Presentation is loading. Please wait.

Presentation is loading. Please wait.

2010 User Conference April 23 rd – 25 th, Philadelphia, PA PCI Compliance & Security Presented By: Kevin Smith & Mark Setzer Stone Edge Technologies, Inc.

Published bySherman Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "2010 User Conference April 23 rd – 25 th, Philadelphia, PA PCI Compliance & Security Presented By: Kevin Smith & Mark Setzer Stone Edge Technologies, Inc."— Presentation transcript:

1 2010 User Conference April 23 rd – 25 th, Philadelphia, PA PCI Compliance & Security Presented By: Kevin Smith & Mark Setzer Stone Edge Technologies, Inc. April 24, 2010 10:30 AM – 12:00 PM

2 2010 User Conference April 23 rd – 25 th, Philadelphia, PA PCI PA-DSS Compliance The Stone Edge Order Manager Payment System Presented By: Kevin Smith Senior Developer, Stone Edge Technologies, Inc. April 24, 2010 10:30 AM – 12:00 PM

3 2010 User Conference April 23 rd – 25 th, Philadelphia, PA PA-DSS? Payment Application – Data Security Standards Created & Enforced by PCI Maintained by PCI Security Standards Council Liability Concerns as a Merchant Impacts Applications Storing Cardholder Data Certification Needed for Gateway Access Deadlines!

4 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Dilemma! Is the Order Manager Certifiable? –Security Concerns –Time & Cost of Certification –Versioning Considerations Questions –To Store or Not To Store –Long Term Issues and Liabilities –Third Party Integration Concerns

5 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Management Decision New Payment System –Simplicity (KISS – OOPS!) –Limited Versioning –Data Isolation –Encryption Concerns –Code Centralization –Formalized Process Flow –Streamline Processor Integrations –Achieve Certification

6 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Order Manager Import MOP View Orders Manual Orders POS Order Approval Pack & Ship DataActionRules Format Data & Choose Processor CC Proc EmailPaymentResult Gateway Code CC Proc CC Proc CC Proc CC Proc CC Proc User Interface and/or Code DataActionRules EmailPaymentResult DataActionRules EmailPaymentResult DataActionRules EmailPaymentResult DataActionRules EmailPaymentResult DataActionRules EmailPaymentResult DataActionRules EmailPaymentResult

7 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Order Manager Import MOP View Orders Manual Orders POS Order Approval Pack & Ship Payment Management System CC Proc CC Proc CC Proc CC Proc CC Proc CC Proc Order Object Payment UI Payment Request Payment Response Payment Processor Interface Data Collection, Action, Rules Result Analysis, Record Payment, Email Processor Code RESULT Payment Request

8 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Impact On Your Operations No Permanent Card Data Storage Less Liability Repeat Customers –Card Data Tokenization –Gateway Customer Management Systems –Payment Data From Website Partial Shipments & Subscriptions A Few Extra Clicks New Interface

9 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Added Features Multiple Capture & Voice Auth Capture Blind Credit Support Additional Gateways Gift Card Support* PIN Pad Support Check Reader Support Encrypted Card Swipe Support Improved USB System

10 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Credit Card Interface

11 2010 User Conference April 23 rd – 25 th, Philadelphia, PA eCheck Interface

12 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Other Payments

13 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Existing Transactions

14 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Questions?

15 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Security Presented By: Mark Setzer Senior Developer, Stone Edge Technologies, Inc. April 24, 2010 10:30 AM – 12:00 PM

16 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Types of Security Physical –Physical access means game over from a security standpoint Network –Assume attacks are inevitable –Who needs access? To what? Application –Microsoft Access, Order Manager, Microsoft SQL Server

17 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Order Manager Security Intended for basic reporting, logging, task assignment Not “hard” security

18 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Network Security Hardware location –Firewall rules Server administration –Shared folders –Active Directory –Needed services –Windows Updates

19 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Application Security Microsoft Access SQL Server –Careful about “role” access –Difficult to provide “basic” access w/o allowing destructive behavior as well

20 2010 User Conference April 23 rd – 25 th, Philadelphia, PA Questions?

Download ppt "2010 User Conference April 23 rd – 25 th, Philadelphia, PA PCI Compliance & Security Presented By: Kevin Smith & Mark Setzer Stone Edge Technologies, Inc."

Similar presentations

CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.

CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.
Credit Card Processing in SAP

Credit Card Processing in SAP
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
2010 User Conference April 23 rd – 25 th, Philadelphia, PA Pick, Pack & Ship / Fulfillment Sunday 10:30 – 12:00 PM Presented by: Kevin Horowski, Senior.

2010 User Conference April 23 rd – 25 th, Philadelphia, PA Pick, Pack & Ship / Fulfillment Sunday 10:30 – 12:00 PM Presented by: Kevin Horowski, Senior.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Oracle iPayment Configuration Integrated v/s Third Party Vendors

Oracle iPayment Configuration Integrated v/s Third Party Vendors
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Copyright © 2002 Pearson Education, Inc.

Copyright © 2002 Pearson Education, Inc.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
Webinar Today: eCommerce Solutions Shopping Carts Online Bill Payment Event Registration And more! Problems? Please

Webinar Today: eCommerce Solutions Shopping Carts Online Bill Payment Event Registration And more! Problems? Please
Credit Card And Prepaid Process Edward M. Kwang President.

Credit Card And Prepaid Process Edward M. Kwang President.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.

Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.
Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.

Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Similar presentations

Ads by Google