An Image/Link below is provided (as is) to download presentationDownload Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.Content is provided to you AS IS for your information and personal use only. Download presentation by click this link.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.During download, if you can't get a presentation, the file might be deleted by the publisher.
E N D
Presentation Transcript
1. GTEC Meeting August 17th 2010 PCI Compliance
2. 1
3. Industry Responds to Payment Card Data Theft To combat the increasing fraud, the major card brands created the PCI SSC (Payment Card Industry Security Standards Council).
Defined a common set of standards accepted by all brands to introduce payment security best practices as a way to reduce payment system fraud.
4. PIN Entry Device Security
6. PCI – PED Visa is mandating PIN accepting dispensers (DEBIT) adhere to EPP standards to support industry migration to TDES.
7. In the future – Dispensers will be required to comply with the more comprehensive PCI UPT requirements.
Involves the entire payment terminal including:
Keypads
Card Readers
Display Prompts PCI EPP and UPT Compliance
9. Additional Considerations
Payment security standards continue to evolve
PCI standards may be updated every few years
Level 1.X - Release date 2004 (Current)
Level 2.0 – Release date 2009 (Current)
Level 3.0 / UPT – Release date 2010 (Mandate ?)
Standards versions affect deployment longevity
2009 introduction of Unattended Payment Terminal (UPT)
PCI Council published PCI 3.0 in April 2010
Consolidating specs and modularizing certifications
Incremental security requirements
Inclusion of non-PIN devices – card security, open protocols
Further UPT clarifications and configuration details
10. PCI EPP Versions and UPT: Security Differences 9
