Top Banner

Click here to load reader

of 13

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

Payment Card Industry Data Security Standard (PCIDSS) - By Priyanka Raut

Payment Card Industry Data Security Standard (PCIDSS)

By : Priyanka RautCard ComponentsCard number Chip Expiry dateMagnetic Stripe CVV2 The card account number, plus a three-digitmade up of Track 1 Card Verification Value 2 (CVV2) is indent-printed and Track 2 data on the signature panelTrack data and CVV2 should never be stored after authorisation

2Card Ecosystem3

ProcessorAcquiring bankInternet payment gatewayMerchantWeb hosting companyWhat is PCIDSS ?Mandatory compliance program resulting from a collaboration between the credit card associations to create common industry security requirements for cardholder data.PCI DSS is mandated for all merchants and other entities who store, process and/or transmit card dataNo data = no need for compliance validation

Who are the stakeholders?Credit card industry Founders of the PCI Security Standards Council are Visa, MasterCard, Amex, Discover, and JCB brands.Acquiring banks/member banks must require PCI compliance from merchants and service providers doing credit card business. Merchants and service providers must be PCI compliant, regardless of channel. Our customers.

Steps for adhering to PCIDSS

PCI Security Standards IncludePCI DSSPCI PTS : PCI PIN Transaction SecurityPA DSS : Payment Application Data Security StandardPCI DSS Goals and Requirements

Compliance Vs Validation Compliance Means adherence to the standardApplies to every merchant regardless of volumeTechnical and business practicesValidation Verification that merchant (including its services providers) is compliant with the standardApplies based on Level assigned to merchant, based on transaction volumeTwo types of ValidationSelf-AssessmentCertified by a Qualified Assessor :Qualified Security Assessor (QSA)Approved Scanning Vendor (ASV)

Levels of Merchants (Applies to Validation, Not to Compliance)

Level 1-Visa/MasterCard- Annual onsite review by merchant's internal auditor or a Qualified Security Assessor (QSA) or Internal Audit if signed by Officer of the company, and a quarterly network security scan with an Approved Scanning Vendor (ASV). Level 2- Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV. Level 3-Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV. Level 4-Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV.

Consequences of Non-ComplianceForensic investigationSteep monetary finesLawsuitsDamage to reputation Bad publicityRevocation of credit card business privileges

THANK YOU