Does	  Your	  API	  Need	  to	  be	  PCI	  Compliant?	  	  Rapid	  API	  Workshop	  Brian	  Pagano	  	  	  @brianpagano	  ...
@brianpagano   @sco7metzger
Rapid API Workshop Webinar SeriesMapping	  out	  your	  API	  Strategy	  	  Pragma?c	  REST:	  API	  Design	  Fu	  10	  Pa...
We	  Will	  Cover                                        	  •  Facts	  &	  Common	  Myths	  about	  PCI	  Compliance	  •  ...
PCI	  Fundamentals                                      	  What	  is	  it?	  •  The	  Payment	  Card	  Industry	  specifica...
PCI	  Fundamentals                                   	                              	  What	  is	  it?	  •  Council	  orig...
PCI	  Fundamentals                                      	  What	  it	  isn’t?	  •  It	  is	  not	  an	  enforcement	  or	 ...
PCI	  Fundamentals                                    	  Then	  what	  does	  it	  do?	  •  The	  intent	  is	  to	  preve...
PCI	  Fundamentals                                     	  •  So	  who	  should	  care	  about	  PCI?	  
Main	  PCI	  Control	  Objec?ves                                           	  •    Build	  and	  maintain	  a	  secure	  n...
PCI	  Control	  Objec?ves                                       	  Build	  and	  maintain	  a	  secure	  network	  •  Inst...
PCI	  Control	  Objec?ves                                       	  Protect	  Cardholder	  Data	  •  Protect	  stored	  dat...
PCI	  Control	  Objec?ves                                     	  Maintain	  a	  vulnerability	  management	  program	  •  ...
PCI	  Control	  Objec?ves                                       	  Implement	  strong	  access	  control	  measures	  •  N...
PCI	  Control	  Objec?ves                                       	  Regularly	  monitor	  and	  test	  networks	  •  Monito...
PCI	  Control	  Objec?ves                                      	  Maintain	  an	  informa?on	  security	  policy	  
What	  does	  it	  mean	  to	  be	  PCI	  Compliant?	  •  A	  company	  must	  have	  an	  audit	  performed	  •  By	  a	 ...
PCI	  Compliance	  Does	  my	  API	  need	  to	  be	  PCI	  compliant?	  	  
PCI	  Compliance	  Can	  a	  sofware	  tool	  make	  me	  PCI	  compliant?	  •  No.	  	  
PCI	  &	  Apigee	  So,	  PCI	  is	  a	  specifica?on	  for	  (a)	  processes	  and	  (b)	    security	  measures	  to	  pro...
PCI	  &	  Apigee:	  Process                                           	  •  The	  Apigee	  gateway	  provides	  a	  centra...
PCI	  &	  Apigee:	  Technology	  •  The	  Apigee	  gateway	  contributes	  to	  defense	  in	       depth,	  protects	  ba...
Rapid API Workshop Webinar SeriesMapping	  out	  your	  API	  Strategy	  	  Pragma?c	  REST:	  API	  Design	  Fu	  10	  Pa...
THANKS!	  	  Send	  ques)ons,	  examples,	  and	  ideas	  to	  @apigee	   Brian	  Pagano          	       	      	  Sco7	 ...
Upcoming SlideShare
Loading in...5
×

Does your API need to be PCI Compliant?

2,082

Published on

Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger

Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices.

But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance.

In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,082
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
26
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Does your API need to be PCI Compliant?

  1. 1. Does  Your  API  Need  to  be  PCI  Compliant?    Rapid  API  Workshop  Brian  Pagano      @brianpagano  Sco7  Metzger  @sco7metzger  
  2. 2. @brianpagano @sco7metzger
  3. 3. Rapid API Workshop Webinar SeriesMapping  out  your  API  Strategy    Pragma?c  REST:  API  Design  Fu  10  Pa7erns  of  Successful  API  Programs  API  Metrics  –  What  to  Measure?  API  Technology  &  Opera?ons  Your  API  Sucks!  Today:  Does  Your  API  Need  to  be  PCI  Compliant?  Next:  Launching  Your  API  and  A7rac?ng  Developers  
  4. 4. We  Will  Cover  •  Facts  &  Common  Myths  about  PCI  Compliance  •  What  does  it  mean  to  be  PCI  compliant  when   transac?ng  via  APIs?  •  How  can  Apigee  enable  you  to  be  PCI   compliant?  
  5. 5. PCI  Fundamentals  What  is  it?  •  The  Payment  Card  Industry  specifica?on  is   produced  by  a  consor?um  consis?ng  of  Visa,   MasterCard,  JCB,  American  Express,  and   Discover.  •  It  describes  the  proper  handling  of  credit  card   informa?on  (during  transac?ons  and  at  rest).  
  6. 6. PCI  Fundamentals    What  is  it?  •  Council  originally  formed  in  2006.  •  DSS  (Data  Security  Standards)  define  12   requirements  for  compliance.  
  7. 7. PCI  Fundamentals  What  it  isn’t?  •  It  is  not  an  enforcement  or  policing   organiza?on.  
  8. 8. PCI  Fundamentals  Then  what  does  it  do?  •  The  intent  is  to  prevent  merchants  from  having   to  write  to  mul?ple,  proprietary  standards.  •  Gives  consumers  confidence.  •  Useful  for  audits.  
  9. 9. PCI  Fundamentals  •  So  who  should  care  about  PCI?  
  10. 10. Main  PCI  Control  Objec?ves  •  Build  and  maintain  a  secure  network  •  Protect  cardholder  data  •  Maintain  a  vulnerability  management  program  •  Implement  strong  access  control  measures  •  Regularly  monitor  and  test  networks  •  Maintain  an  informa?on  security  policy  
  11. 11. PCI  Control  Objec?ves  Build  and  maintain  a  secure  network  •  Install  and  maintain  a  firewall  •  Do  not  use  any  default  passwords  
  12. 12. PCI  Control  Objec?ves  Protect  Cardholder  Data  •  Protect  stored  data  •  Encrypt  transmission  of  data  
  13. 13. PCI  Control  Objec?ves  Maintain  a  vulnerability  management  program  •  Update  an?-­‐virus  •  Develop  secure  applica?ons  and  systems  
  14. 14. PCI  Control  Objec?ves  Implement  strong  access  control  measures  •  Need-­‐to-­‐know  access  to  cardholder  data  •  System  access  only  via  unique  IDs  •  Physical  access  controls  
  15. 15. PCI  Control  Objec?ves  Regularly  monitor  and  test  networks  •  Monitor  network  access  •  Test  systems,  test  processes  
  16. 16. PCI  Control  Objec?ves  Maintain  an  informa?on  security  policy  
  17. 17. What  does  it  mean  to  be  PCI  Compliant?  •  A  company  must  have  an  audit  performed  •  By  a  third  party  audi?ng  firm  •  From  the  Visa/Mastercard  approved  auditor   list,  •  Which  checks  that  the  correct  processes  and   technologies  are  in  place.    
  18. 18. PCI  Compliance  Does  my  API  need  to  be  PCI  compliant?    
  19. 19. PCI  Compliance  Can  a  sofware  tool  make  me  PCI  compliant?  •  No.    
  20. 20. PCI  &  Apigee  So,  PCI  is  a  specifica?on  for  (a)  processes  and  (b)   security  measures  to  protect  cardholder  informa?on.  •  Apigee  can  help  with  the  process.  •  Apigee  can  help  with  the  technology.    
  21. 21. PCI  &  Apigee:  Process  •  The  Apigee  gateway  provides  a  central  loca?on   for  logging,  policies,  and  security.  •  The  gateway  can  perform  data  masking  to  log   transac?ons  without  storing  any  sensi?ve   informa?on.    Also,  feeds  into  log  aggregators.  •  This  centraliza?on  helps  with  audi?ng  and   a7esta?ons.  
  22. 22. PCI  &  Apigee:  Technology  •  The  Apigee  gateway  contributes  to  defense  in   depth,  protects  backend  systems,  and   strengthens  network  security.  •  Apigee  provides  a  hosted  solu?on  that  enables   PCI  compliance.    •  No  product  will  make  someone  PCI  compliant!  •  Apigee  enables  and  contributes  to   compliance.    
  23. 23. Rapid API Workshop Webinar SeriesMapping  out  your  API  Strategy    Pragma?c  REST:  API  Design  Fu  10  Pa7erns  in  Successful  API  Programs  Today:  API  Metrics  –  What  to  Measure?  API  Technology  &  Opera?ons  Your  API  Sucks!  Does  Your  API  Need  to  be  PCI  Compliant?  Next:  Launching  Your  API  and  ADracEng  Developers  
  24. 24. THANKS!    Send  ques)ons,  examples,  and  ideas  to  @apigee   Brian  Pagano      Sco7  Metzger   bpagano@apigee.com    smetzger@apigee.com   @brianpagano      @sco7metzger                  
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×