InMobi Technology, profile picture
Uploaded byInMobi Technology
PPTX, PDF3,714 views

PCI DSS v3 - Protecting Cardholder data

The document provides an overview of the Payment Card Industry Data Security Standard (PCI DSS v3), which outlines requirements for companies that handle credit card information to maintain secure environments. It discusses the importance of PCI DSS in the context of increasing card transactions, differentiates it from ISO 27001, and addresses common myths surrounding compliance. Additionally, it highlights the roles of various entities involved in PCI DSS and offers useful resources for further information.

Technology
Related topics:
PCI DSS Training

Embed presentation

Downloaded 128 times
PCI- DSS v3: Protecting Cardholder Data
Agenda • PCI DSS v3 : An Overview • PCI DSS: How it is different from other similar standards? • PCI DSS vs ISO 27001 • Protecting Cardholder data through PCI DSS v3 • Common Myths regarding PCI DSS • Security vs Compliance
PCI DSS: An Overview 1. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that either: • Process, • Store or • Transmit “credit card information maintain a secure environment”. 2. The PCI DSS is administered and managed by the PCI SSC - Payment Card Industry Security Standard Council (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
PCI DSS: Why it has become important? • No of Card Transactions : 10000 per second • No of non cash payments (as per 2013) = 333 Bn (Card Payments = 181 billion • If 7 billion on planet have a card, they would have used at least 19 times.
PCI DSS: Card Details Payment Account Number (PAN) Hologram Cardholder name Expiry Date Payment Brand Logo EMV CHIP
PCI DSS: 3 year Update cycle
PCI DSS: Who all entities are at play? Payment Brands Banks Merchants Service Providers
PCI DSS: What are Card present Transaction?
PCI DSS: What are Card not present Transaction?
PCI DSS: What Card details can / can’t be stored
PCI DSS: What Card details can / can’t be stored
PCI DSS: Path to Certification
PCI DSS vs ISO27001 Just for clarity 
Compliance Mandates Compliance Mandatory Compliance Voluntary Company Scope Functioning Levels Overall Company Degree of Compliance Must Meet All Standards Standards Voluntary Separation of Systems High Low Degree of Flexibility Low High FEATURES PCI - DSS ISO 27001:2013 PCI DSS vs ISO27001
Is it good idea to have both? • ISO is an overall measure for companies to use for compliance of information security management. • PCI is a more standardized and regulated sub-section of information security management that pertains specifically to cardholder data. • PCI compliance could be a part of overall ISO compliance if a company were concerned with meeting both regulations.
Common Myths regarding PCI DSS • One vendor and product will make us compliant • Outsourcing card processing makes us compliant • PCI DSS compliance is an IT project • PCI DSS will make us secure • PCI DSS is unreasonable; it requires too much • PCI DSS requires us to hire a Qualified Security Assessor • We don’t take enough credit cards to be compliant • We completed a SAQ so we’re compliant • PCI DSS makes us store cardholder data • PCI DSS is too hard
Useful Links for PCI DSS • https://www.pcisecuritystandards.org/security_standards/documents.php • http://www.beyondsecurity.com/pci_compliance.html • https://www.pcicomplianceguide.org/pci-faqs-2/
The way to see it…….. You can read as costs saved in fines, legal fees, decreases in stock equity, and especially lost business
THANK YOU !! - Manasdeep

More Related Content

PPTX
Introduction to PCI DSS
bySaumya Vishnoi
 
PDF
PCI DSS Essential Guide
byKim Jensen
 
PPTX
PCI DSS 3.0 – What You Need to Know
byTerra Verde
 
PPTX
PCI DSS Simplified: What You Need to Know
byAlienVault
 
PDF
Pci dss-for-it-providers
byCalyptix Security
 
PDF
1. PCI Compliance Overview
byokrantz
 
PPT
PCI DSS
byDuy Do Phan
 
PDF
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
byAriel Ben-Harosh
 
Introduction to PCI DSS
bySaumya Vishnoi
 
PCI DSS Essential Guide
byKim Jensen
 
PCI DSS 3.0 – What You Need to Know
byTerra Verde
 
PCI DSS Simplified: What You Need to Know
byAlienVault
 
Pci dss-for-it-providers
byCalyptix Security
 
1. PCI Compliance Overview
byokrantz
 
PCI DSS
byDuy Do Phan
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
byAriel Ben-Harosh
 

What's hot

PPTX
PCI DSS v3.0: How to Adapt Your Compliance Strategy
byAlienVault
 
PDF
PCI-DSS_Overview
bysameh Abulfotooh
 
PPTX
Spirit of PCI DSS by Dr. Anton Chuvakin
byAnton Chuvakin
 
PDF
Pci ssc quick reference guide
byMohammad Makchudul Alam (Arif)
 
PPTX
PCI DSS Compliance
bySaumya Vishnoi
 
PPTX
PCI DSS and PA DSS
byKimberly Simon MBA
 
PPTX
SFISSA - PCI DSS 3.0 - A QSA Perspective
byMark Akins
 
DOCX
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
byhimalya sharma
 
PPTX
Webinar - pci dss 4.0 updates
byVISTA InfoSec
 
PPTX
PCI DSS 3.2 - Business as Usual
byKimberly Simon MBA
 
PPTX
Approach pci- dss
byVikrant Burbure
 
KEY
PA-DSS
byChristian Heinrich
 
PDF
Pcidss qr gv3_1
byleon bonilla
 
PPTX
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
byAnton Chuvakin
 
PDF
PCIDSS compliance made easier through a collaboration between NC State and UN...
byJohn Baines
 
PPTX
PCI DSS 3.2
byKimberly Simon MBA
 
PPT
Application security and pa dss certification
byAlexander Polyakov
 
PDF
Pcidss
byyazsapa
 
PPTX
A practical guides to PCI compliance
byJisc
 
PPS
P0 Pcidss Overview
byb28stu
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
byAlienVault
 
PCI-DSS_Overview
bysameh Abulfotooh
 
Spirit of PCI DSS by Dr. Anton Chuvakin
byAnton Chuvakin
 
Pci ssc quick reference guide
byMohammad Makchudul Alam (Arif)
 
PCI DSS Compliance
bySaumya Vishnoi
 
PCI DSS and PA DSS
byKimberly Simon MBA
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
byMark Akins
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
byhimalya sharma
 
Webinar - pci dss 4.0 updates
byVISTA InfoSec
 
PCI DSS 3.2 - Business as Usual
byKimberly Simon MBA
 
Approach pci- dss
byVikrant Burbure
 
PA-DSS
byChristian Heinrich
 
Pcidss qr gv3_1
byleon bonilla
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
byAnton Chuvakin
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
byJohn Baines
 
PCI DSS 3.2
byKimberly Simon MBA
 
Application security and pa dss certification
byAlexander Polyakov
 
Pcidss
byyazsapa
 
A practical guides to PCI compliance
byJisc
 
P0 Pcidss Overview
byb28stu
 

Viewers also liked

PPTX
Electronic transactions 123
byDeva Prasad
 
PDF
Tackling Card not present Fraud
byStefano Maria De' Rossi
 
PPTX
GrowthStack 2016 — Rapid Response To Mobile Fraud
byGrow.co
 
PPTX
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
byAlienVault
 
PPTX
PCI DSS 2.0 Detailed Introduction
byControlCase
 
PDF
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PPTX
Data mart
byPrachi Agarwal
 
PPTX
Data mart
byGustavo Hdz
 
Electronic transactions 123
byDeva Prasad
 
Tackling Card not present Fraud
byStefano Maria De' Rossi
 
GrowthStack 2016 — Rapid Response To Mobile Fraud
byGrow.co
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
byAlienVault
 
PCI DSS 2.0 Detailed Introduction
byControlCase
 
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
Data mart
byPrachi Agarwal
 
Data mart
byGustavo Hdz
 

Similar to PCI DSS v3 - Protecting Cardholder data

PPTX
PCI DSS Compliance introduction explanation
byRicha Goel
 
PDF
Quick Reference Guide to the PCI Data Security Standard
by- Mark - Fullbright
 
PDF
PCI DSS introduction by khaled mosharraf,
byKhaled Mosharraf
 
PDF
Adventures in PCI Wonderland
byMichele Chubirka
 
PDF
PCI DSS: What it is, and why you should care
bySean D. Goodwin
 
PDF
Credit Card Processing for Small Business
byMark Ginnebaugh
 
PPTX
PCI DSS Compliance Readiness
byAl Abbas, PMP, CISSP, MBA, MSc
 
PDF
a Guide for quick pci dss and payment security
bysuridhalder
 
PPTX
What Everybody Ought to Know About PCI DSS and PA-DSS
byLondon School of Cyber Security
 
PPTX
Payment card industry data security standard
bysallychiu
 
PDF
MTBiz May-June 2019
byMutual Trust Bank Ltd.
 
DOCX
PCI DSS 6 Key Objectives You Must Know for Compliance.docx
byBORNSEC CONSULTING
 
PDF
Approach & methodology - PCI DSS (1).pdf
bysuridhalder
 
PDF
PCI Certification and remediation services
byTariq Juneja
 
PDF
Reduce PCI Scope - Maximise Conversion - Whitepaper
byShaun O'keeffe
 
PDF
Pci dss in retail now and into the future
byVisionID
 
DOCX
Online_Transactions_PCI
byKelly Lam
 
PPTX
PCI DSS Slidecast
byRobertXia
 
PDF
Pci standards, from participation to implementation and review
byisc2-hellenic
 
PPTX
Payment Card Industry Introduction CMTA APR 2010
byDonald E. Hester
 
PCI DSS Compliance introduction explanation
byRicha Goel
 
Quick Reference Guide to the PCI Data Security Standard
by- Mark - Fullbright
 
PCI DSS introduction by khaled mosharraf,
byKhaled Mosharraf
 
Adventures in PCI Wonderland
byMichele Chubirka
 
PCI DSS: What it is, and why you should care
bySean D. Goodwin
 
Credit Card Processing for Small Business
byMark Ginnebaugh
 
PCI DSS Compliance Readiness
byAl Abbas, PMP, CISSP, MBA, MSc
 
a Guide for quick pci dss and payment security
bysuridhalder
 
What Everybody Ought to Know About PCI DSS and PA-DSS
byLondon School of Cyber Security
 
Payment card industry data security standard
bysallychiu
 
MTBiz May-June 2019
byMutual Trust Bank Ltd.
 
PCI DSS 6 Key Objectives You Must Know for Compliance.docx
byBORNSEC CONSULTING
 
Approach & methodology - PCI DSS (1).pdf
bysuridhalder
 
PCI Certification and remediation services
byTariq Juneja
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
byShaun O'keeffe
 
Pci dss in retail now and into the future
byVisionID
 
Online_Transactions_PCI
byKelly Lam
 
PCI DSS Slidecast
byRobertXia
 
Pci standards, from participation to implementation and review
byisc2-hellenic
 
Payment Card Industry Introduction CMTA APR 2010
byDonald E. Hester
 

More from InMobi Technology

PDF
Optimizer Hints
byInMobi Technology
 
PDF
Case Studies on PostgreSQL
byInMobi Technology
 
PDF
PostgreSQL 9.5 - Major Features
byInMobi Technology
 
PDF
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
byInMobi Technology
 
PPTX
Building Spark as Service in Cloud
byInMobi Technology
 
PDF
Building Machine Learning Pipelines
byInMobi Technology
 
PDF
Ensemble Methods for Algorithmic Trading
byInMobi Technology
 
PPTX
Backbone & Graphs
byInMobi Technology
 
PDF
24/7 Monitoring and Alerting of PostgreSQL
byInMobi Technology
 
PPTX
Reflective and Stored XSS- Cross Site Scripting
byInMobi Technology
 
PDF
Introduction to Threat Modeling
byInMobi Technology
 
PDF
HTTP Basics Demo
byInMobi Technology
 
PDF
The Synapse IoT Stack: Technology Trends in IOT and Big Data
byInMobi Technology
 
PPTX
What's new in Hadoop Yarn- Dec 2014
byInMobi Technology
 
PDF
Attacking Web Proxies
byInMobi Technology
 
PPTX
Security News Bytes Null Dec Meet Bangalore
byInMobi Technology
 
PPTX
Matriux blue
byInMobi Technology
 
PDF
Running Hadoop as Service in AltiScale Platform
byInMobi Technology
 
PPTX
Shodan- That Device Search Engine
byInMobi Technology
 
PPTX
Big Data BI Simplified
byInMobi Technology
 
Optimizer Hints
byInMobi Technology
 
Case Studies on PostgreSQL
byInMobi Technology
 
PostgreSQL 9.5 - Major Features
byInMobi Technology
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
byInMobi Technology
 
Building Spark as Service in Cloud
byInMobi Technology
 
Building Machine Learning Pipelines
byInMobi Technology
 
Ensemble Methods for Algorithmic Trading
byInMobi Technology
 
Backbone & Graphs
byInMobi Technology
 
24/7 Monitoring and Alerting of PostgreSQL
byInMobi Technology
 
Reflective and Stored XSS- Cross Site Scripting
byInMobi Technology
 
Introduction to Threat Modeling
byInMobi Technology
 
HTTP Basics Demo
byInMobi Technology
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
byInMobi Technology
 
What's new in Hadoop Yarn- Dec 2014
byInMobi Technology
 
Attacking Web Proxies
byInMobi Technology
 
Security News Bytes Null Dec Meet Bangalore
byInMobi Technology
 
Matriux blue
byInMobi Technology
 
Running Hadoop as Service in AltiScale Platform
byInMobi Technology
 
Shodan- That Device Search Engine
byInMobi Technology
 
Big Data BI Simplified
byInMobi Technology
 

Recently uploaded

PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
The year in review - MarvelClient in 2025
bypanagenda
 
December Patch Tuesday
byIvanti
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 

PCI DSS v3 - Protecting Cardholder data

  • 1.
    PCI- DSS v3:Protecting Cardholder Data
  • 2.
    Agenda • PCI DSSv3 : An Overview • PCI DSS: How it is different from other similar standards? • PCI DSS vs ISO 27001 • Protecting Cardholder data through PCI DSS v3 • Common Myths regarding PCI DSS • Security vs Compliance
  • 3.
    PCI DSS: AnOverview 1. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that either: • Process, • Store or • Transmit “credit card information maintain a secure environment”. 2. The PCI DSS is administered and managed by the PCI SSC - Payment Card Industry Security Standard Council (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
  • 4.
    PCI DSS: Whyit has become important? • No of Card Transactions : 10000 per second • No of non cash payments (as per 2013) = 333 Bn (Card Payments = 181 billion • If 7 billion on planet have a card, they would have used at least 19 times.
  • 5.
    PCI DSS: CardDetails Payment Account Number (PAN) Hologram Cardholder name Expiry Date Payment Brand Logo EMV CHIP
  • 6.
    PCI DSS: 3year Update cycle
  • 7.
    PCI DSS: Whoall entities are at play? Payment Brands Banks Merchants Service Providers
  • 8.
    PCI DSS: Whatare Card present Transaction?
  • 9.
    PCI DSS: Whatare Card not present Transaction?
  • 10.
    PCI DSS: WhatCard details can / can’t be stored
  • 11.
    PCI DSS: WhatCard details can / can’t be stored
  • 12.
    PCI DSS: Pathto Certification
  • 13.
    PCI DSS vsISO27001 Just for clarity 
  • 14.
    Compliance Mandates Compliance Mandatory Compliance Voluntary Company ScopeFunctioning Levels Overall Company Degree of Compliance Must Meet All Standards Standards Voluntary Separation of Systems High Low Degree of Flexibility Low High FEATURES PCI - DSS ISO 27001:2013 PCI DSS vs ISO27001
  • 15.
    Is it goodidea to have both? • ISO is an overall measure for companies to use for compliance of information security management. • PCI is a more standardized and regulated sub-section of information security management that pertains specifically to cardholder data. • PCI compliance could be a part of overall ISO compliance if a company were concerned with meeting both regulations.
  • 16.
    Common Myths regardingPCI DSS • One vendor and product will make us compliant • Outsourcing card processing makes us compliant • PCI DSS compliance is an IT project • PCI DSS will make us secure • PCI DSS is unreasonable; it requires too much • PCI DSS requires us to hire a Qualified Security Assessor • We don’t take enough credit cards to be compliant • We completed a SAQ so we’re compliant • PCI DSS makes us store cardholder data • PCI DSS is too hard
  • 17.
    Useful Links forPCI DSS • https://www.pcisecuritystandards.org/security_standards/documents.php • http://www.beyondsecurity.com/pci_compliance.html • https://www.pcicomplianceguide.org/pci-faqs-2/
  • 18.
    The way tosee it…….. You can read as costs saved in fines, legal fees, decreases in stock equity, and especially lost business
  • 19.
    THANK YOU !! -Manasdeep