SlideShare a Scribd company logo

Payment System Risk. Visa

Internet Security Auditors
Internet Security Auditors

En este presentación Andrew Mulvenna, de VISA, desgranó algunos puntos básicos de las normativas PCI DSS y PA DSS como por ejemplo las novedades de las versiones 2.0, el nuevo ciclo de vida de las normas, la aproximación a PCI DSS basada en una priorización de riesgos o la importancia del cifrado y la tokenización en las nuevas arquitecturas de los medios de pago.

TechnologyEconomy & Finance
1 of 20
Download to read offline
Visa Europe Public Payment System Risk Andrew Mulvenna 10th November 2010
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 2
Visa Europe Public PCI DSS & PA-DSS v2.0 – What’s new? • Mainly clarifications to existing requirements. • Certain requirements will be based more on risk assessment rather than being overly perspective. • The standards will be moving to a three year standard lifecycle.
Visa Europe Public The New Life-cycle
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 5
Visa Europe Public The Current Environment • Knowledge of cardholder and account data is (largely) considered proof of ownership. Consequently, cardholder data is inherently valuable to a criminal. • Many retailers believe that there is a disproportionate onus on them to protect data. • What if we could make data less valuable such that it needs less protection? =
Visa Europe Public Storing cardholder data Basic principles: • If you don’t need it don’t store it • Delete sensitive authentication data after authorisation • If you store cardholder data you must do one or more of the following: – Truncate – Hash – Encrypt 7Retail Fraud Conference 20 April 2010
Visa Europe Public Merchant Levels and Validation Requirements Level Definition Validation requirements 1 Merchants processing more than six million Visa transactions annually via all channels or global merchants identified as level one by any Visa region.** ** Where merchants operate in more than one country or region, if they meet level one criteria in any Visa country or region, they are considered a global Level one merchant. An exception may apply to global merchants if there is no common infrastructure and if Visa data is not aggregated across borders. In such cases merchants are validated according to regional levels. Annual Report on Compliance (ROC) to follow an on- site audit by either a Qualified Security Assessor or qualified internal security resource Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance form 2 Merchants processing one million to six million Visa transactions annually via all channels. Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance form
Visa Europe Public Merchant Levels and Validation Requirements (2) Level Definition Validation requirements 3 Merchants processing 20,000 to one million Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data. OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 E-commerce merchants only Merchants processing fewer than 20,000 Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 Non e-commerce merchants processing up to one million Visa transactions annually. Annual SAQ Quarterly network scan by an ASV Attestation of Compliance form
Visa Europe Public PCI DSS Prioritised Risk Based Approach Phase PCI DSS Objective (defined by PCI SSC) 1 Remove Sensitive Authentication Data and Limit Data Retention 2 Protect the Perimeter, Internal, and Wireless Networks 3 Secure Applications 4 Protect Through Monitoring and Access Control 5 Render Cardholder Data Unreadable 6 Achieve Final Compliance and Maintenance of PCI DSS Required Validation Merchant Discretion / Safe Harbour
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption And Tokenisation •Questions and Answers 11
Visa Europe Public Guidance Supplements
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 13
Visa Europe Public New Payment Architectures Encrypting Registers Segmenting Device PCI Compliant Zone Internal or Public Network Point of Decryption PCI Compliant Zone Segmenting Device Encrypting PEDs
Visa Europe Public The industry’s first specification for Data Field Encryption – A compressive guidance document describing the key management practices that would be necessary to support encryption solutions – Based on 5 key security objectives – Aimed at consolidating industry best practice 15
Visa Europe Public SRED – Secure Read and Exchange of Data • A new optional module within PCI PTS PoI v3. • Describes security requirements for the protection of account data originating from a secure PED.
Visa Europe Public What is Tokenisation? • Tokenisation defines a process through which PANs are replaced with surrogate values known as “tokens”. • The security of an individual token relies on the properties of uniqueness and the infeasibility to determine the original PAN knowing only the surrogate value.
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation •Questions and Answers 18
Visa Europe Public Questions?
Visa Europe Public Thank you

Recommended

PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
John Baines
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
Mark Pollard
 
04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector
innov-acts-ltd
 
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
WSO2
 
AxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PEAxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PE
cklacking
 
6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Know6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Know
cklacking
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to Know
Sasha Nunke
 

Recommended

PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
John Baines
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
Mark Pollard
 
04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector
innov-acts-ltd
 
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
WSO2
 
AxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PEAxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PE
cklacking
 
6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Know6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Know
cklacking
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to Know
Sasha Nunke
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
Idan Tohami
 
BUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkBUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets Framework
Simon Polrot
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitality
Vishal Sharma
 
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
R3
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
WSO2
 
Introducing SWIFT
Introducing SWIFTIntroducing SWIFT
Introducing SWIFT
IFAD International Fund for Agricultural Development
 
Mobile payments and PCI DSS
Mobile payments and PCI DSSMobile payments and PCI DSS
Mobile payments and PCI DSS
Manish Mahapatra
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
Iosif Itkin
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FinTechLabs.io
 
The rise of fin tech presentation
The rise of fin tech presentationThe rise of fin tech presentation
The rise of fin tech presentation
Bovill
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
FIDO Alliance
 
MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0
Shashank Kumar
 
Digital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsDigital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security Solutions
IndiaMART InterMESH Limited
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
Shaun O'keeffe
 
PruebaJLF.pptx
PruebaJLF.pptxPruebaJLF.pptx
PruebaJLF.pptx
JoseLuna802663
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
Melanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
eCommerce Merchants
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview
- Mark - Fullbright
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
Shanmugavel Sankaran
 

More Related Content

What's hot

AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
Idan Tohami
 
BUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkBUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets Framework
Simon Polrot
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitality
Vishal Sharma
 
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
R3
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
WSO2
 
Introducing SWIFT
Introducing SWIFTIntroducing SWIFT
Introducing SWIFT
IFAD International Fund for Agricultural Development
 
Mobile payments and PCI DSS
Mobile payments and PCI DSSMobile payments and PCI DSS
Mobile payments and PCI DSS
Manish Mahapatra
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
Iosif Itkin
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FinTechLabs.io
 
The rise of fin tech presentation
The rise of fin tech presentationThe rise of fin tech presentation
The rise of fin tech presentation
Bovill
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
FIDO Alliance
 
MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0
Shashank Kumar
 
Digital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsDigital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security Solutions
IndiaMART InterMESH Limited
 

What's hot (13)

AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
 
BUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkBUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets Framework
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitality
 
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
 
Introducing SWIFT
Introducing SWIFTIntroducing SWIFT
Introducing SWIFT
 
Mobile payments and PCI DSS
Mobile payments and PCI DSSMobile payments and PCI DSS
Mobile payments and PCI DSS
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
 
The rise of fin tech presentation
The rise of fin tech presentationThe rise of fin tech presentation
The rise of fin tech presentation
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0
 
Digital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsDigital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security Solutions
 

Similar to Payment System Risk. Visa

A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
Shaun O'keeffe
 
PruebaJLF.pptx
PruebaJLF.pptxPruebaJLF.pptx
PruebaJLF.pptx
JoseLuna802663
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
Melanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
eCommerce Merchants
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview
- Mark - Fullbright
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
Shanmugavel Sankaran
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
Al Abbas, PMP, CISSP, MBA, MSc
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
Dermot Clarke
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
Amanda Squires@Pod1
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1
wardell henley
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
Ingenico Group
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
Internet Security Auditors
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
sallychiu
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
hodonoghue
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
ssuserbcc088
 

Similar to Payment System Risk. Visa (20)

A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
PruebaJLF.pptx
PruebaJLF.pptxPruebaJLF.pptx
PruebaJLF.pptx
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 

More from Internet Security Auditors

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimiento
Internet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
Internet Security Auditors
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Internet Security Auditors
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Internet Security Auditors
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional Datos
Internet Security Auditors
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPO
Internet Security Auditors
 
PCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del CumplimientoPCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del Cumplimiento
Internet Security Auditors
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Internet Security Auditors
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
Internet Security Auditors
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
Internet Security Auditors
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
Internet Security Auditors
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Internet Security Auditors
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Internet Security Auditors
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Internet Security Auditors
 
CIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINTCIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINT
Internet Security Auditors
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
Internet Security Auditors
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
Internet Security Auditors
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
Internet Security Auditors
 

More from Internet Security Auditors (20)

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimiento
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional Datos
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPO
 
PCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del CumplimientoPCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del Cumplimiento
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
 
CIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINTCIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINT
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 

Recently uploaded

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 

Recently uploaded (20)

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 

Payment System Risk. Visa

  • 1. Visa Europe Public Payment System Risk Andrew Mulvenna 10th November 2010
  • 2. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 2
  • 3. Visa Europe Public PCI DSS & PA-DSS v2.0 – What’s new? • Mainly clarifications to existing requirements. • Certain requirements will be based more on risk assessment rather than being overly perspective. • The standards will be moving to a three year standard lifecycle.
  • 4. Visa Europe Public The New Life-cycle
  • 5. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 5
  • 6. Visa Europe Public The Current Environment • Knowledge of cardholder and account data is (largely) considered proof of ownership. Consequently, cardholder data is inherently valuable to a criminal. • Many retailers believe that there is a disproportionate onus on them to protect data. • What if we could make data less valuable such that it needs less protection? =
  • 7. Visa Europe Public Storing cardholder data Basic principles: • If you don’t need it don’t store it • Delete sensitive authentication data after authorisation • If you store cardholder data you must do one or more of the following: – Truncate – Hash – Encrypt 7Retail Fraud Conference 20 April 2010
  • 8. Visa Europe Public Merchant Levels and Validation Requirements Level Definition Validation requirements 1 Merchants processing more than six million Visa transactions annually via all channels or global merchants identified as level one by any Visa region.** ** Where merchants operate in more than one country or region, if they meet level one criteria in any Visa country or region, they are considered a global Level one merchant. An exception may apply to global merchants if there is no common infrastructure and if Visa data is not aggregated across borders. In such cases merchants are validated according to regional levels. Annual Report on Compliance (ROC) to follow an on- site audit by either a Qualified Security Assessor or qualified internal security resource Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance form 2 Merchants processing one million to six million Visa transactions annually via all channels. Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance form
  • 9. Visa Europe Public Merchant Levels and Validation Requirements (2) Level Definition Validation requirements 3 Merchants processing 20,000 to one million Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data. OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 E-commerce merchants only Merchants processing fewer than 20,000 Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 Non e-commerce merchants processing up to one million Visa transactions annually. Annual SAQ Quarterly network scan by an ASV Attestation of Compliance form
  • 10. Visa Europe Public PCI DSS Prioritised Risk Based Approach Phase PCI DSS Objective (defined by PCI SSC) 1 Remove Sensitive Authentication Data and Limit Data Retention 2 Protect the Perimeter, Internal, and Wireless Networks 3 Secure Applications 4 Protect Through Monitoring and Access Control 5 Render Cardholder Data Unreadable 6 Achieve Final Compliance and Maintenance of PCI DSS Required Validation Merchant Discretion / Safe Harbour
  • 11. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption And Tokenisation •Questions and Answers 11
  • 13. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 13
  • 14. Visa Europe Public New Payment Architectures Encrypting Registers Segmenting Device PCI Compliant Zone Internal or Public Network Point of Decryption PCI Compliant Zone Segmenting Device Encrypting PEDs
  • 15. Visa Europe Public The industry’s first specification for Data Field Encryption – A compressive guidance document describing the key management practices that would be necessary to support encryption solutions – Based on 5 key security objectives – Aimed at consolidating industry best practice 15
  • 16. Visa Europe Public SRED – Secure Read and Exchange of Data • A new optional module within PCI PTS PoI v3. • Describes security requirements for the protection of account data originating from a secure PED.
  • 17. Visa Europe Public What is Tokenisation? • Tokenisation defines a process through which PANs are replaced with surrogate values known as “tokens”. • The security of an individual token relies on the properties of uniqueness and the infeasibility to determine the original PAN knowing only the surrogate value.
  • 18. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation •Questions and Answers 18