PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release.

Slides:



Advertisements
Similar presentations
Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Visa Cemea Account Information Security (AIS) Programme
Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response
PCI Compliance Technical Overview RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Northern KY University Merchant Training
Payment Card Industry (PCI) Data Security Standard
1 Configuring Linksys Wireless Router Prof. Valencia Community College.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Configuring Linksys Wireless Ethernet Bridge Prof. Valencia Community College.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
Your storage on the ground; Your files in the cloud.
PCI DSS Managed Service Solution October 18, 2011.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
PCI requirements in business language What can happen with the cardholder data?
Introduction to Payment Card Industry Data Security Standard
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
Module 14: Configuring Server Security Compliance
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
Wireless Networks and the NetSentron By: Darren Critchley.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
CS591-Fall 10 Clonts 1 Wireless Network Security Michael Clonts.
Wireless Intrusion Prevention System
Lecture 24 Wireless Network Security
PCI Training for PointOS Resellers PointOS Updated September 28, 2010.
CTC228 Nov Rest of the Semester...  Next time (Mon 23 Nov) – Go over test, prep lightning talks  Then (Wed Nov 25) – Class canceled (so you.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
Brianne Stewart.   A wireless network is any computer network that is not connected with a cable  Many homes use this type of internet access  Less.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
NETWORK SECURITY. What do you see THE IMPORTANCE OF SECURITY THE ARE WEBSITES ON THE INTERNET COULD INFORM PEOPLE THE RANGE AND AVAILABLE UNSECURED SITES.
SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.
Payment Card Industry (PCI) Rules and Standards
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Internet Payment.
Securing the Network Perimeter with ISA 2004
Breaches by Merchant Type
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Implementing Client Security on Windows 2000 and Windows XP Level 150
6. Application Software Security
Presentation transcript:

PCI Compliance Technical Overview

RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release Sept 2006: Validation Report sent to VISA Jan 2007: VISA approves certification

Card Data Compromises n 40% of all compromises involve a restaurant n Top 5 compromises:  Full track data retention  Default accounts  Insecure remote access  Non-use of security tools (antivirus, encryption)  SQL injection

Terms and Definitions n PCI DSS: Payment Card Industry Data Security Standard n PABP: Payment Application Best Practices n RM is a validated payment application that meets the PCI PABP n So what is “PCI Compliance”? Hint: It’s not simply installing RM 15.1.

The PCI Compliant Site Restaurant must use PCI PABP validated POS application, properly configured, implementing proper procedures, and installed following all site-specific PCI guidelines and rules. That’s 4 areas needing attention: n Use PABP validated applications n Proper configuration n Proper procedures n Follow site guidelines

1. Use PABP validated applications n Use RM 15.1 (final release Sept 2006 or later) n Use certified credit card processing gateways (e.g. Mercury Payment Systems, PC Charge, Datacap)

2. Proper Configuration n Follow ASI PCI configuration guidelines:  RM and Reseller PCI Guidance Doc RM and Reseller PCI Guidance  Logging, Audit Trail  Admin Password Expiration

3. Proper Procedures n Enforcing limited access to RM Server machine. n Internet use from Server machine n Remote access (allowed only during incident) n No ing of card data

4. Site Guidelines n Secure RM Server (credit card server)  Physical access  Logical access (open ports)  Firewalled n Network n Remote Access 2-factor authentication (VPN + PCAnywhere passwords) n And Wireless …

4. Site Guidelines (WiFi) n Enable WPA with key rotation n Change SSID from default n Turn off SSID broadcast n Implement MAC address filtering n Install firewall services between APs and RM Server n Port/Service Restrictions  Only: TCP 80, DNS 53, ICMP

Basic Network Internet

Network w/ WiFi Internet

Network w/ WiFi Internet Symbol WS2000

Thank you Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.