Payment Card Industry Security Standards
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Payment Card Industry Security Standards

on

  • 485 views

Presentation on Payment Card Industry Security Standards

Presentation on Payment Card Industry Security Standards

Statistics

Views

Total Views
485
Views on SlideShare
485
Embed Views
0

Actions

Likes
0
Downloads
35
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Payment Card Industry Security Standards Presentation Transcript

  • 1. PaymentCards IndustrySecurity Standards
  • 2. What is a payment card?“A card that can be used by a cardholder andaccepted by a merchant to make a payment”Types of payment cards • Credit cards • Debit cards • Prepaid cards
  • 3. What is a payment card industry standard?“An information security standard for organizationsthat handle cardholder information for the majorpayment cards”Defined by the Payment Card Industry SecurityStandards Council
  • 4. Payment card security standards PIN Entry Device Security RequirementsPCI Data PaymentSecurity Application DataStandard PCI Security Standard standards
  • 5. Payment Card Industry Data Security StandardPCI DSS consists of six categories – Build and maintain a secure network – Protect cardholder data – Maintain vulnerability program – Implement strong access control measures – Regularly monitor and test networks – Maintain an information security policy
  • 6. Advantages of Complying with PCI DSS• Secure the systems• Trust of customers• Improves your reputation with acquirers and payment brands• Helps to prevent security breaches• Helps to prevent theft of payment card data• Indirect benefits – Have a basis for a corporate security strategy – Can identify ways to improve the efficiency of IT infrastructure
  • 7. Effectiveness and Cost of PCI DSS• Larger and well-budgeted companies are able to achieve better compliance• smaller companies often have difficulty in interpreting the standards because of having fewer resources
  • 8. Technologies Involved• Firewalls• Anti-virus• Anti-malware solutions• Encryption for data at rest and in motion
  • 9. Threats of Giving Payment Card Information• Unauthorized payments• Misuse for illegal transactions• Identity theft• Tracking the transactions
  • 10. How PCI DSS helps to Safeguard Customers by Frauds• Install and maintain a firewall configuration to protect cardholder data• Encrypt transmission of cardholder data across open, public networks• Use and regularly update anti-virus software or programs• Develop and maintain secure systems and applications
  • 11. How PCI DSS helps to Safeguard Customers by Frauds cont.• Restrict physical access to cardholder data• Track and monitor all access to network resources and cardholder data• Regularly test security systems and processes• Maintain a policy that addresses information security for employees and contractors
  • 12. How to detect a security incidentDetection techniques – Decision tree – Genetic algorithms and other algorithms – Clustering techniques – Neural networks – Examine security event logs on
  • 13. How to prevent a security incident“No such a thing as perfect security”• Implement an incident handling process• Change default passwords & don’t reuse passwords• Examine security logs• Regular network scans• Patch and update regularly• Raise user awareness about information security
  • 14. How to provide appropriate response to the security incidents• Verify incident and impact• Evidence collection from suspected hosts• Forensic Acquisitions• Assemble required personnel and determine escalation procedures• Identify regulatory or legal requirements• Effectively contain and segment affected areas• Learn from the incident
  • 15. PCI Data Security Standard for Merchants & Processors• Build and Maintain a Secure Network• Protect Cardholder Data• Maintain a Vulnerability Management Program• Implement Strong Access Control Measures• Regularly Monitor and Test Networks• Maintain an Information Security Policy
  • 16. How to Comply with PCI DSS• Compliant technical and operational requirements set by the PCI Security Standards Council• Compliant requirements are vary depend on the brand of the payment card - Ex: visa card, Master card
  • 17. Payment Application Data Security Standard for Developers• The PA-DSS minimizes vulnerabilities in payment applications• PA-DSS covers commercial payment applications, integrators and service providers
  • 18. Payment Application Data Security Standard for Developers cont.• Do not retain full magnetic stripe, card validation code or value or PIN block data• Provide secure password features• Protect stored cardholder data• Log application activity• Develop secure applications• Protect wireless transmissions• Test applications to address vulnerabilities
  • 19. PIN Entry Device Security Requirements for Manufacturers• Applies to companies which make devices that accept PIN entry for all PIN-based transactions• PED Security Requirements – Device Characteristics • Physical Security Characteristics • Logical Security Characteristics – Device Management • Device Management during Manufacturing • Device Management between Manufacturing and Initial Key Loading
  • 20. Conclusion• PCI DSS enhanced the security over cardholders’ data to a great extent• Helped raise awareness of data security in the business world• has improved consumer confidence over the security of personal information