Identify compliance deficiencies and provide recommendations to achieve and verify compliance based on the 12 PCI DSS requirements and security assessment procedures in order to avoid broad regulatory actions.
3. Key Terms
PCI – Payment Card
Industry
SSC – Security
Standards Council
DSS – Data Security
Standard
QSA – Qualified
Security Assessor
QIR – Qualified
Integrators &
Resellers
SAQ – Self
Assessment
Questionnaire
FAQ – Frequently
Asked Questions
DPCP – Data Protection
Compliance Program
4. Presentation
Objective
To provide insights into the PCI
compliance process and lessons
learnt that will enable companies
to better prepare themselves for
the PCI compliance audit.
5. PCI in a Nutshell: PCI SSC • Source: https://www.pcisecuritystandards.org/pci_security/
14. Potential
Liabilities
Lost confidence, so customers go elsewhere
Diminished sales
Cost of reissuing new payment cards
Fraud losses
Higher subsequent costs of compliance
Legal costs, settlements and judgments
Fines and penalties
Termination of ability to accept payment cards
Lost jobs (CISO, CIO, CEO and dependent professional positions)
Going out of business
15. Best Practices
Adequately
scope card data
environment
(CDE)
01
Perform gap
assessment
02
Implement
adequate tools/
systems/
Controls
03
Operationalize
Requirements
04
Identify/ Assign
an internal
compliance
officer
05
19. Best Practices:
Implement adequate tools/systems/controls
CARD READERS POINT OF SALE
SYSTEMS
PAYMENT CARD DATA
STORAGE AND
TRANSMISSION
PAYMENT CARD DATA
STORED IN PAPER-
BASED RECORDS
ONLINE PAYMENT
APPLICATIONS AND
SHOPPING CARTS
21. Best Practices:
Identify an Internal Compliance Officer
HIRE AN EXPERIENCED
COMPLIANCE OFFICER
IDENTIFY SUITABLE
INTERNAL EMPLOYEE
CONSULT THIRD PARTIES