10 Tips to Achieve PCI DSS Compliance by Sumedh Thakar Director of Engineering PCI Solutions Terry Ramos VP, Strategic All...
Agenda <ul><li>Why PCI is important </li></ul><ul><li>Who has to comply with PCI </li></ul><ul><li>10 Tips </li></ul><ul><...
Account Compromise - Impacts <ul><li>Counterfeit cards and fraud </li></ul><ul><li>Significant chargeback risk  </li></ul>...
Top 5 Vulnerabilities <ul><ul><li>Storage of prohibited data (e.g., full track, CVV2, PIN blocks) </li></ul></ul><ul><ul><...
Top 5 Reasons: Data Compromise Source: MasterCard Forensics Examinations of Hacked Entities
PCI Certification  Merchant & Service Provider Levels
10 Tips <ul><ul><li>Know the Risks you Face in Protecting Cardholder Data </li></ul></ul><ul><ul><ul><li>Understand where ...
10 Tips <ul><ul><li>Maintain a Vulnerability Management Program </li></ul></ul><ul><ul><ul><li>Requirement 5: Use and regu...
10 Tips <ul><ul><li>Maintain an Information Security Policy </li></ul></ul><ul><ul><ul><li>Requirement 12: Maintain a poli...
PCI Compliance for Dummies <ul><ul><li>Read PCI Compliance for Dummies </li></ul></ul><ul><ul><ul><li>Get as much informat...
Q&A C O N F I D E N T I A L Thank You [email_address] [email_address]
Upcoming SlideShare
Loading in...5
×

10 PCI Compliance Tips

2,870

Published on

10 Best-Practice tips merchants need to focus on in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,870
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
154
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

10 PCI Compliance Tips

  1. 1. 10 Tips to Achieve PCI DSS Compliance by Sumedh Thakar Director of Engineering PCI Solutions Terry Ramos VP, Strategic Alliances, Qualys
  2. 2. Agenda <ul><li>Why PCI is important </li></ul><ul><li>Who has to comply with PCI </li></ul><ul><li>10 Tips </li></ul><ul><li>PCI Compliance for Dummies </li></ul>
  3. 3. Account Compromise - Impacts <ul><li>Counterfeit cards and fraud </li></ul><ul><li>Significant chargeback risk </li></ul><ul><li>Penalties, fines, losses </li></ul><ul><li>Damage to reputation </li></ul><ul><li>Negative media coverage </li></ul><ul><li>Impacts to consumer confidence </li></ul><ul><li>Re-issuance and monitoring of cards </li></ul><ul><li>Potential of new legislation </li></ul>
  4. 4. Top 5 Vulnerabilities <ul><ul><li>Storage of prohibited data (e.g., full track, CVV2, PIN blocks) </li></ul></ul><ul><ul><li>Vendor default accounts and passwords </li></ul></ul><ul><ul><li>Insecure remote access by software vendors </li></ul></ul><ul><ul><li>Compatibility issues with anti-virus and encryption </li></ul></ul><ul><ul><li>Poorly coded web-facing applications resulting in SQL injection </li></ul></ul>Based on merchant compromises, Visa has found the following common vulnerabilities: www.visa.com/cisp
  5. 5. Top 5 Reasons: Data Compromise Source: MasterCard Forensics Examinations of Hacked Entities
  6. 6. PCI Certification Merchant & Service Provider Levels
  7. 7. 10 Tips <ul><ul><li>Know the Risks you Face in Protecting Cardholder Data </li></ul></ul><ul><ul><ul><li>Understand where your risks are </li></ul></ul></ul><ul><ul><ul><li>Understand what are your risks versus others </li></ul></ul></ul><ul><ul><li>Build and Maintain a Secure Network for Cardholder Data </li></ul></ul><ul><ul><ul><li>Requirement 1: Install and maintain a firewall configuration to protect cardholder data </li></ul></ul></ul><ul><ul><ul><li>Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters </li></ul></ul></ul><ul><ul><li>Protect Cardholder Data That’s Stored or Transmitted </li></ul></ul><ul><ul><ul><li>Requirement 3: Protect stored cardholder data </li></ul></ul></ul><ul><ul><ul><li>Requirement 4: Encrypt transmission of cardholder data across open, public networks </li></ul></ul></ul>
  8. 8. 10 Tips <ul><ul><li>Maintain a Vulnerability Management Program </li></ul></ul><ul><ul><ul><li>Requirement 5: Use and regularly update anti-virus software </li></ul></ul></ul><ul><ul><ul><li>Requirement 6: Develop and maintain secure systems and applications </li></ul></ul></ul><ul><ul><li>Implement Strong Access Control Measures </li></ul></ul><ul><ul><ul><li>Requirement 7: Restrict access to cardholder data by business need-to-know </li></ul></ul></ul><ul><ul><ul><li>Requirement 8: Assign a unique ID to each person with computer access </li></ul></ul></ul><ul><ul><ul><li>Requirement 9: Restrict physical access to cardholder data </li></ul></ul></ul><ul><ul><li>Regularly Monitor and Test Networks </li></ul></ul><ul><ul><ul><li>Requirement 10: Track and monitor all access to network resources and cardholder data </li></ul></ul></ul><ul><ul><ul><li>Requirement 11: Regularly test security systems and processes </li></ul></ul></ul>
  9. 9. 10 Tips <ul><ul><li>Maintain an Information Security Policy </li></ul></ul><ul><ul><ul><li>Requirement 12: Maintain a policy that addresses information security </li></ul></ul></ul><ul><ul><li>Submit Reports for Quarterly Scans and Annual Review </li></ul></ul><ul><ul><li>Make PCI Compliance a Continuous, Ongoing Process </li></ul></ul>
  10. 10. PCI Compliance for Dummies <ul><ul><li>Read PCI Compliance for Dummies </li></ul></ul><ul><ul><ul><li>Get as much information as you can about PCI and how it relates to your organization </li></ul></ul></ul>
  11. 11. Q&A C O N F I D E N T I A L Thank You [email_address] [email_address]
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×