Your SlideShare is downloading. ×
  • Like
10 PCI Compliance Tips
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

10 PCI Compliance Tips

  • 2,557 views
Published

10 Best-Practice tips merchants need to focus on in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.

10 Best-Practice tips merchants need to focus on in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,557
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
134
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 10 Tips to Achieve PCI DSS Compliance by Sumedh Thakar Director of Engineering PCI Solutions Terry Ramos VP, Strategic Alliances, Qualys
  • 2. Agenda
    • Why PCI is important
    • Who has to comply with PCI
    • 10 Tips
    • PCI Compliance for Dummies
  • 3. Account Compromise - Impacts
    • Counterfeit cards and fraud
    • Significant chargeback risk
    • Penalties, fines, losses
    • Damage to reputation
    • Negative media coverage
    • Impacts to consumer confidence
    • Re-issuance and monitoring of cards
    • Potential of new legislation
  • 4. Top 5 Vulnerabilities
      • Storage of prohibited data (e.g., full track, CVV2, PIN blocks)
      • Vendor default accounts and passwords
      • Insecure remote access by software vendors
      • Compatibility issues with anti-virus and encryption
      • Poorly coded web-facing applications resulting in SQL injection
    Based on merchant compromises, Visa has found the following common vulnerabilities: www.visa.com/cisp
  • 5. Top 5 Reasons: Data Compromise Source: MasterCard Forensics Examinations of Hacked Entities
  • 6. PCI Certification Merchant & Service Provider Levels
  • 7. 10 Tips
      • Know the Risks you Face in Protecting Cardholder Data
        • Understand where your risks are
        • Understand what are your risks versus others
      • Build and Maintain a Secure Network for Cardholder Data
        • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
        • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
      • Protect Cardholder Data That’s Stored or Transmitted
        • Requirement 3: Protect stored cardholder data
        • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • 8. 10 Tips
      • Maintain a Vulnerability Management Program
        • Requirement 5: Use and regularly update anti-virus software
        • Requirement 6: Develop and maintain secure systems and applications
      • Implement Strong Access Control Measures
        • Requirement 7: Restrict access to cardholder data by business need-to-know
        • Requirement 8: Assign a unique ID to each person with computer access
        • Requirement 9: Restrict physical access to cardholder data
      • Regularly Monitor and Test Networks
        • Requirement 10: Track and monitor all access to network resources and cardholder data
        • Requirement 11: Regularly test security systems and processes
  • 9. 10 Tips
      • Maintain an Information Security Policy
        • Requirement 12: Maintain a policy that addresses information security
      • Submit Reports for Quarterly Scans and Annual Review
      • Make PCI Compliance a Continuous, Ongoing Process
  • 10. PCI Compliance for Dummies
      • Read PCI Compliance for Dummies
        • Get as much information as you can about PCI and how it relates to your organization
  • 11. Q&A C O N F I D E N T I A L Thank You [email_address] [email_address]