1 / 23

pci compliance: is your campus at risk kris herrin, cso, heartland payment systems naccu march 10, 2009

Agenda. Introduction / Goals / ObjectivesDrivers: The

Mia_John
Download Presentation

pci compliance: is your campus at risk kris herrin, cso, heartland payment systems naccu march 10, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    2. Introduction / Goals / Objectives Drivers: The ‘Carding’ Market Important Roles and Terms Myths of PCI Data Security Standard PCI DSS Compliance in 5 Easy Steps Step 1: No Prohibited Data Step 2: Scope, Scope, Scope Step 3: Payment Application (PA-DSS) Step 4: The DSS Requirements Step 5: Compensating Controls What’s New in PCI DSS v1.2 Tips and Tricks Q&A

    3. DISCLAIMERS IANAL – I Am Not A Lawyer IANTPS – I Am Not The PCI SSC IANAQSA – I Am Not A Qualified Security Assessor

    6. The stats: Card Present vs. Card Not Present Level 4 vs. Levels 1-3 Universities as % Compromised Compromised Merchants Storing Full Track Merchant Issue vs. Third-Party Issue All numbers available from Trustwave Global Compromise Statistics: https://www.trustwave.com/whitePapers.php

    8. You can buy PCI compliance in a box Outsourcing processing makes you compliant PCI is an IT problem PCI Compliance = Security PCI compliance is impossible to obtain PCI requires an army of Qualified Security Assessors PCI is only for the big companies Filling out a SAQ makes you complaint PCI requires storing more data PCI is your processor’s responsibility

    10. Definition #1: PCI applies to all system components that “store, process, or transmit cardholder data” Definition #2: “System components” are defined as network component, server, or application included in or connected to the cardholder data environment Definition #3: “Network components” include firewalls, switches, routers, wireless access points, network appliances, and other security appliances Definition #4: “Server” types include web application, database, authentication, mail, proxy, network time protocol, and domain name server Definition #5: “Applications” include all purchased and custom applications, including internal and external (internet) applications

More Related