Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Payment Card Industry Data Security Standard

Published byTheodore McLaughlin Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Payment Card Industry Data Security Standard"— Presentation transcript:

1 Introduction to Payment Card Industry Data Security Standard
Simon Pugh 21st Annual ECI Conference

2 History of PCI Security Standards Council
Responsible for development, management education and awareness of PCI Security Standards Formed by American Express, Discover, JCB, MasterCard and Visa in 2006 Its genesis dates back to work underway during the dot-com boom a decade ago 21st Annual ECI Conference

3 Three Components of PCI
Source: PCI Security Standards Council 21st Annual ECI Conference

4 PCI DSS – 6 Goals, 12 Requirements
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect Stored Data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security 21st Annual ECI Conference

5 Applicability of PCI DSS
Data Element Storage Permitted Protection Required Cardholder Data Primary Account Number (PAN) Yes Cardholder Name Yes* Service Code Expiration Date Sensitive Authentication Data (Post Authorization) Full Magnetic Stripe Data No N/A CAV2/CVC2/CVV2/CID PIN/PIN Block Source: PCI Security Standards Council * If stored in conjunction with the PAN 21st Annual ECI Conference

6 Six steps to PCI DSS Compliance
If you don’t need it, don’t store it Secure the perimeter Secure applications Control access to systems Protect stored cardholder data Finalize remaining compliance efforts, and ensure all controls are in place 21st Annual ECI Conference

7 A Simple view of a Payment Transaction
Source: MasterCard Worldwide 21st Annual ECI Conference

8 The Retailer’s View 21st Annual ECI Conference

9 PCI DSS - Concluding Thoughts
PCI DSS seems simple in theory – compliance is far more challenging and expensive Not complying can be far more costly though! Technologies such as Chip+PIN may reduce the value of compromised cardholder data but don’t simplify the burden of compliance – today. 21st Annual ECI Conference

Download ppt "Introduction to Payment Card Industry Data Security Standard"

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
PCI Compliance: What’s All the Fuss? Bob Russo November 7, 2008.

PCI Compliance: What’s All the Fuss? Bob Russo November 7, 2008.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

Similar presentations

Ads by Google