Download - An Introduction to PCI Compliance
-
An Introduction to PCI Compliance
-
Data Breach Trends
About PCI-SSC
12 Requirements of PCI-DSS
Establishing Your Validation Level
PCI Basics
Benefits of PCI Compliance
Benefits of Accepting Credit Cards
-
Source: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
-
From the chart, it is evidentunauthorized access viadefault, shared, or stolen credentials constituted more than a third of the entire hacking category and over half of allcompromised records.
Example: Titos Taco ShackSource: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
-
PCI-SSC
-
Payment Card Industry - Security Standards CouncilDoesDoes NotData Security Standard (DSS)
Payment Application Data Security Standard (PA-DSS)
Pin Transaction Security (PTS) Requirements. Enforce standards Set fine and fee structures
Set validation levels
-
Build and Maintain a Secure NetworkRequirement 1: Install and maintain a firewall configuration to protect cardholder dataRequirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder DataRequirement 3: Protect stored cardholder dataRequirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management ProgramRequirement 5: Use and regularly update anti-virus softwareRequirement 6: Develop and maintain secure systems and applications Implement Strong Access Control MeasuresRequirement 7: Restrict access to cardholder data by business need-to-knowRequirement 8: Assign a unique ID to each person with computer accessRequirement 9: Restrict physical access to cardholder data Regularly Monitor and Test NetworksRequirement 10: Track and monitor all access to network resources and cardholder dataRequirement 11: Regularly test security systems and processes Maintain an Information Security PolicyRequirement 12: Maintain a policy that addresses information security
-
= State PCI Law= Breach Notification Laws
-
Any merchant that processes, transmits, or stores credit card data regardless of processing volume must comply to PCI-DSS regulations.
Every merchant must validate compliance every year.*
MIDs under different TAXIDs will need to certify separately.
* Check with your Acquiring bank for specific validation requirements and deadlines
-
Source: www.visa.com/cisp
-
Source: www.pcisecuritystandards.org
-
Peace of mind for your business and clients
Decreased risk of security breaches
Boost in customer confidence
Protection from costly fines
Relatively quick and easy
Safeguard your business reputation
-
Stay viable in the marketplace The number of payments made by debit, credit, or EBT card grew by 12.8 billion from 2003 to 2006, reaching 48.1 billion and exceeding the number of checks paid by 17.6 billion.*
Offer payment flexibility to clients
Improve cash flow
Reduce the hassle of collections
*http://www.federalreserve.gov/pubs/bulletin/2008/articles/payments/default.htm
-
www.visa.com/cisp
www.pcisecuritystandards.org
www.mastercard.com/us/sdp/education
www.pcicentral.com/docs/pciscc_ten_common_myths.pdf
http://www.federalreserve.gov/pubs/bulletin/2008/articles/payments/default.htm
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
-
Amy Airhart
www.pcicentral.com
*