10 PCI Compliance Tips
Upcoming SlideShare
Loading in...5
×
 

10 PCI Compliance Tips

on

  • 3,512 views

10 Best-Practice tips merchants need to focus on in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.

10 Best-Practice tips merchants need to focus on in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.

Statistics

Views

Total Views
3,512
Views on SlideShare
3,512
Embed Views
0

Actions

Likes
0
Downloads
126
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

10 PCI Compliance Tips 10 PCI Compliance Tips Presentation Transcript

  • 10 Tips to Achieve PCI DSS Compliance by Sumedh Thakar Director of Engineering PCI Solutions Terry Ramos VP, Strategic Alliances, Qualys
  • Agenda
    • Why PCI is important
    • Who has to comply with PCI
    • 10 Tips
    • PCI Compliance for Dummies
  • Account Compromise - Impacts
    • Counterfeit cards and fraud
    • Significant chargeback risk
    • Penalties, fines, losses
    • Damage to reputation
    • Negative media coverage
    • Impacts to consumer confidence
    • Re-issuance and monitoring of cards
    • Potential of new legislation
  • Top 5 Vulnerabilities
      • Storage of prohibited data (e.g., full track, CVV2, PIN blocks)
      • Vendor default accounts and passwords
      • Insecure remote access by software vendors
      • Compatibility issues with anti-virus and encryption
      • Poorly coded web-facing applications resulting in SQL injection
    Based on merchant compromises, Visa has found the following common vulnerabilities: www.visa.com/cisp
  • Top 5 Reasons: Data Compromise Source: MasterCard Forensics Examinations of Hacked Entities
  • PCI Certification Merchant & Service Provider Levels
  • 10 Tips
      • Know the Risks you Face in Protecting Cardholder Data
        • Understand where your risks are
        • Understand what are your risks versus others
      • Build and Maintain a Secure Network for Cardholder Data
        • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
        • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
      • Protect Cardholder Data That’s Stored or Transmitted
        • Requirement 3: Protect stored cardholder data
        • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • 10 Tips
      • Maintain a Vulnerability Management Program
        • Requirement 5: Use and regularly update anti-virus software
        • Requirement 6: Develop and maintain secure systems and applications
      • Implement Strong Access Control Measures
        • Requirement 7: Restrict access to cardholder data by business need-to-know
        • Requirement 8: Assign a unique ID to each person with computer access
        • Requirement 9: Restrict physical access to cardholder data
      • Regularly Monitor and Test Networks
        • Requirement 10: Track and monitor all access to network resources and cardholder data
        • Requirement 11: Regularly test security systems and processes
  • 10 Tips
      • Maintain an Information Security Policy
        • Requirement 12: Maintain a policy that addresses information security
      • Submit Reports for Quarterly Scans and Annual Review
      • Make PCI Compliance a Continuous, Ongoing Process
  • PCI Compliance for Dummies
      • Read PCI Compliance for Dummies
        • Get as much information as you can about PCI and how it relates to your organization
  • Q&A C O N F I D E N T I A L Thank You [email_address] [email_address]