The document discusses PCI Data Security Standards for merchants. It outlines the 12 key requirements of PCI compliance including protecting cardholder data, access controls, monitoring networks, maintaining security policies and vulnerability management. Merchants of different levels have different validation requirements to comply with PCI DSS. Evolution Security Systems provides PCI compliance services like gap analysis, remediation assistance and certification to help merchants achieve and maintain compliance.

1. PCI Data Security Standards information for Merchants by Evolution Security Systems

5. Valued Vendor Partners

6. Our Clients

7. Background of PCI

8. In 2006, 40 million Credit Card data was hacked due to breaches at third party payment processors

9. PCI DSS is a joint effort by Visa, MasterCard, American Express, Discover and JCB. PCI applies to all merchants and services providers that process, transmit, or store credit card information. The standard is enforced by the card companies and acquirer banks.

10. When Should I Act? “ All Deadlines had Passed” Bob Russo Director, PCI Security Standards Council

11. The Pressure is Here… Recently Visa has issued letters to service providers demanding them to be complied and certified by as early as June 2008 . This is a long-awaited final call to the industry. No more excuse of “I don’t know” or “PCI has nothing to do with my organization”.

12. 12 Key Requirements of PCI

13. 12 Key Requirements for All Organizations Protect Cardholder Data 1. Protect stored data (in both hardcopy and electronic copy) 2. Encrypt transmissions of cardholder data (electronic copy) Implement Strong Access Control Measures 3. Restrict access by need-to-know 4. Assign unique IDs to all users 5. Restrict physical access to cardholder data (hardcopy) Regularly Monitor and Test Networks 6. Track and monitor access to cardholder data 7. Regularly test security systems and processes Maintain an Information Security Policy 8. Maintain an information security policy Build and Maintain a Secure Network 9. Install and maintain a firewall 10. Do not use vendor default password Maintain a Vulnerability Management Program 11. Use and update antivirus software 12. Develop and maintain secure systems and applications

14. Guidelines for Credit Card Data Storage Data Element Storage Permitted Protection Required PCI DSS REQ. 3.4 Cardholder Data (in both hardcopy and electronic copy) Primary Account Number (PAN) Yes Yes Yes Cardholder Name Yes Yes No Service Code Yes Yes No Expiration Date Yes Yes No Sensitive Authentication Data Full Magnetic Stripe No N/A N/A CVC2 / CVV2 / CID No N/A N/A PIN / PIN Block No N/A N/A

15. What if I am not compliant?

18. What should I do?

20. 6-Step PCI Compliance Process Define which merchant level your business belongs to Map out the data flows in your business Conduct a Gap Analysis and scope the project Plan and implement remediation Obtain certification Staying compliant Step 2 Step 1 Step 4 Step 3 Step 6 Step 5

21. Evolution’s Full PCI Cycle Seeking assistance from QSA and Consultants Conducting Gap Analysis Prioritizing Remediation Implementing changes & safeguards Maintaining Compliance

22. Summary

25. Questions and Answers For more information, visit http://pci.evolve-online.com