SlideShare a Scribd company logo

Visa Compliance Mark National Certification

M
Mark Pollard
1 of 2
Download to read offline
12 STEPS TO KEEP YOUR BUSINESS SAFE Providing customers with a safe, reliable transactions network is a priority your business shares with the entire global payments industry. The threat of data piracy is real, and simple procedures can and must be taken to anticipate it — and to spot crimes quickly when thieves momentarily succeed. To help, Visa joined with other founding members of the PCS Security Standards Council to create the Payment Card Industry Data Security Standard, an industry standard for companies worldwide. All Visa acquirers and issuers must comply with the Standard, and also ensure that their merchants and service providers — everyone storing, processing, or transmitting Visa account numbers — do the same. Following these 12 steps will ensure transactions are conducted with confidence and ease, worldwide. PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI DSS) Commit to these steps in order to ensure compliance with the industry’s recommended practices. 1. Install and maintain a firewall configuration to protect data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data and sensitive information across open public networks. MAINTAIN A VULNERABILITY MANAGEMENT 5. Use and regularly update anti-virus software. 6. Develop and maintain secure systems and applications. IMPLEMENT STRONG ACCESS CONTROL MEASURES 7. Restrict access to data by business need-to-know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. REGULARLY MONITOR AND TEST NETWORKS 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. MAINTAIN AN INFORMATION SECURITY POLICY 12. Maintain a policy that addresses information security. VISA DATA SECURITY PROGRAM KEEPING CARDHOLDER DATA SAFE IF YOUR SYSTEM IS COMPROMISED Act swiftly if a security breach occurs. Notify Visa, investigate, and report what you learn. Our online guide can assist clients, merchants, and service providers through every step of the process. Go towww.visa.com/cisp to learn more. FOR MORE INFORMATION More detailed information on Visa’s security compliance program is available at www.visa.com/cisp . Learn about complying with the Standard, validation requirements, PIN security and key management, and more. Plus, stay current with data security by accessing alerts, bulletins, and webinars. © 2012 Visa Inc. All Rights Reserved. VOL 02.06.13 U.S. Merchant Systems LLC is a registered ISO/MSP for Deutsche Bank AG, New York, NY BUILD AND MAINTAIN A SECURE NETWORK PROTECT CARDHOLDER DATA CONTACT YOUR CERTIFIED MERCHANT ADVISOR 860-680-4946Mark Pollard National Certfificationwww.usms.com/agent/allsolutionsprovider
MERCHANT LEVEL DESCRIPTION 1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region. 2 Merchants processing 1 million to 6 million Visa transactions annually (all channels). 3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually. 4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. SERVICE PROVIDER LEVEL DESCRIPTION POSTED ON VISA’S GLOBAL REGISTRY OF SERVICE PROVIDERS 1 VisaNet® processors or any service provider that stores, processes, and/or transmits over 300,000 Visa transactions annually. Yes 2† Any service provider that stores, processes, and/or transmits less than 300,000 Visa transactions annually. No* VALIDATING YOUR COMPLIANCE © 2013 Visa Inc. All Rights Reserved. VOL 02.06.13 U.S. Merchant Systems LLC is a registered ISO/MSP for Deutsche Bank AG, New York, NY ANOTHER WAY TO KEEP DATA SAFE The PCI Payment Application Data Security Standard (PA-DSS) applies to payment application vendors. It is intended to lessen the risk of security breaches in payment applications, prevent storage of sensitive authentication data (i.e., full magnetic-stripe data, CVV2, and PIN data), and support overall compliance with PCI DSS. Visa’s policies are intended to support these standards by ensuring our merchants and service providers do not use payment applications that retain data, thereby making it easier to steal. For those doing business with Visa, that means using applications found to comply with this important data standard. To learn more about what is required, go to www.visa.com/cisp . Secure technologies such as point-to-point encryption and tokenization, when implemented in accordance with the PCI DSS, may help simplify PCI DSS compliance. Go to www.pcissc.org for guidelines on these technologies. COMPLIANCE ACTIONS VALIDATION ACTIONS GROUP LEVEL COMPLY WITH PCI DSS ON-SITE SECURITY ASSESSMENT SELF-ASSESSMENT QUESTIONNAIRE NETWORK SCAN** Merchant 1 Required Required Annually Required Quarterly 2 & 3 Required Required Annually Required Quarterly 4* Required Recommended Annually Required Quarterly Service Providers 1 Required Required Annually Required Quarterly 2 Required Required Annually Required Quarterly Visa acquirers and issuers must also register all Third Party Agents with Visa. Registration of Third Party Agents can be accomplished through the Visa Membership Management application (VMM), which is accessible through Visa Online (www.us.visaonline.com). FOR ACQUIRERS AND ISSUERS At a minimum, acquirers are responsible for ensuring that their merchants comply with PCI DSS, and receive appropriate validation. Issuers need to join with them to make sure that Third Party Agents — as well as those used by their merchants — are registered with Visa and complying with the Standard. Validation with PCI DSS is highly important. It certifies that cardholder data is being safely handled at your location and reveals any weaknesses to be addressed. Visa has created four validation levels tied to transaction volume and the level of risk posed, each requiring different steps. Level 1 is the highest. Businesses validate their compliance either through an Annual On-Site Security Assessment or an Annual Self-Assessment Questionnaire. Both also require a Network Vulnerability Scan to be conducted once every quarter, if it is applicable. Effective 1 October 2012, Visa’s Technology Innovation Program (TIP) rewards U.S. merchants that have invested in EMV technology by eliminating the PCI DSS validation requirement for any year in which at least 75 percent of the eligible merchant’s Visa transactions originate from dual- interface EMV chip-enabled terminals. Learn more at visa.com/cisp. †Level 2 service providers may choose to validate as a Level 1 service provider in order to be listed on Visa’s Global Registry of Service Providers. FOR MERCHANTS The number of steps necessary for validation is determined by a merchant’s total transaction volume over a 12-month period. Use this chart to determine your level. *Validation requirements are determined by the merchant’s acquirer. **Network scanning is applicable to any internet facing system. FOR SERVICE PROVIDERS Service providers that store, process, or transmit cardholder data on behalf of acquirers, issuers, and merchants are categorized into one of two levels, defined by their number of annual Visa transactions. Those grouped in Level 1 — signifying 300,000 or more such transactions — are listed on Visa’s Global Registry of Service Providers. Level 2 providers can join the list by undergoing a Level 1 Annual Onsite Security Assessment.

Recommended

PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview- Mark - Fullbright
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS ComplianceSaumya Vishnoi
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates VISTA InfoSec
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 

Recommended

PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview- Mark - Fullbright
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS ComplianceSaumya Vishnoi
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates VISTA InfoSec
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationBhargav Upadhyay
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,Khaled Mosharraf
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1leon bonilla
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition
 
Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Saumya Vishnoi
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should careSean D. Goodwin
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dssVikrant Burbure
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small BusinessMark Ginnebaugh
 
Emerging Services - CIPA Colloquium - Cornell University
Emerging Services - CIPA Colloquium - Cornell UniversityEmerging Services - CIPA Colloquium - Cornell University
Emerging Services - CIPA Colloquium - Cornell UniversityHumberto Ribeiro
 
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_Hope Lourie Killcoyne
 

More Related Content

What's hot

PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationBhargav Upadhyay
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,Khaled Mosharraf
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition
 
Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Saumya Vishnoi
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should careSean D. Goodwin
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small BusinessMark Ginnebaugh
 

What's hot (20)

PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
 
Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
 

Viewers also liked

Emerging Services - CIPA Colloquium - Cornell University
Emerging Services - CIPA Colloquium - Cornell UniversityEmerging Services - CIPA Colloquium - Cornell University
Emerging Services - CIPA Colloquium - Cornell UniversityHumberto Ribeiro
 
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_Hope Lourie Killcoyne
 
Fundamentos de informatica
Fundamentos de informaticaFundamentos de informatica
Fundamentos de informaticaMaga Lyn
 
15l Centrica reports
15l Centrica reports15l Centrica reports
15l Centrica reportsBruce Stevens
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
Representantes de cada distrito fisica, artistica, ciudadana 1
Representantes de cada distrito fisica, artistica, ciudadana 1Representantes de cada distrito fisica, artistica, ciudadana 1
Representantes de cada distrito fisica, artistica, ciudadana 1Adalberto
 
Работа с текстом в HTML
Работа с текстом в HTMLРабота с текстом в HTML
Работа с текстом в HTMLVasya Petrov
 
VIRAL MARKETING #DALIAANDAOI.pdf
VIRAL MARKETING #DALIAANDAOI.pdfVIRAL MARKETING #DALIAANDAOI.pdf
VIRAL MARKETING #DALIAANDAOI.pdfasenju
 

Viewers also liked (12)

Emerging Services - CIPA Colloquium - Cornell University
Emerging Services - CIPA Colloquium - Cornell UniversityEmerging Services - CIPA Colloquium - Cornell University
Emerging Services - CIPA Colloquium - Cornell University
 
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
La_Grande_Photo_HCST_2016_HopeLourieKillcoyne_
 
Huisstijl Legal Match
Huisstijl Legal MatchHuisstijl Legal Match
Huisstijl Legal Match
 
Fundamentos de informatica
Fundamentos de informaticaFundamentos de informatica
Fundamentos de informatica
 
15l Centrica reports
15l Centrica reports15l Centrica reports
15l Centrica reports
 
UM OLÁ CHEIO DE ENERGIA AINDA RESULTA
UM OLÁ CHEIO DE ENERGIA AINDA RESULTAUM OLÁ CHEIO DE ENERGIA AINDA RESULTA
UM OLÁ CHEIO DE ENERGIA AINDA RESULTA
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
Representantes de cada distrito fisica, artistica, ciudadana 1
Representantes de cada distrito fisica, artistica, ciudadana 1Representantes de cada distrito fisica, artistica, ciudadana 1
Representantes de cada distrito fisica, artistica, ciudadana 1
 
Van chuyen campuchia 1
Van chuyen campuchia 1Van chuyen campuchia 1
Van chuyen campuchia 1
 
Kubra Logo
Kubra LogoKubra Logo
Kubra Logo
 
Работа с текстом в HTML
Работа с текстом в HTMLРабота с текстом в HTML
Работа с текстом в HTML
 
VIRAL MARKETING #DALIAANDAOI.pdf
VIRAL MARKETING #DALIAANDAOI.pdfVIRAL MARKETING #DALIAANDAOI.pdf
VIRAL MARKETING #DALIAANDAOI.pdf
 

Similar to Visa Compliance Mark National Certification

eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
PCI Compliance 101
PCI Compliance 101PCI Compliance 101
PCI Compliance 101pgalletta
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminardlinehan2
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
PCI Compliance for Payment Security
PCI Compliance for Payment SecurityPCI Compliance for Payment Security
PCI Compliance for Payment SecurityPaymentAsia
 
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Stephanie Gutowski
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCIKelly Lam
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link businessMike Shelah
 

Similar to Visa Compliance Mark National Certification (20)

eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
PCI Compliance 101
PCI Compliance 101PCI Compliance 101
PCI Compliance 101
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PruebaJLF.pptx
PruebaJLF.pptxPruebaJLF.pptx
PruebaJLF.pptx
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
 
PCI Compliance for Payment Security
PCI Compliance for Payment SecurityPCI Compliance for Payment Security
PCI Compliance for Payment Security
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. Visa
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
 
PCI Compliance Process
PCI Compliance ProcessPCI Compliance Process
PCI Compliance Process
 
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCI
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link business
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 

Visa Compliance Mark National Certification

  • 1. 12 STEPS TO KEEP YOUR BUSINESS SAFE Providing customers with a safe, reliable transactions network is a priority your business shares with the entire global payments industry. The threat of data piracy is real, and simple procedures can and must be taken to anticipate it — and to spot crimes quickly when thieves momentarily succeed. To help, Visa joined with other founding members of the PCS Security Standards Council to create the Payment Card Industry Data Security Standard, an industry standard for companies worldwide. All Visa acquirers and issuers must comply with the Standard, and also ensure that their merchants and service providers — everyone storing, processing, or transmitting Visa account numbers — do the same. Following these 12 steps will ensure transactions are conducted with confidence and ease, worldwide. PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI DSS) Commit to these steps in order to ensure compliance with the industry’s recommended practices. 1. Install and maintain a firewall configuration to protect data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data and sensitive information across open public networks. MAINTAIN A VULNERABILITY MANAGEMENT 5. Use and regularly update anti-virus software. 6. Develop and maintain secure systems and applications. IMPLEMENT STRONG ACCESS CONTROL MEASURES 7. Restrict access to data by business need-to-know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. REGULARLY MONITOR AND TEST NETWORKS 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. MAINTAIN AN INFORMATION SECURITY POLICY 12. Maintain a policy that addresses information security. VISA DATA SECURITY PROGRAM KEEPING CARDHOLDER DATA SAFE IF YOUR SYSTEM IS COMPROMISED Act swiftly if a security breach occurs. Notify Visa, investigate, and report what you learn. Our online guide can assist clients, merchants, and service providers through every step of the process. Go towww.visa.com/cisp to learn more. FOR MORE INFORMATION More detailed information on Visa’s security compliance program is available at www.visa.com/cisp . Learn about complying with the Standard, validation requirements, PIN security and key management, and more. Plus, stay current with data security by accessing alerts, bulletins, and webinars. © 2012 Visa Inc. All Rights Reserved. VOL 02.06.13 U.S. Merchant Systems LLC is a registered ISO/MSP for Deutsche Bank AG, New York, NY BUILD AND MAINTAIN A SECURE NETWORK PROTECT CARDHOLDER DATA CONTACT YOUR CERTIFIED MERCHANT ADVISOR 860-680-4946Mark Pollard National Certfificationwww.usms.com/agent/allsolutionsprovider
  • 2. MERCHANT LEVEL DESCRIPTION 1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region. 2 Merchants processing 1 million to 6 million Visa transactions annually (all channels). 3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually. 4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually. SERVICE PROVIDER LEVEL DESCRIPTION POSTED ON VISA’S GLOBAL REGISTRY OF SERVICE PROVIDERS 1 VisaNet® processors or any service provider that stores, processes, and/or transmits over 300,000 Visa transactions annually. Yes 2† Any service provider that stores, processes, and/or transmits less than 300,000 Visa transactions annually. No* VALIDATING YOUR COMPLIANCE © 2013 Visa Inc. All Rights Reserved. VOL 02.06.13 U.S. Merchant Systems LLC is a registered ISO/MSP for Deutsche Bank AG, New York, NY ANOTHER WAY TO KEEP DATA SAFE The PCI Payment Application Data Security Standard (PA-DSS) applies to payment application vendors. It is intended to lessen the risk of security breaches in payment applications, prevent storage of sensitive authentication data (i.e., full magnetic-stripe data, CVV2, and PIN data), and support overall compliance with PCI DSS. Visa’s policies are intended to support these standards by ensuring our merchants and service providers do not use payment applications that retain data, thereby making it easier to steal. For those doing business with Visa, that means using applications found to comply with this important data standard. To learn more about what is required, go to www.visa.com/cisp . Secure technologies such as point-to-point encryption and tokenization, when implemented in accordance with the PCI DSS, may help simplify PCI DSS compliance. Go to www.pcissc.org for guidelines on these technologies. COMPLIANCE ACTIONS VALIDATION ACTIONS GROUP LEVEL COMPLY WITH PCI DSS ON-SITE SECURITY ASSESSMENT SELF-ASSESSMENT QUESTIONNAIRE NETWORK SCAN** Merchant 1 Required Required Annually Required Quarterly 2 & 3 Required Required Annually Required Quarterly 4* Required Recommended Annually Required Quarterly Service Providers 1 Required Required Annually Required Quarterly 2 Required Required Annually Required Quarterly Visa acquirers and issuers must also register all Third Party Agents with Visa. Registration of Third Party Agents can be accomplished through the Visa Membership Management application (VMM), which is accessible through Visa Online (www.us.visaonline.com). FOR ACQUIRERS AND ISSUERS At a minimum, acquirers are responsible for ensuring that their merchants comply with PCI DSS, and receive appropriate validation. Issuers need to join with them to make sure that Third Party Agents — as well as those used by their merchants — are registered with Visa and complying with the Standard. Validation with PCI DSS is highly important. It certifies that cardholder data is being safely handled at your location and reveals any weaknesses to be addressed. Visa has created four validation levels tied to transaction volume and the level of risk posed, each requiring different steps. Level 1 is the highest. Businesses validate their compliance either through an Annual On-Site Security Assessment or an Annual Self-Assessment Questionnaire. Both also require a Network Vulnerability Scan to be conducted once every quarter, if it is applicable. Effective 1 October 2012, Visa’s Technology Innovation Program (TIP) rewards U.S. merchants that have invested in EMV technology by eliminating the PCI DSS validation requirement for any year in which at least 75 percent of the eligible merchant’s Visa transactions originate from dual- interface EMV chip-enabled terminals. Learn more at visa.com/cisp. †Level 2 service providers may choose to validate as a Level 1 service provider in order to be listed on Visa’s Global Registry of Service Providers. FOR MERCHANTS The number of steps necessary for validation is determined by a merchant’s total transaction volume over a 12-month period. Use this chart to determine your level. *Validation requirements are determined by the merchant’s acquirer. **Network scanning is applicable to any internet facing system. FOR SERVICE PROVIDERS Service providers that store, process, or transmit cardholder data on behalf of acquirers, issuers, and merchants are categorized into one of two levels, defined by their number of annual Visa transactions. Those grouped in Level 1 — signifying 300,000 or more such transactions — are listed on Visa’s Global Registry of Service Providers. Level 2 providers can join the list by undergoing a Level 1 Annual Onsite Security Assessment.