Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

10 PCI Compliance Tips


Published on

10 Best-Practice tips merchants need to focus on in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

10 PCI Compliance Tips

  1. 1. 10 Tips to Achieve PCI DSS Compliance by Sumedh Thakar Director of Engineering PCI Solutions Terry Ramos VP, Strategic Alliances, Qualys
  2. 2. Agenda <ul><li>Why PCI is important </li></ul><ul><li>Who has to comply with PCI </li></ul><ul><li>10 Tips </li></ul><ul><li>PCI Compliance for Dummies </li></ul>
  3. 3. Account Compromise - Impacts <ul><li>Counterfeit cards and fraud </li></ul><ul><li>Significant chargeback risk </li></ul><ul><li>Penalties, fines, losses </li></ul><ul><li>Damage to reputation </li></ul><ul><li>Negative media coverage </li></ul><ul><li>Impacts to consumer confidence </li></ul><ul><li>Re-issuance and monitoring of cards </li></ul><ul><li>Potential of new legislation </li></ul>
  4. 4. Top 5 Vulnerabilities <ul><ul><li>Storage of prohibited data (e.g., full track, CVV2, PIN blocks) </li></ul></ul><ul><ul><li>Vendor default accounts and passwords </li></ul></ul><ul><ul><li>Insecure remote access by software vendors </li></ul></ul><ul><ul><li>Compatibility issues with anti-virus and encryption </li></ul></ul><ul><ul><li>Poorly coded web-facing applications resulting in SQL injection </li></ul></ul>Based on merchant compromises, Visa has found the following common vulnerabilities:
  5. 5. Top 5 Reasons: Data Compromise Source: MasterCard Forensics Examinations of Hacked Entities
  6. 6. PCI Certification Merchant & Service Provider Levels
  7. 7. 10 Tips <ul><ul><li>Know the Risks you Face in Protecting Cardholder Data </li></ul></ul><ul><ul><ul><li>Understand where your risks are </li></ul></ul></ul><ul><ul><ul><li>Understand what are your risks versus others </li></ul></ul></ul><ul><ul><li>Build and Maintain a Secure Network for Cardholder Data </li></ul></ul><ul><ul><ul><li>Requirement 1: Install and maintain a firewall configuration to protect cardholder data </li></ul></ul></ul><ul><ul><ul><li>Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters </li></ul></ul></ul><ul><ul><li>Protect Cardholder Data That’s Stored or Transmitted </li></ul></ul><ul><ul><ul><li>Requirement 3: Protect stored cardholder data </li></ul></ul></ul><ul><ul><ul><li>Requirement 4: Encrypt transmission of cardholder data across open, public networks </li></ul></ul></ul>
  8. 8. 10 Tips <ul><ul><li>Maintain a Vulnerability Management Program </li></ul></ul><ul><ul><ul><li>Requirement 5: Use and regularly update anti-virus software </li></ul></ul></ul><ul><ul><ul><li>Requirement 6: Develop and maintain secure systems and applications </li></ul></ul></ul><ul><ul><li>Implement Strong Access Control Measures </li></ul></ul><ul><ul><ul><li>Requirement 7: Restrict access to cardholder data by business need-to-know </li></ul></ul></ul><ul><ul><ul><li>Requirement 8: Assign a unique ID to each person with computer access </li></ul></ul></ul><ul><ul><ul><li>Requirement 9: Restrict physical access to cardholder data </li></ul></ul></ul><ul><ul><li>Regularly Monitor and Test Networks </li></ul></ul><ul><ul><ul><li>Requirement 10: Track and monitor all access to network resources and cardholder data </li></ul></ul></ul><ul><ul><ul><li>Requirement 11: Regularly test security systems and processes </li></ul></ul></ul>
  9. 9. 10 Tips <ul><ul><li>Maintain an Information Security Policy </li></ul></ul><ul><ul><ul><li>Requirement 12: Maintain a policy that addresses information security </li></ul></ul></ul><ul><ul><li>Submit Reports for Quarterly Scans and Annual Review </li></ul></ul><ul><ul><li>Make PCI Compliance a Continuous, Ongoing Process </li></ul></ul>
  10. 10. PCI Compliance for Dummies <ul><ul><li>Read PCI Compliance for Dummies </li></ul></ul><ul><ul><ul><li>Get as much information as you can about PCI and how it relates to your organization </li></ul></ul></ul>
  11. 11. Q&A C O N F I D E N T I A L Thank You [email_address] [email_address]