SlideShare a Scribd company logo

PCI Compliance Challenges and Solutions

C
christoboshoff

The document discusses the need for PCI compliance in the face of credit card data breaches. It outlines the goals of the PCI Data Security Standard (DSS) which includes 12 requirements across 6 areas to help organizations securely store, process, and transmit cardholder data. Failure to comply with PCI DSS can result in fines, fees, remediation costs, and damage to a business's reputation and brand from a data breach. Complying with PCI DSS provides legal and financial protections for merchants in the event of a breach.

1 of 11
Facing the Challenges of PCI Compliance Presented by:
The Need
What is credit card compromise? ,[object Object],[object Object],[object Object],[object Object],[object Object],An unauthorized individual taking advantage of a flaw in a system that processes, transmits or stores cardholder data.
Theft of Payment Card Data Is Thriving The Perpetrators ,[object Object],[object Object],[object Object],[object Object],The Tools ,[object Object],[object Object],[object Object],[object Object],[object Object],The Gaps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Utilize To Find
And It’s Easier Than Many Think Breach investigations have located compromised cardholder data on popular public facing web sites:
Selling Cardholder Information is Lucrative CREDIT CARDS NUMBERS ARE SOLD ON THE BLACK- MARKET FOR PROFIT Once compromised…
PCI DSS Participants Card Schemes Members (Acquirers) Service Providers Data Storage Entities 3 rd Party Processors Merchants PCI DSS creation and maintenance
Six Goals: Twelve Requirements – PCI DSS The “ Digital Dozen ” The Payment Card Industry Data Security Standard Build and Maintain a Secure Network ,[object Object],[object Object],Protect Cardholder Data ,[object Object],[object Object],Maintain a Vulnerability Management Program ,[object Object],[object Object],Implement Strong Access Control Measures ,[object Object],[object Object],[object Object],Regularly Monitor and Test Networks ,[object Object],[object Object],Maintain Information Security Policy ,[object Object]
Non-Compliance: Risks, Fines, Fees, Costs, Loss Non-compliant, compromised business could expect the following: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PCI Compliance: Sound Business Practice ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Clarifies Where Data Is Stored Helps to understand own system better
[object Object],PCI DSS Compliance Can Protect Against Fines Members receive “ Safe Harbor ” For Compromised Merchants Found To Be PCI-Compliant At Time Of Breach

Recommended

Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingThomas Donofrio
 
Ecmon 0.5
Ecmon 0.5Ecmon 0.5
Ecmon 0.5Stephan Langdon
 
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...Rea & Associates
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017Elsa Prieto
 
PCI DSS brochure
PCI DSS brochurePCI DSS brochure
PCI DSS brochureKnowledgehut
 
The three chain links of radius security
The three chain links of radius securityThe three chain links of radius security
The three chain links of radius securityGrafic.guru
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Clifford wilke
Clifford wilkeClifford wilke
Clifford wilkeLanka Praneeth
 

Recommended

Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingThomas Donofrio
 
Ecmon 0.5
Ecmon 0.5Ecmon 0.5
Ecmon 0.5Stephan Langdon
 
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...Rea & Associates
 
WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017WITDOM Credit Risk Scoring use case at ISSE 2017
WITDOM Credit Risk Scoring use case at ISSE 2017Elsa Prieto
 
PCI DSS brochure
PCI DSS brochurePCI DSS brochure
PCI DSS brochureKnowledgehut
 
The three chain links of radius security
The three chain links of radius securityThe three chain links of radius security
The three chain links of radius securityGrafic.guru
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Clifford wilke
Clifford wilkeClifford wilke
Clifford wilkeLanka Praneeth
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessData Foundry
 
The Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessThe Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessKylie Dunn
 
Website integrity
Website integrityWebsite integrity
Website integrityjeannie_wu
 
Priviledged Identity Management
Priviledged Identity ManagementPriviledged Identity Management
Priviledged Identity Managementrver21
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPace IT at Edmonds Community College
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencingpchen
 
LTS Secure offers PIM User Activity Monitoring
LTS Secure offers PIM User Activity MonitoringLTS Secure offers PIM User Activity Monitoring
LTS Secure offers PIM User Activity Monitoringrver21
 
Cloud Control Matrix
Cloud Control MatrixCloud Control Matrix
Cloud Control MatrixAllen Zhang
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made EasyJason Newell
 
MBM Security Products Matrix
MBM Security Products MatrixMBM Security Products Matrix
MBM Security Products MatrixCharles McNeil
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wpEdward Lam
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White PaperEnvestnet Yodlee India
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentationpwal
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
ATLlamas
ATLlamasATLlamas
ATLlamasalexisivoree
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminardlinehan2
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
PCI_Security_Awareness12345678904321.ppt
PCI_Security_Awareness12345678904321.pptPCI_Security_Awareness12345678904321.ppt
PCI_Security_Awareness12345678904321.pptgealehegn
 
PCI_Security_Awareness.ppt
PCI_Security_Awareness.pptPCI_Security_Awareness.ppt
PCI_Security_Awareness.pptHuyNguyen669920
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentestingn|u - The Open Security Community
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayAshraf Bashir
 

More Related Content

What's hot

What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessData Foundry
 
The Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessThe Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessKylie Dunn
 
Website integrity
Website integrityWebsite integrity
Website integrityjeannie_wu
 
Priviledged Identity Management
Priviledged Identity ManagementPriviledged Identity Management
Priviledged Identity Managementrver21
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPace IT at Edmonds Community College
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencingpchen
 
LTS Secure offers PIM User Activity Monitoring
LTS Secure offers PIM User Activity MonitoringLTS Secure offers PIM User Activity Monitoring
LTS Secure offers PIM User Activity Monitoringrver21
 
Cloud Control Matrix
Cloud Control MatrixCloud Control Matrix
Cloud Control MatrixAllen Zhang
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made EasyJason Newell
 
MBM Security Products Matrix
MBM Security Products MatrixMBM Security Products Matrix
MBM Security Products MatrixCharles McNeil
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wpEdward Lam
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentationpwal
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 

What's hot (16)

What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your Business
 
The Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling AccessThe Increasing Problems Of Controlling Access
The Increasing Problems Of Controlling Access
 
Website integrity
Website integrityWebsite integrity
Website integrity
 
Priviledged Identity Management
Priviledged Identity ManagementPriviledged Identity Management
Priviledged Identity Management
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
 
Security In Web Conferencing
Security In Web ConferencingSecurity In Web Conferencing
Security In Web Conferencing
 
LTS Secure offers PIM User Activity Monitoring
LTS Secure offers PIM User Activity MonitoringLTS Secure offers PIM User Activity Monitoring
LTS Secure offers PIM User Activity Monitoring
 
Cloud Control Matrix
Cloud Control MatrixCloud Control Matrix
Cloud Control Matrix
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made Easy
 
MBM Security Products Matrix
MBM Security Products MatrixMBM Security Products Matrix
MBM Security Products Matrix
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wp
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White Paper
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentation
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06
 
ATLlamas
ATLlamasATLlamas
ATLlamas
 

Similar to PCI Compliance Challenges and Solutions

PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminardlinehan2
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
PCI_Security_Awareness12345678904321.ppt
PCI_Security_Awareness12345678904321.pptPCI_Security_Awareness12345678904321.ppt
PCI_Security_Awareness12345678904321.pptgealehegn
 
PCI_Security_Awareness.ppt
PCI_Security_Awareness.pptPCI_Security_Awareness.ppt
PCI_Security_Awareness.pptHuyNguyen669920
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?Lumension
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCIKelly Lam
 
PCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardPCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardJohn Bedrick
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Anil Jain
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link businessMike Shelah
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
PCI DSS Training compliance training for companies
PCI DSS Training compliance training for companiesPCI DSS Training compliance training for companies
PCI DSS Training compliance training for companiesgealehegn
 

Similar to PCI Compliance Challenges and Solutions (20)

PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
PCI_Security_Awareness12345678904321.ppt
PCI_Security_Awareness12345678904321.pptPCI_Security_Awareness12345678904321.ppt
PCI_Security_Awareness12345678904321.ppt
 
PCI_Security_Awareness.ppt
PCI_Security_Awareness.pptPCI_Security_Awareness.ppt
PCI_Security_Awareness.ppt
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCI
 
PCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardPCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The Standard
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link business
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
PCI DSS Training compliance training for companies
PCI DSS Training compliance training for companiesPCI DSS Training compliance training for companies
PCI DSS Training compliance training for companies
 

PCI Compliance Challenges and Solutions

  • 1. Facing the Challenges of PCI Compliance Presented by:
  • 3.
  • 4.
  • 5. And It’s Easier Than Many Think Breach investigations have located compromised cardholder data on popular public facing web sites:
  • 6. Selling Cardholder Information is Lucrative CREDIT CARDS NUMBERS ARE SOLD ON THE BLACK- MARKET FOR PROFIT Once compromised…
  • 7. PCI DSS Participants Card Schemes Members (Acquirers) Service Providers Data Storage Entities 3 rd Party Processors Merchants PCI DSS creation and maintenance
  • 8.
  • 9.
  • 10.
  • 11.