Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
PCI DSS for Retail Industry
LESSONS LEARNED ON THE WAY TO PCI COMPLIANCE
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Jeff Williams Information Security Officer CSU, Sacramento
Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Why Comply with PCI Security Standards?
Introduction to PCI DSS
Northern KY University Merchant Training
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
The ABC’s of PCI DSS Eric Beschinski Relationship Manager Utility Payment Conference Kay Limbaugh Specialist, Electronic Bills & Payments &
MasterCard Site Data Protection Program Program Alignment.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
PCI requirements in business language What can happen with the cardholder data?
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI: As complicated as it sounds? Gerry Lawrence CTO
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Payment Card PCI DSS Compliance SAQ-A Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Introduction to Payment Card Industry Data Security Standard
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Statewide Electronic Commerce Program North Carolina Office of the State Controller March 2016 Fayetteville Fort Bragg.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.
PCI 3.1 Boot Camp Payment Card Industry Data Security Standards 3.1.
Introduction to PCI DSS
PCI COMPLIANCE & A/R AUTOMATION 101 Nodus Technologies, Inc.
Presented by UT System Administration Information Security Office
Payment Card Industry (PCI) Rules and Standards
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Regulatory Compliance
Internet Payment.
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Utility Payment Conference
Presented by: Jeff Soukup
Presentation transcript:

Data Security Standard

What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

PCI (Payment Card Industry)Standards Council Responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS) requirements.

Manage risk associated with credit card activity Protect card data Avoid Punitive measures/damages Minimize cost for non-compliance

 Standard applies to: - Merchants (Departments) - Service Providers (3 rd Party, Gateways)  Applies if you: - Store Cardholder Data - Transmit Cardholder Data - Process Cardholder Data  Applies to: - Electronic Transactions - Paper Transactions

Complete the PCI Self- Assessment Questionnaire (SAQ)  Ensures Cardholder Data Is protected - Encrypt Transmission of data  Implements Strong Access Controls - Restrict physical access to data  Maintain Security Policy - Policy that addresses information security for all personnel

UT Merchants and Usage - UT has over 125 merchants University Wide - Over 960,000 transactions - $165 Million in revenue Potential Fee Assessments $500,000 per data security incident $50,000 per day for non-compliance with PCI Liability for all fraud losses incurred from compromised account numbers Liability for the cost of re-issuing cards associated with a compromise of data Suspension of Merchant Account

UT System Administration (UTSA) – Information Security Office I.T. (System & Campus) Chief Business Office (CBO) Treasurer’s Office Merchant (Departments)

UTSA ( University of TN System Administration ) Information Security Office -Consulting, guidance, and oversight related to PCI compliance and IT Security controls -Review technical implementations related to PCI -Incident response coordination -Quarterly security scan coordination -Validate SAQs annually

IT Position of Authority -Provide compliance support & consulting -Identify & review systems in PCI scope -Provide technical guidance -Ensure a segmented cardholder data environment exists

Chief Business Officer -Approve the business need for Merchant ID’s -Attest to SAQ (signature of CBO) -Monitor PCI compliance

Treasurer’s Office -Oversee credit card accounting for approved merchant -Manage the Merchant ID approval process -Maintain the relationship with the University’s credit card processor

Merchant (Departments) -Complete SAQ annually -Have internal procedures in place -Update terminal software every 18 months -Notify UTSA in the event of a data breach -Financially responsible for cost associated with compliance (Fees, fines, remediation)

All completed forms due in Bursar’s by the close of business, April, 15 th, 2014

Byron Porter Nadia Hussey Bursar’s Office Hyman Building 62 S. Dunlap Rm. 103

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.