customer/reseller Responsibility Use unique user IDs and secure authentication for access to PCs, servers, and databases with payment applications. Establish and maintain unique user IDs and secure authentication per the PA-DSS Implementation Guide and PCI DSS Requirements 8.1, 8.2, and 8.5.8– 8.5.15.

13 PA-DSS 4.2 PA-DSS Topic Customer/reseller Responsibility Implement automated audit trails. Establish and maintain PCI DSS-compliant logs per the PA-DSS Implementation Guide and PCI DSS Requirement 10.

14 PA-DSS 6.1 PA-DSS Topic Customer/reseller Responsibility Securely implement wireless technology. For wireless implemented into the payment environment by customers or resellers/integrators, install a firewall per the PA-DSS Implementation Guide and PCI DSS Requirement 2.1.1.

15 PA-DSS 6.2 PA-DSS Topic Customer/reseller Responsibility Secure transmissions of cardholder data over wireless networks. For wireless implemented into the payment environment by customers or resellers/integrators, use secure encrypted transmissions per the PA-DSS Implementation Guide and PCI DSS Requirement 4.1.1.

16 PA-DSS 9.1 PA-DSS Topic Customer/reseller Responsibility Store cardholder data only on servers not connected to the Internet. Establish and maintain payment applications so that cardholder data is not stored on Internet-accessible systems, per the PA- DSS Implementation Guide and PCI DSS Requirement 1.3.4.

17 PA-DSS 10.1 PA-DSS Topic Customer/reseller Responsibility Securely deliver remote payment application updates. Receive remote payment application updates from vendor securely, per the PA- DSS Implementation Guide and PCI DSS Requirements 1, 1.3.9, and 12.3.9.

18 PA-DSS 11.2 PA-DSS Topic Customer/reseller Responsibility Implement two-factor authentication for remote access to payment application. Establish and maintain two-factor authentication for remote access to payment application, per the PA-DSS Implementation Guide and PCI DSS Requirement 8.3.

19 PA-DSS 11.2 PA-DSS Topic Customer/reseller Responsibility Implement two-factor authentication for remote access to payment application. Establish and maintain two-factor authentication for remote access to payment application, per the PA-DSS Implementation Guide and PCI DSS Requirement 8.3.

20 PA-DSS 11.3 PA-DSS Topic Customer/reseller Responsibility Securely implement remote access software. Use remote access security features if you allow remote access to payment applications, per the PA-DSS Implementation Guide and PA-DSS Requirement 11.3.b.

21 PA-DSS 12.1 PA-DSS Topic Customer/reseller Responsibility Secure transmissions of cardholder data over public networks. Establish and maintain secure transmissions of cardholder data, per the PA-DSS Implementation Guide and PCI DSS Requirement 4.

22 PA-DSS 12.2 PA-DSS Topic Customer/reseller Responsibility Encrypt cardholder data sent over end- user messaging technologies. Encrypt all PANs sent with end-user messaging technologies, per the PA- DSS Implementation Guide and PCI DSS Requirement 4.2.

23 PA-DSS 13.1 PA-DSS Topic Customer/reseller Responsibility Encrypt non-console administrative access. Encrypt all non- console administrative access, per the PA- DSS Implementation Guide and PCI DSS Requirement 2.3.

24 Questions Please direct any questions, to sales@pointos.com.sales@pointos.com

Download ppt "PCI Training for PointOS Resellers PointOS Updated September 28, 2010."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
TeBAS Tourism suite Technical Business Application System.

TeBAS Tourism suite Technical Business Application System.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
PCI PABP Training Module

PCI PABP Training Module
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Information Security Policies and Standards

Information Security Policies and Standards
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Security Analysis and Recommendations. PB’s&J Presenters & Topics David Bihm User Account Management Nathan Julson Data Classification Firewall Architectures.

Security Analysis and Recommendations. PB’s&J Presenters & Topics David Bihm User Account Management Nathan Julson Data Classification Firewall Architectures.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Introduction to PCI DSS

Introduction to PCI DSS

Similar presentations

Ads by Google