1 / 11

PCI Compliance

PCI Compliance. Forrest Walsh Director, Information Technology California Chamber of Commerce. PCI-Data Security Standards. What is PCI-DSS? Does PCI-DSS Apply to My Business? What are the Consequences of Non-Compliance? What are My Next Steps? Resources. What is PCI-DSS?.

werner
Download Presentation

PCI Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce

  2. PCI-Data Security Standards • What is PCI-DSS? • Does PCI-DSS Apply to My Business? • What are the Consequences of Non-Compliance? • What are My Next Steps? • Resources

  3. What is PCI-DSS? • 5 Major Credit Card Companies Created the Payment Card Security Standards Council • Established (Almost) Common Data Security Standards for Credit Card Data

  4. Does PCI-DSS Apply to My Business? • “Payment Card Industry (PCI) Data Security requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data.” • Applies to all system components which are defined as “any network component, server, or application included in, or connected to, the cardholder data environment”.

  5. Merchant Levels Compliance Requirements Vary By Merchant Level

  6. Compliance Validation Requirements Validation Requirements Vary By Merchant Level

  7. Consequences of Non-Compliance • Increased Bank Fees • Reclassification of Merchant Level • Potential loss of card processing privileges

  8. Consequences of a Breach • Damage to Brand • Mandatory involvement of federal law enforcement • Merchant banks may pass along substantial fines levied by the credit card companies • Up to $500,000 per incident from Visa • Civil liability and cost of providing Identity Theft protection

  9. PCI Goals and Requirements 6 Goals, 12 Requirements

  10. Next Steps • Complete the SAQ • Create a remediation plan • Find an ASV and schedule your quarterly network scans • Check with your bank or credit card authority to find out when they expect to receive your SAQs and ASV scans. • Obtain a statement of compliance or SAQ from each of your service providers.

  11. Resources • Your Bank • PCI Security Council Website • https://www.pcisecuritystandards.org/index.shtml

More Related