PCI DSS Certification

5,435 views
5,217 views

Published on

An understanding of and practical tips for PCI DSS compliance

Published in: Business, Economy & Finance
6 Comments
3 Likes
Statistics
Notes
  • You can find out more about these traffic school websites at www.usschoolreview.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • www.idiotstrafficschool.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • www.freetrytrafficschool.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • www.dummiestrafficschool.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • www.trafficschools123.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
5,435
On SlideShare
0
From Embeds
0
Number of Embeds
45
Actions
Shares
0
Downloads
240
Comments
6
Likes
3
Embeds 0
No embeds

No notes for slide

PCI DSS Certification

  1. 1. PCI Certification Issues <ul><ul><li>May 2008 </li></ul></ul>
  2. 2. Evolution of PCI DSS <ul><li>2000 Visa CISP(USA) and AIS (EU)‏ </li></ul><ul><li>2000 Mastercard SDP. </li></ul><ul><li>2004 – Visa, Mastercard, American Express and JCB agree PCI Standard. </li></ul><ul><ul><li>The objective of PCIDSS compliance is designed to protect the card companies, merchants and consumers from suffering financial and data loss because of unprotected network systems. </li></ul></ul>
  3. 3. Validation Requirements
  4. 4. The Requirements
  5. 5. Recent Changes <ul><li>Self Assessment Questionnaire (SAQ)‏ </li></ul><ul><ul><li>Four SAQ's instead of one. </li></ul></ul>
  6. 6. Recent Changes <ul><li>Payment Application Best Practices </li></ul><ul><ul><li>Launched in 2005 </li></ul></ul><ul><ul><li>List of validated payment applications published monthly since January 2006. </li></ul></ul><ul><ul><li>PABP to move to the Payment Application Security Standard (PASS) and will be administrated through the PCI SSC. </li></ul></ul><ul><ul><li>Applicable to any third party payment application that is involved in authorisation and settlement of credit/debit card transactions. </li></ul></ul><ul><ul><li>Is not applicable to dumb terminals, database or web server software. Does apply to applications built on DB & Web. </li></ul></ul>
  7. 7. Top Reasons for Audit Failures
  8. 8. PCI Pitfalls <ul><li>Track2/CVV2/CVC2 logging. </li></ul><ul><li>Implementing Policies that address each of the requirements of the PCI DSS. </li></ul><ul><li>Restricting Access to Databases </li></ul><ul><li>Performing Log review. </li></ul><ul><li>File Integrity Monitoring </li></ul>
  9. 9. Risk Reduction Strategies <ul><li>Data Elimination </li></ul><ul><li>Tokenisation </li></ul>
  10. 10. Actions <ul><li>Only deploy third party applications on the PABP/PASS list </li></ul><ul><li>Confirm all entities in the transaction chain are PCI certified and audited </li></ul><ul><li>Ensure all current staff aware of their data security obligations </li></ul><ul><li>Verify that no card data is extracted to be further analysed </li></ul><ul><li>Check what happens sensitive data files after transmission/receipt </li></ul>
  11. 11. Actions <ul><li>Make PCI Compliance a year round activity </li></ul><ul><li>Confirm that all new processes and procedures vetted against the PCI Data Security Standard </li></ul><ul><li>Investigate opportunities for the elimination of card data. </li></ul>
  12. 12. Further Information <ul><li>Knowledge Base at </li></ul><ul><ul><li>http://www.o-cgroup.com </li></ul></ul><ul><li>PCI Validation Requirements </li></ul><ul><ul><li>http://www.o-cgroup.com/pci-requirements.php </li></ul></ul>

×