Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Published byLily Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce."— Presentation transcript:

1 PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce

2 PCI-Data Security Standards What is PCI-DSS? Does PCI-DSS Apply to My Business? What are the Consequences of Non- Compliance? What are My Next Steps? Resources

3 What is PCI-DSS? 5 Major Credit Card Companies Created the Payment Card Security Standards Council Established (Almost) Common Data Security Standards for Credit Card Data

4 Does PCI-DSS Apply to My Business? “Payment Card Industry (PCI) Data Security requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data.” Applies to all system components which are defined as “any network component, server, or application included in, or connected to, the cardholder data environment”.

5 Merchant Levels LevelDescription 1 Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. 2 Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year. 3 Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year. 4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year. Compliance Requirements Vary By Merchant Level

6 Compliance Validation Requirements LevelMerchant Validation Requirements 1 Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV 2 Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV 3 4 Validation Requirements Vary By Merchant Level

7 Consequences of Non-Compliance Increased Bank Fees Reclassification of Merchant Level Potential loss of card processing privileges

8 Consequences of a Breach Damage to Brand Mandatory involvement of federal law enforcement Merchant banks may pass along substantial fines levied by the credit card companies Up to $500,000 per incident from Visa Civil liability and cost of providing Identity Theft protection

9 PCI Goals and Requirements 6 Goals, 12 Requirements Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications Implement Strong Access Control Measures Restrict access to cardholder data by business need-to- know Restrict physical access to cardholder data Assign a unique ID to each person with computer access Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy Maintain a policy that addresses information security

10 Next Steps Complete the SAQ Create a remediation plan Find an ASV and schedule your quarterly network scans Check with your bank or credit card authority to find out when they expect to receive your SAQs and ASV scans. Obtain a statement of compliance or SAQ from each of your service providers.

11 Resources Your Bank PCI Security Council Website https://www.pcisecuritystandards.org/index.shtml

Download ppt "PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI 101. Trustwave Corporate Profile Copyright Trustwave 2008 Confidential 2009 SC Magazine “Recommended” Managed Security Services Forrester 9 out of.

PCI 101. Trustwave Corporate Profile Copyright Trustwave 2008 Confidential 2009 SC Magazine “Recommended” Managed Security Services Forrester 9 out of.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme

Similar presentations

Ads by Google