Upload File

pci dss overview

8
An independent industry standards body responsible for the development and management of Payment Card Industry security standards on a global basis Founding multinational acceptance brand members: American Express Discover Financial JCB International MasterCard Visa 1 PCI-DSS Standards and Overview

Upload: ofulue-amaka

Post on 17-Aug-2015

84 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: PCI DSS Overview

1

An independent industry standards body responsible for the development and management of Payment Card Industry security standards on a global basis

Founding multinational acceptance brand members:

American Express Discover Financial JCB International MasterCard Visa

PCI-DSS Standards and Overview

Page 2: PCI DSS Overview

2

PCI-DSS Standards and Overview

Resources required by the council include

Page 3: PCI DSS Overview

3

PCI Security Standards

Page 4: PCI DSS Overview

4

PCI DSS covers security of the environment that store, process, transmit account data

– Environments receive account data from payment applications and other sources (e.g. acquirers)

PCI PA-DSS covers secure payment applications to support PCI DSS compliance

– Payment application receives account data from PIN-entry devices (PEDs) or other devices and begins payment transaction

PCI P2PE covers encryption, decryption, and key management requirements for point-to-point encryption solutions.

PCI PTS - POI covers the protection of sensitive data at point-of-interaction devices and their secure components, including cardholder PINs and account data, and the cryptographic keys used in connection with the protection of that cardholder data

PCI PTS - PIN covers secure management, processing and transmission of personal identification number (PIN) data during online and offline payment card transaction processing

PCI PTS - HSM covers physical, logical and device security requirements for securing Hardware Security Modules (HSM)

PCI Card Production covers physical and logical security requirements for systems and business processes associated with card personalization, PIN generation, PIN mailers, and card carriers and distribution.

PCI Security Standards

Page 5: PCI DSS Overview

5

PCI-DSS Overview

PCI DSS provides a baseline of technical and operational requirements designed to protect payment card data.

PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks.

PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data and/or sensitive authentication data.

PCI DSS requirements apply wherever account data is stored, processed, or transmitted.

Page 6: PCI DSS Overview

6

What is Card Holder Data?

What is Card Holder Data?

What is Account data?

What is a PAN?

What is CVV/CVC?

What is PIN?

Page 7: PCI DSS Overview

7

What is Card Holder Data?

PCI DSS requirements are applicable wherever Primary Account Number (PAN) or Sensitive Authentication Data (SAD) is stored, processed, or transmitted.

PCI DSS requirements also apply to systems that provide security services or could impact the security of account data.

Account data includes all of the information printed on the physical card as well as the data on the magnetic stripe or chip.

Sensitive Authentication Data cannot be stored after authorization.

Encrypting cardholder data or sensitive authentication data does NOT necessarily remove it from scope.

Cardholder Data includes: Sensitive Authentication Data includes Primary Account Number (PAN) Full track data (magnetic-stripe data

or equivalent on a chip)

Cardholder Name CAV2/CV2/CVV2/CID

Expiration Date Service Code

• PINs/PIN blocks

Account Data

Page 8: PCI DSS Overview

8

The PCI Data Security Standard


PCI DSS Compliance PCI DSS... · Introduction to PCI DSS 3 . PCI Security Standards Card Schemes Acquirer Council (PCI SSC) 4 Overview of PCI DSS Roles and Responsibilities Each of

PCI DSS v3.2 Continuous Compliance & Audit ReadinessPCI DSS v3.2 Continuous Compliance & Audit Readiness Author Tufin Subject PCI DSS v3.2 compliance Keywords PCI DSS v3.2 compliance,

Payment Card Industry Data Security Standards (PCI DSS)financialaffairs.depaul.edu/treasurer/documents/PCI DSS... · 2019. 8. 12. · Annual Attestation & Questionnaire The PCI DSS

PCI DSS Virtualization Guidelines - Official PCI Security

Mapping PCI DSS 3 - IT Security Policies - Internal Use or Regulations Like - PCI … DSS 3.0... ·  · 2014-01-24Mapping PCI DSS 3.0 to Instant PCI Policy . ... (ISO) - SysAdmin

PCI DSS and PA DSS

PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting

PCI DSS 3.0 Overview and Key Updates

PCI DSS Compliance - WhiteCanyon Softwarerequirements for PCI DSS Certification. WHAT DOES IT MEAN TO BE PCI-DSS COMPLIANT? Businesses that achieve PCI DSS certification enjoy access

PCI DSS 3.0 Branden R. Williams, 12 September 2013 DSS 3.0.pdf · Agenda Introductions PCI DSS to Date PCI DSS 3.0 Preview Challenges & Issues Keep in Touch! Questions!

PCI DSS Certification

PCI DSS & PII

PCI DSS Compliance

NEW PCI DSS 3.0 Requirements (PCI Compliance)

UMass Amherst - PCI DSS Self-Assessment … · Web viewFor details of PCI DSS changes, see PCI DSS – Summary of Changes from PCI DSS Version 3.1 to 3.2. Requirements added from

5 Steps to Implement & Maintain PCI DSS Compliancedocs.media.bitpipe.com › ... › AV-PCI-DSS-Compliance.pdf · 2015-10-13 · Security Standard (PCI DSS) compliance can be both

Official PCI Security Standards Council Site - Payment Card ......PCI SSC maintains the PA-DSS and related PCI standards, including the PCI DSS. In relation to PA-DSS, PCI SSC: Is

PCI DSS Prioritized Approach for PCI DSS 3 · PDF file2 PCI DSS Prioritized Approach for PCI DSS 3.2 2016 PCI Security Standards Council LLC. The intent of this document is to provide

Marie-Christine Vittet PCI DSS Program Director July 2013 Accor PCI DSS Project

Information Supplement - PCI DSS Wireless Guidelines · 4.1. Physical security of wireless devices ... 4 Information Supplement: PCI DSS Wireless Guidelines 1. Document Overview 1.1

A PCI Walk in the Clouds - PCI DSS QSA, ASV, PA QSA ... · 1 Cloud Data Security Compliance based on PCI DSS 1.1 Background of the PCI DSS 1.2 PCI DSS Overview 1.3 Shared Responsibility

PCI DSS & PA DSS Version 3.0

PCI DSS 3.2

Navigating PCI DSS

PCI-DSS validated Level 1 Service Providerstatic.ecwid.com/wp-content/themes/ecwid/docs/Ecwid-2016-PCI-DSS... · PCI-DSS validated Level 1 Service Provider

PCI DSS Self-Assessment Completion Steps - Finance and ... · Web viewFor details of PCI DSS changes, see PCI DSS – Summary of Changes from PCI DSS Version 3.1 to 3.2. Requirements

PCI DSS Data Storage Do’s and Don’ts - CSUbusfin.colostate.edu/Forms/General_Forms/fmMerchantPCIFormsData… · PCI DSS DATA STORAGE PCI DSS Data Storage Do’s and ... no payment

Pci dss v2

Ten Common Myths of PCI DSS - Point of Sale€¦ · PCI DSS MYTHS Ten Common Myths of PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that

PCI DSS and Security overview

PCI DSS 3.0 Changes & Challenges - NDSU · PCI DSS 3.0 Changes & Challenges Our Agenda •FRSecure, the company •Introduction to PCI-DSS •Recent breaches •Recent PCI-DSS changes

Payment Card Industry (PCI) Data Security Standardo PCI DSS – Summary of Changes from PCI DSS version 2.0 to 3.0 o PCI DSS Quick Reference Guide o PCI DSS and PA-DSS Glossary of

PCI DSS 1 - PCI Security Standards · PDF filePCI DSS D, 2.0, 2010 . (C) PCI Security Standards Council LLC, 2010 i 1 2008 . 1.2 PCI DSS 1.2 1.1. 28 2010 . 2.0 PCI DSS 2.0

Demystifying Pci Dss

LESS IS MORE PCI DSS SCOPING DEMYSTIFIED - … IS MORE PCI DSS SCOPING DEMYSTIFIED . ... PCI DSS assessment. However, ... PA-QSA . PCI Awareness . QSA . Guidance . Mobile