SlideShare a Scribd company logo

Chameleon PCI Presentation

C
christoboshoff

The document discusses the need for PCI compliance in the face of credit card data breaches. It outlines the goals of the PCI Data Security Standard (DSS) which includes 12 requirements across 6 areas to help organizations securely store, process, and transmit cardholder data. Failure to comply with PCI DSS can result in fines, fees, remediation costs, and damage to a business's reputation and brand from a data breach. Complying with PCI DSS provides legal and financial protections for merchants in the event of a breach.

1 of 11
1
2
3
4
5
6
7
8
9
10
11
Facing the Challenges of PCI Compliance Presented by:
The Need
What is credit card compromise? To gain access to: Card Numbers Expiration Dates CVV2/CVC2/CID Track Data An unauthorized individual taking advantage of a flaw in a system that processes, transmits or stores cardholder data.
Theft of Payment Card Data Is Thriving The Perpetrators Script Kiddies International Crime Syndicates Malicious Third Parties Employees The Tools Scanners * Port Vulnerability Web Application * Available online The Gaps Weak Configurations Operating System Flaws Programming Errors Lack of Staff training Flawed Policies Negligence Poor Change Control Application-Induced Backdoors Nearby Systems/Networks Utilize To Find
And It’s Easier Than Many Think Breach investigations have located compromised cardholder data on popular public facing web sites:
Selling Cardholder Information is Lucrative CREDIT CARDS NUMBERS ARE SOLD ON THE BLACK- MARKET FOR PROFIT Once compromised…
PCI DSS Participants Card Schemes Members (Acquirers) Service Providers Data Storage Entities 3 rd Party Processors Merchants PCI DSS creation and maintenance
Six Goals: Twelve Requirements – PCI DSS The “ Digital Dozen ” The Payment Card Industry Data Security Standard Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain Information Security Policy Maintain a policy that addresses information security
Non-Compliance: Risks, Fines, Fees, Costs, Loss Non-compliant, compromised business could expect the following: Damage to their brand/reputation Investigation costs Remediation costs Fines and fees - Non-compliance (each brand issues separate fines) -Re-issuance -Fraud loss Ongoing compliance audits Victim notification costs Financial loss Data loss Charge-backs for fraudulent transactions Operations disruption Sensitive info disclosure Denial of service to customers Individual executives held liable Possibility of business closure
PCI Compliance: Sound Business Practice Fundamental Best Security Practices Avoid fraud Maps that supports other compliance regimes Upholds Brand Name Adds value to name Increases consumer confidence Improves reputation Clarifies Where Data Is Stored Helps to understand own system better
  PCI DSS Compliance Can Protect Against Fines Members receive “ Safe Harbor ” For Compromised Merchants Found To Be PCI-Compliant At Time Of Breach

More Related Content

PPT
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
PPTX
Ecmon 0.5
Stephan Langdon
 
PPTX
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
Rea
 
PDF
WITDOM Credit Risk Scoring use case at ISSE 2017
Elsa Prieto
 
PDF
PCI DSS brochure
Knowledgehut
 
PDF
The three chain links of radius security
Grafic.guru
 
PPT
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
PPT
Clifford wilke
Lanka Praneeth
 
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
Ecmon 0.5
Stephan Langdon
 
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
Rea
 
WITDOM Credit Risk Scoring use case at ISSE 2017
Elsa Prieto
 
PCI DSS brochure
Knowledgehut
 
The three chain links of radius security
Grafic.guru
 
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Clifford wilke
Lanka Praneeth
 

What's hot (16)

PPTX
What Data Center Compliance Means for Your Business
Data Foundry
 
PPT
The Increasing Problems Of Controlling Access
Kylie Dunn
 
PPTX
Website integrity
jeannie_wu
 
PPTX
Priviledged Identity Management
rver21
 
PPTX
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
Pace IT at Edmonds Community College
 
PPT
Security In Web Conferencing
pchen
 
PPTX
LTS Secure offers PIM User Activity Monitoring
rver21
 
PDF
Cloud Control Matrix
Allen Zhang
 
PDF
Certificate Management Made Easy
Jason Newell
 
PDF
MBM Security Products Matrix
Charles McNeil
 
PDF
Tripwire pci basics_wp
Edward Lam
 
PDF
Aggregation Platforms-White Paper
Envestnet Yodlee India
 
PPTX
Identity theft and data responsibilities
Peter Henley
 
PDF
TroubleTicketing - product presentation
pwal
 
PPT
M014 Confluence Presentation 08 15 06
gbroadbent67
 
PPTX
ATLlamas
alexisivoree
 
What Data Center Compliance Means for Your Business
Data Foundry
 
The Increasing Problems Of Controlling Access
Kylie Dunn
 
Website integrity
jeannie_wu
 
Priviledged Identity Management
rver21
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
Pace IT at Edmonds Community College
 
Security In Web Conferencing
pchen
 
LTS Secure offers PIM User Activity Monitoring
rver21
 
Cloud Control Matrix
Allen Zhang
 
Certificate Management Made Easy
Jason Newell
 
MBM Security Products Matrix
Charles McNeil
 
Tripwire pci basics_wp
Edward Lam
 
Aggregation Platforms-White Paper
Envestnet Yodlee India
 
Identity theft and data responsibilities
Peter Henley
 
TroubleTicketing - product presentation
pwal
 
M014 Confluence Presentation 08 15 06
gbroadbent67
 
ATLlamas
alexisivoree
 
Ad

Similar to Chameleon PCI Presentation (20)

PPT
PCI Compliance Seminar
dlinehan2
 
DOCX
PCI DSS 6 Key Objectives You Must Know for Compliance.docx
BORNSEC CONSULTING
 
PDF
PCI Certification and remediation services
Tariq Juneja
 
PPT
PCI_Security_Awareness12345678904321.ppt
gealehegn
 
PPT
PCI_Security_Awareness.ppt
HuyNguyen669920
 
PDF
PCI DSS for Pentesting
n|u - The Open Security Community
 
PPT
Payment Gateway
Ashraf Bashir
 
PPTX
PCI DSS for Penetration Testing
Network Intelligence India
 
PPT
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
PPTX
PCI Compliance (for developers)
Maksim Djackov
 
PPTX
The Easy WAy to Accept & Protect Credit Card Data
Tyler Hannan
 
PDF
Pcidss qr gv3_1
leon bonilla
 
DOCX
Online_Transactions_PCI
Kelly Lam
 
PPTX
PCI Compliance - Delving Deeper In The Standard
John Bedrick
 
PPTX
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
DOCX
Securing SaaS: Your Roadmap to PCI DSS v4.0 Compliance
rajverma416485
 
PDF
Emerging Trends in Information Security and Privacy
lgcdcpas
 
PDF
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
PPT
Pci compliance overview earth link business
Mike Shelah
 
PDF
What Are the Most Important Security Considerations for Credit Card Payment S...
itio Innovex Pvt Ltv
 
PCI Compliance Seminar
dlinehan2
 
PCI DSS 6 Key Objectives You Must Know for Compliance.docx
BORNSEC CONSULTING
 
PCI Certification and remediation services
Tariq Juneja
 
PCI_Security_Awareness12345678904321.ppt
gealehegn
 
PCI_Security_Awareness.ppt
HuyNguyen669920
 
PCI DSS for Pentesting
n|u - The Open Security Community
 
Payment Gateway
Ashraf Bashir
 
PCI DSS for Penetration Testing
Network Intelligence India
 
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
PCI Compliance (for developers)
Maksim Djackov
 
The Easy WAy to Accept & Protect Credit Card Data
Tyler Hannan
 
Pcidss qr gv3_1
leon bonilla
 
Online_Transactions_PCI
Kelly Lam
 
PCI Compliance - Delving Deeper In The Standard
John Bedrick
 
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Securing SaaS: Your Roadmap to PCI DSS v4.0 Compliance
rajverma416485
 
Emerging Trends in Information Security and Privacy
lgcdcpas
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
Pci compliance overview earth link business
Mike Shelah
 
What Are the Most Important Security Considerations for Credit Card Payment S...
itio Innovex Pvt Ltv
 
Ad

Chameleon PCI Presentation

  • 1. Facing the Challenges of PCI Compliance Presented by:
  • 3. What is credit card compromise? To gain access to: Card Numbers Expiration Dates CVV2/CVC2/CID Track Data An unauthorized individual taking advantage of a flaw in a system that processes, transmits or stores cardholder data.
  • 4. Theft of Payment Card Data Is Thriving The Perpetrators Script Kiddies International Crime Syndicates Malicious Third Parties Employees The Tools Scanners * Port Vulnerability Web Application * Available online The Gaps Weak Configurations Operating System Flaws Programming Errors Lack of Staff training Flawed Policies Negligence Poor Change Control Application-Induced Backdoors Nearby Systems/Networks Utilize To Find
  • 5. And It’s Easier Than Many Think Breach investigations have located compromised cardholder data on popular public facing web sites:
  • 6. Selling Cardholder Information is Lucrative CREDIT CARDS NUMBERS ARE SOLD ON THE BLACK- MARKET FOR PROFIT Once compromised…
  • 7. PCI DSS Participants Card Schemes Members (Acquirers) Service Providers Data Storage Entities 3 rd Party Processors Merchants PCI DSS creation and maintenance
  • 8. Six Goals: Twelve Requirements – PCI DSS The “ Digital Dozen ” The Payment Card Industry Data Security Standard Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain Information Security Policy Maintain a policy that addresses information security
  • 9. Non-Compliance: Risks, Fines, Fees, Costs, Loss Non-compliant, compromised business could expect the following: Damage to their brand/reputation Investigation costs Remediation costs Fines and fees - Non-compliance (each brand issues separate fines) -Re-issuance -Fraud loss Ongoing compliance audits Victim notification costs Financial loss Data loss Charge-backs for fraudulent transactions Operations disruption Sensitive info disclosure Denial of service to customers Individual executives held liable Possibility of business closure
  • 10. PCI Compliance: Sound Business Practice Fundamental Best Security Practices Avoid fraud Maps that supports other compliance regimes Upholds Brand Name Adds value to name Increases consumer confidence Improves reputation Clarifies Where Data Is Stored Helps to understand own system better
  • 11.   PCI DSS Compliance Can Protect Against Fines Members receive “ Safe Harbor ” For Compromised Merchants Found To Be PCI-Compliant At Time Of Breach