WEBINAR. Five Steps to PCI Compliance. Madeline Long. Ron Demmans. Download these slides at Director of Sales Solveras

Transcription

1 Five Steps to PCI Compliance Sponsored by Madeline Long Director of Sales Solveras Ron Demmans Director of Sales Administration Solveras WEBINAR

2 1. What is PCI Compliance? 2. How does PCI Compliance affect your business? 3. How can your business become compliant?

3 Five Steps to PCI Compliance

4 PCI = PAYMENT CARD INDUSTRY PCI DSS = DATA SECURITY STANDARD

5 SECURE ENVIRONMENT = PROTECTING AND SECURING YOUR CUSTOMERS SENSITIVE CREDIT CARD INFORMATION

6 SECURITY

7 BREACH

8 BREACH

9 1. What is happening with my credit card number? 2. Where is my number being stored? 3. Who has access to the numbers?

10

11 Compliance Now

12 Card # Expiration Date CVV Code

13 What is PCI Compliance? Who does it affect? How does it affect my business?

14 PCI VALIDATION PROCESS

15 BOTTOM LINE IS - DON T PUT OFF GETTING VALIDATED

16 1. Determine your merchant level 2. Identify your validation type and which self-assessment questionnaire you need to complete 3. Complete the self-assessment questionnaire 4. If applicable, complete and obtain evidence of a passing vulnerability scan with a PCI SSC approved scanning vendor (ASV) 5. Complete and submit the attestation of compliance The Five Steps

17 1. WHAT IS YOUR MERCHANT LEVEL? 6 million+ transactions 1 to 6 million transactions 20,000 to 1 million Web transactions <20,000 Web transactions; and all others

18 In addition to adhering to the PCI DSS, compliance validation is required for Level 1, Level 2, and Level 3 merchants, and MAY be required for Level 4 merchants. The PCI DSS requires that ALL merchants with externally-facing IP addresses perform quarterly, external network scans to achieve compliance. Acquirers MAY require submission of the quarterly scan reports and/or questionnaires by level 4 merchants. (Source:

19 More important though, is that your merchant acquirer or processor is supposed to set its own requirements for you to validate your compliance. (Source:

20 For Level 4 Merchants, most processors require: Annual Self-Assessment Questionnaire Annual validation through Attestation of Compliance

21 2. Identify your validation type SAQ Validation Type 1 2 Description Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. Imprint-only merchants with no electronic cardholder data storage SAQ A B 3 Stand-alone terminal merchants, no electronic cardholder data storage B 4 Merchants with POS systems connected to the Internet, no electronic cardholder data storage C 5 All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. D (Source:

22

23 3. Complete the Self Assessment Questionnaire

24 4. DOES YOUR BUSINESS NEED A VULNERABILITY SCAN? ASV = APPROVED SCANNING VENDOR

25 5. COMPLETE AN ATTESTATION OF COMPLIANCE.

26

27 PCI COMPLIANCE APPLIES TO ANY MERCHANT THAT ACCEPTS CREDIT CARDS FOR PAYMENT. YOU NEED TO BE COMPLIANT NOW. COMPLETE YOUR STEPS AS REQUIRED BY YOUR PROCESSOR.

28 1) DETERMINE MERCHANT LEVEL 2) IDENTIFY YOUR VALIDATION TYPE, SELF-ASSESSMENT QUESTIONNAIRE 3) COMPLETE THE QUESTIONNAIRE 4) COMPLETE AND OBTAIN EVIDENCE OF A PASSING VULNERABILITY SCAN 5) COMPLETE THE ATTESTATION OF COMPLIANCE

29 Helping our merchants become compliant Helping them attest to their compliance Maintaining their compliance going forward

30 Q&A