Since the deadline for level 4 merchants to be in compliance is July 2010, I thought I\'d share this presentation I did in July of 2009 at the Ecommerce Summit.
From the eCommerce Summit in Atlanta June 3-4, 2009 where Mountain Media explains the topic of PC Compliance for online merchants. Visit http://www.ecmta.org to find out more.
MTBiz is for you if you are looking for contemporary information on business, economy and especially on banking industry of Bangladesh. You would also find periodical information on Global Economy and Commodity Markets.
From the eCommerce Summit in Atlanta June 3-4, 2009 where Mountain Media explains the topic of PC Compliance for online merchants. Visit http://www.ecmta.org to find out more.
MTBiz is for you if you are looking for contemporary information on business, economy and especially on banking industry of Bangladesh. You would also find periodical information on Global Economy and Commodity Markets.
PCI DSS can be one of the most infuriating set of standards on the compliance landscape. While it seems simple--six domains and twelve requirements--the art of interpreting PCI can lead to full blown war in an organization--with the security team at the center. In this session we’ll demystify some of the more difficult and misunderstood aspects of PCI DSS. We’ll cover the important changes from recently announced PCI DSS 3.0. We’ll also discuss the best practices for starting (and maintaining) a PCI DSS initiative in an organization and how to avoid battles with the QSA.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Payment Card Industry Compliance for Local Governments CSMFO 2009Donald E. Hester
An introduction to PCI compliance and data security standard. Including attestation requirements, PCI merchant levels, reporting requirements. Steps to Document PCI Cardholder Data Environment CDE and to work toward compliance.
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
Complying with the PCI standard is a normal part of doing business in today’s credit-centric world. But, PCI applies to multiple platforms.
The challenge becomes how to map the general PCI requirements to a specific platform, such as IBM i. And, more importantly, how can you maintain—and prove—compliance?
This slideshow will help you understand:
- How PCI requirements relate to IBM i systems
- IBM i-specific barriers to compliance
-How PowerTech security solutions help you fulfill PCI requirements, meet compliance guidelines, and satisfy auditors
You’ll have the knowledge and confidence you need to evaluate PCI compliance requirements and prepare your IBM i system for today’s regulatory challenges.
This talk was presented in NULL Delhi chapter meet in 2014, as an insight into the world of PCI (Payment Card Industry) and the 12 requirements of PCI DSS
What Everybody Ought to Know About PCI DSS and PA-DSS.
Learn how to comply with the training requirements of PCI DSS, protect cardholder data, avoiding social engineering and malicious downloads and how to update software and anti-virus programs.
PCI DSS can be one of the most infuriating set of standards on the compliance landscape. While it seems simple--six domains and twelve requirements--the art of interpreting PCI can lead to full blown war in an organization--with the security team at the center. In this session we’ll demystify some of the more difficult and misunderstood aspects of PCI DSS. We’ll cover the important changes from recently announced PCI DSS 3.0. We’ll also discuss the best practices for starting (and maintaining) a PCI DSS initiative in an organization and how to avoid battles with the QSA.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Payment Card Industry Compliance for Local Governments CSMFO 2009Donald E. Hester
An introduction to PCI compliance and data security standard. Including attestation requirements, PCI merchant levels, reporting requirements. Steps to Document PCI Cardholder Data Environment CDE and to work toward compliance.
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
Complying with the PCI standard is a normal part of doing business in today’s credit-centric world. But, PCI applies to multiple platforms.
The challenge becomes how to map the general PCI requirements to a specific platform, such as IBM i. And, more importantly, how can you maintain—and prove—compliance?
This slideshow will help you understand:
- How PCI requirements relate to IBM i systems
- IBM i-specific barriers to compliance
-How PowerTech security solutions help you fulfill PCI requirements, meet compliance guidelines, and satisfy auditors
You’ll have the knowledge and confidence you need to evaluate PCI compliance requirements and prepare your IBM i system for today’s regulatory challenges.
This talk was presented in NULL Delhi chapter meet in 2014, as an insight into the world of PCI (Payment Card Industry) and the 12 requirements of PCI DSS
What Everybody Ought to Know About PCI DSS and PA-DSS.
Learn how to comply with the training requirements of PCI DSS, protect cardholder data, avoiding social engineering and malicious downloads and how to update software and anti-virus programs.
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Stephanie Gutowski
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in Drupal -
Stephen Bestbier (iATS), Aaron Crosman (Message Agency), Erik Mathy (Pantheon)
PCI Compliance for Community Colleges @One CISOA 2011Donald E. Hester
An introduction to PCI compliance and data security standard. Including attestation requirements, PCI merchant levels, reporting requirements. Steps to Document PCI Cardholder Data Environment CDE and to work toward compliance.
This presentation covers the key facts you need to know about the current and upcoming PCI compliance requirements.
Key take-aways:
*What are the new PCI Compliance changes (current and planned)
*When the changes go into effect & how they impact your business
*How to automate the PCI Compliance processes
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...Rapid7
The Payment Card Industry Data Security Standards (PCI DSS), with its over 200 requirements, can seem like a daunting set of regulations. Nonetheless, if your organization handles any kind of credit card information, you must be PCI DSS compliant. As difficult as this can seem, you can get expert help with our new eBook: Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS Compliance.
Choose an online payment service to maximize your revenue while detecting fraud with their integrated risk management solution. They use an advanced decision-making platform to prevent online fraud from happening. Best of all, since it is built into the payment gateway, there is no need for a third-party solution. Visit @ https://www.paymentasia.com/en/product-and-services/online-payment-solutions
6. PCI DSS Principles and Requirements Requirement 12: Maintain a policy that addresses information security Maintain an Information Security Policy Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes Regularly Monitor and Test Networks Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data Implement Strong Access Control Measures Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Maintain a Vulnerability Management Program Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Protect Cardholder Data Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Build and Maintain a Secure Network Associated Requirements Principle
7. What are the merchant levels? These are based on your annual transaction volumes MOST ECOMMERCE MERCHANTS FALL INTO LEVEL 3 OR 4 Any merchant processing fewer than 20,000 ecommerce card transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M transactions per year. Level 4 Any merchant processing 20,000 to 1M ecommerce credit card transactions per year. Level 3 Any merchant -- regardless of acceptance channel -- processing 1M to 6M card transactions per year. Level 2 Any merchant -- regardless of acceptance channel -- processing over 6M card transactions per year. Any merchant that the card companies, determine should meet the Level 1 merchant requirements to minimize risk. Level 1 Annual Transaction Volume Merchant Level
8.
9. Self Assessment Questionnaire Validation Must comply with requirements in SAQ-D. and may require a Report on Compliance from a Qualified Security Assessor.These are the same the requirements that are required of PCI certified service providers and are typically out of the financial and technical reach of most small ecommerce retailers. Cost to comply is well over $50,000 and requires written policies and procedures. Requires the operating service providers are PCI-DSS certified. This includes the web hosting provider and data center. Not required to perform quarterly scans, but recommended. Must comply with SAQ-C. Does not require PCI compliant web hosting, but may be necessary to complete the SAQ-A. Not required to perform a quarterly vulnerability scan, but recommended. Hosting Environment Managed PCI compliant product like Rack Space PCI hosting and PCI Compliant Ecommerce application. Card holder data can be stored for later use. Allows the customers to save cards for later purchases. Type 5 (The Hardest) Credit card payments are made at the merchant’s website. Using a shopping cart solution with Authorize.net is an example. Ecommerce merchants with shopping cart applications that transmit cardholder data via the Internet for processing. No cardholder data can be stored. Type 4 (Most Merchants) The purchaser must be redirected to the service provider’s website to complete the purchase. Using Paypal Payments Standard is an example. All cardholder data functions are performed by a PCI compliant third-party. No cardholder data can be stored or transmitted. Type 1 (The Easiest) Example Card holder Data SAQ Type
10.
11.
12.
13. PAYMENT CARD INDUSTRY (PCI) SECURITY STANDARDS Source: October 2008. Statistics based on data gathered from 443 account data compromise cases investigated since 2001. ACCOUNT DATA COMPROMISE STATISTICS John Jacobs Moneris Solutions Merchant Acquirer
21. Awarded To: June 4, 2009 eCom Merchant eCom Merchant ("Client") is enrolled in Compliance Validation Services to meet the Payment Card Industry Data Security Standard (PCI DSS). Validation Service has been accredited by all the major card associations' data security programs including: Etc……