Presentation is loading. Please wait.

Presentation is loading. Please wait.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Published byRodger Dickerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007."— Presentation transcript:

1 Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger rargetsinger@dmdiocese.org 515-237-5007

2 Members of the PCI Security Standards Council Include: American Express, Discover, JCB, MasterCard & Visa. Does your organization accept payment or gifts via credit cards? Then you MUST meet some form of PCI DSS Compliance

3 Prioritized Approach Help stakeholders understand where they can act to reduce risk. *No single milestone in the Prioritized Approach will provide comprehensive security or PCI DSS Compliance, but following it’s guidelines will help stakeholders to expedite the process of securing cardholder data.

4 Prioritized Approach Provides six security milestones that will help merchants & other organizations incrementally protect against the hightest risk factors & escalating threats while on the road to PCI DSS Compliance. * To achieve PCI DSS compliance, an organization must meet all PCI DSS requirements.

5 Prioritized Approach Milestones 1: Goal: Remove sensitive authentication data and limit data retention. 2: Goal: Protect systems & networks, and be prepared to respond to a system breach. 3: Goal: Secure payment card applications. 4: Goal: Monitor and control access to your systems. 5: Goal: Protect stored cardholder data. 6: Goal: Finalize remaining compliance efforts, and ensure all controls are in place.

6 PCI DSS Requirements There are twelve requirements. Each requirement has sub-requirements that need to be met to fulfill the requirement. The Prioritized Approach maps out which sub-requirements should have a higher priority than others. Note: Counting all sub-requirements, there are a total of 229 items that need to be met (depending upon which type of merchant you are!)

7 PCI DSS Requirements 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks.

8 PCI DSS Requirements 5. Use and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications. 7. Restrict access to cardholder data by business need to know. 8. Assign a unique ID to each person with computer access.

9 PCI DSS Requirements 9. Restrict physical access to cardholder data. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. 12. Maintain a policy that addresses information security for all personnel.

10 Self Assessment Questionnaire SAQ: Validation tool intended to assist merchants & service providers in self-evaluating their compliance with PCI DSS. There are multiple versions of the SAQ to meet various scenarios. The SAQ Validation tool is for merchants & service providers not required to submit an onsite data security assessment Report on Compliance (ROC). Keep in mind: Compensating Controls = may be considered for most PCI DSS requirements where an organization can not meet the technical specification of a requirement, but has sufficiently mitigated the associated risk through alternative controls.

11 SAQ Form(s) A = Card not present (eCommerce). All cardholder data functions outsourced (13 pages) B = Imprint only – no electronic cardholder data storage, or stand-alone dial out terminal merchants with no electronic cardholder data storage (18 pages) C-VT = Merchants using only web based virtual terminals – no electronic cardholder data storage (26 pages)

12 SAQ Form(s) C = Merchants with payment application systems connected to the internet, no electronic cardholder data storage (40 pages) D = All Others I.E. More pages = more questions = more requirements to satisfy! www.pcisecuritystandards.org

Download ppt "Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Similar presentations

Ads by Google