• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Does your API need to be PCI Compliant?
 

Does your API need to be PCI Compliant?

on

  • 2,069 views

Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger ...

Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger

Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices.

But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance.

In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.

Statistics

Views

Total Views
2,069
Views on SlideShare
1,755
Embed Views
314

Actions

Likes
0
Downloads
20
Comments
0

5 Embeds 314

http://apigee.com 301
http://mktg-dev.apigee.com 8
http://mktg-dev.wearepropeople.md 3
https://twitter.com 1
http://mktg-new.local 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Does your API need to be PCI Compliant? Does your API need to be PCI Compliant? Presentation Transcript

    • Does  Your  API  Need  to  be  PCI  Compliant?    Rapid  API  Workshop  Brian  Pagano      @brianpagano  Sco7  Metzger  @sco7metzger  
    • @brianpagano @sco7metzger
    • Rapid API Workshop Webinar SeriesMapping  out  your  API  Strategy    Pragma?c  REST:  API  Design  Fu  10  Pa7erns  of  Successful  API  Programs  API  Metrics  –  What  to  Measure?  API  Technology  &  Opera?ons  Your  API  Sucks!  Today:  Does  Your  API  Need  to  be  PCI  Compliant?  Next:  Launching  Your  API  and  A7rac?ng  Developers  
    • We  Will  Cover  •  Facts  &  Common  Myths  about  PCI  Compliance  •  What  does  it  mean  to  be  PCI  compliant  when   transac?ng  via  APIs?  •  How  can  Apigee  enable  you  to  be  PCI   compliant?  
    • PCI  Fundamentals  What  is  it?  •  The  Payment  Card  Industry  specifica?on  is   produced  by  a  consor?um  consis?ng  of  Visa,   MasterCard,  JCB,  American  Express,  and   Discover.  •  It  describes  the  proper  handling  of  credit  card   informa?on  (during  transac?ons  and  at  rest).  
    • PCI  Fundamentals    What  is  it?  •  Council  originally  formed  in  2006.  •  DSS  (Data  Security  Standards)  define  12   requirements  for  compliance.  
    • PCI  Fundamentals  What  it  isn’t?  •  It  is  not  an  enforcement  or  policing   organiza?on.  
    • PCI  Fundamentals  Then  what  does  it  do?  •  The  intent  is  to  prevent  merchants  from  having   to  write  to  mul?ple,  proprietary  standards.  •  Gives  consumers  confidence.  •  Useful  for  audits.  
    • PCI  Fundamentals  •  So  who  should  care  about  PCI?  
    • Main  PCI  Control  Objec?ves  •  Build  and  maintain  a  secure  network  •  Protect  cardholder  data  •  Maintain  a  vulnerability  management  program  •  Implement  strong  access  control  measures  •  Regularly  monitor  and  test  networks  •  Maintain  an  informa?on  security  policy  
    • PCI  Control  Objec?ves  Build  and  maintain  a  secure  network  •  Install  and  maintain  a  firewall  •  Do  not  use  any  default  passwords  
    • PCI  Control  Objec?ves  Protect  Cardholder  Data  •  Protect  stored  data  •  Encrypt  transmission  of  data  
    • PCI  Control  Objec?ves  Maintain  a  vulnerability  management  program  •  Update  an?-­‐virus  •  Develop  secure  applica?ons  and  systems  
    • PCI  Control  Objec?ves  Implement  strong  access  control  measures  •  Need-­‐to-­‐know  access  to  cardholder  data  •  System  access  only  via  unique  IDs  •  Physical  access  controls  
    • PCI  Control  Objec?ves  Regularly  monitor  and  test  networks  •  Monitor  network  access  •  Test  systems,  test  processes  
    • PCI  Control  Objec?ves  Maintain  an  informa?on  security  policy  
    • What  does  it  mean  to  be  PCI  Compliant?  •  A  company  must  have  an  audit  performed  •  By  a  third  party  audi?ng  firm  •  From  the  Visa/Mastercard  approved  auditor   list,  •  Which  checks  that  the  correct  processes  and   technologies  are  in  place.    
    • PCI  Compliance  Does  my  API  need  to  be  PCI  compliant?    
    • PCI  Compliance  Can  a  sofware  tool  make  me  PCI  compliant?  •  No.    
    • PCI  &  Apigee  So,  PCI  is  a  specifica?on  for  (a)  processes  and  (b)   security  measures  to  protect  cardholder  informa?on.  •  Apigee  can  help  with  the  process.  •  Apigee  can  help  with  the  technology.    
    • PCI  &  Apigee:  Process  •  The  Apigee  gateway  provides  a  central  loca?on   for  logging,  policies,  and  security.  •  The  gateway  can  perform  data  masking  to  log   transac?ons  without  storing  any  sensi?ve   informa?on.    Also,  feeds  into  log  aggregators.  •  This  centraliza?on  helps  with  audi?ng  and   a7esta?ons.  
    • PCI  &  Apigee:  Technology  •  The  Apigee  gateway  contributes  to  defense  in   depth,  protects  backend  systems,  and   strengthens  network  security.  •  Apigee  provides  a  hosted  solu?on  that  enables   PCI  compliance.    •  No  product  will  make  someone  PCI  compliant!  •  Apigee  enables  and  contributes  to   compliance.    
    • Rapid API Workshop Webinar SeriesMapping  out  your  API  Strategy    Pragma?c  REST:  API  Design  Fu  10  Pa7erns  in  Successful  API  Programs  Today:  API  Metrics  –  What  to  Measure?  API  Technology  &  Opera?ons  Your  API  Sucks!  Does  Your  API  Need  to  be  PCI  Compliant?  Next:  Launching  Your  API  and  ADracEng  Developers  
    • THANKS!    Send  ques)ons,  examples,  and  ideas  to  @apigee   Brian  Pagano      Sco7  Metzger   bpagano@apigee.com    smetzger@apigee.com   @brianpagano      @sco7metzger