Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

Published byBrian Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Standards in Use. EMV June 16Caribbean Electronic Payments LLC2."— Presentation transcript:

1 Standards in Use

2 EMV June 16Caribbean Electronic Payments LLC2

3 EMV specification hierarchy with the payment industry AEIPSMCHIPVIS UKIS MPE JCCA INDUSTRY ASSOCIATIONS NATIONAL (examples) Payment specifications review

4 EMV Level One EMV Level One EMV Level Two Electro - mechanical Electro - mechanical Credit / Debit / Charge transaction processing Payment specifications review - card  There are two distinct levels of EMV  Generally transparent to the card

5 Does not cover: Card internal functions Terminal - acquirer, on-us ATM comms Scheme interfaces National / domestic schemes or infrastructure  Ensure card and terminal compatibility  Covers: – Contact cards – Credit and debit applications – Application selection EMV Specifications – Card

6 Global Platform, Multos, Proprietary These are the operating systems on the chip provided by: Visa – Global Platform MasterCard – Multos(MChip4) Gemalto, Oberthur – Proprietary Often licenced to other organisations More of these are appearing to service the emerging markets in Africa etc.

7 PCI DSS What is it Payment Card Industry Data Security Standard

8 PCI DSS What does it do Protects cardholder data at the: Terminal Merchant Acquirer Network Issuer

9 PCI Data Security What Mandated since June 2001, Visa’s CISP is intended to protect Visa cardholder data—wherever it resides. Now covers all card schemes, retailers, processors etc. Who All members must comply and ensure the compliance of their merchants and service providers who store, process, or transmit account numbers. The program applies to all payment channels, including card present, mail/telephone order, and e-commerce.

10 PCI Data Security How To achieve CISP compliance, all members, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. Why By complying with the PCI Data Security Standard, scheme members, merchants, and service providers not only meet their obligations to the payment system, but also build a culture of security that benefits all parties.

11 PCI Data Security PCI Data Security Standard Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters

12 PCI Data Security Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data and sensitive information across open public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications

13 PCI Data Security Implement Strong Access Control Measures 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security

14 PCI Merchants Merchant Level Description 1Any merchant, regardless of acceptance channel, processing over 6,000,000 transactions per year. Any merchant that has suffered a breach that resulted in an account data compromise. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Any merchant identified by any other payment card brand as Level 1. 2Any merchant processing 1,000,000 to 6,000,000 transactions per year. 3Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year. 4Any merchant processing less than 20,000 Visa e-commerce transactions per year, and all other merchants processing up to 1,000,000 Visa transactions per year.

15 PCI Providers Service Provider Level Description 1All VisaNet® processors (member and non member) and all payment gateways. 2Any service provider that is not in Level 1 and stores, processes, or transmits more than 1,000,000 Visa accounts/transactions annually. 3Any service provider that is not in Level 1 and stores, processes, or transmits less than 1,000,000 Visa accounts/transactions annually.

16 Requirements All Merchants and Processors must comply to PCI Data Security. Level One Merchants and Level One and Two processors are required to undergo and annual audit. All other levels must provide an annual self assessment form All levels must undertake a network scan quarterly.

Download ppt "Standards in Use. EMV June 16Caribbean Electronic Payments LLC2."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.

Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.

Similar presentations

Ads by Google