Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI-DSS Security Awareness

Published byHelen Williams Modified over 6 years ago

Similar presentations

Presentation on theme: "PCI-DSS Security Awareness"— Presentation transcript:

1 PCI-DSS Security Awareness
What you need to know to protect our customers’ data

2 Payment Card Industry, Data Security Standard
PCI DSS – What is it? Payment Card Industry, Data Security Standard Developed by the five major card brands, to address potential areas of vulnerability and guide organizations in best practices to maintain the integrity of cardholder data.

3 PCI DSS – What is it? Failure to comply could result in:
Significant fines from the card brands Inability to accept credit cards for payment Damage to Kent State University brand/reputation

4 PCI Data Security Standard
What does this mean for you?

5 Verify Card Elements & Security Features

6 When processing a credit card transaction…
Verify the following: The card is signed. The expiration date has not passed. The signature on the receipt matches the card signature. The receipt does not show the full 16-digit account number or card validation code.

7 PCI DSS Requirements Build and Maintain a Secure Network and Systems
Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Protect all systems against malware and regularly update anti virus software or programs 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know Identify and authenticate access to system components Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel.

8 Focus on: Restricting physical access to cardholder data.
Implementing Strong Access Control Measures which Include: Restricting physical access to cardholder data.

9 Restrict physical access to cardholder data
Periodically inspect all credit card devices for tampering or substitution. Never allow direct physical access to the credit card device, without supervisor approval. Be aware of suspicious behavior. Immediately report tampering or evidence of “skimming” or any breach to your supervisor.

10 Periodically inspect all credit card devices for tampering or substitution.
Tampering / Substitution – What to look for Your credit card terminal will have a sticker on the back that provides the serial number for the device. Regularly check for altering or tampering. If the numbers do not match, the terminal may have been replaced.

11 Periodically inspect all credit card devices for tampering or substitution.
Tampering / Substitution – What to look for Be aware of all access points to the inside of the device. A skimming device has been added to the inside compartment of this device.

12 Periodically inspect all credit card devices for tampering or substitution.
Tampering / Substitution – What to look for In the bottom picture, the cord has been replaced, this could allow capture of credit card data, if left unnoticed.

13 Periodically inspect all credit card devices for tampering or substitution.
Tampering / Substitution – What to look for More information on skimming prevention may be found at: Download: “Skimming Prevention Best Practices for Merchants”

14 Never allow direct physical access to the credit card device without supervisor approval.
Never allow access to credit card terminals without supervisor approval. Always verify with your supervisor the identity of any third-party claiming to be repair or service personnel.

15 Be aware of suspicious behavior.
Be aware of suspicious behavior around devices (for example, attempts by unknown persons to unplug or open devices).

16 Immediately report tampering or evidence of skimming or any breach to your supervisor.
If you become aware of evidence of tampering, replacement, or any other breach of credit card data, contact your supervisor immediately.

17 PCI DSS – helpful links PCI DSS: https://www.pcisecuritystandards.org/
KSU Policy: American Express: Discover: JCB International: MasterCard: Visa Inc:

18 Supervisor Name Signature Date PCI DSS Security Awareness Training has been reviewed with the following staff. Staff Name (Print) Signature Date

Download ppt "PCI-DSS Security Awareness"

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Introduction to PCI DSS

Introduction to PCI DSS
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Youngstown State University PCI Training enter or left click on mouse to advance slides.

Youngstown State University PCI Training enter or left click on mouse to advance slides.
What to Do if Compromised

What to Do if Compromised
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

Similar presentations

Ads by Google