PCI DSS - National Bank of Dominica
Download
Report
Transcript PCI DSS - National Bank of Dominica
National Bank of Dominica
Ltd. 2011 Merchant Seminar
Facilitator: Janiere Frank
Fraud & Compliance Analyst
June 16, 2011.
Legal Disclosure
These materials are provided for informational purposes only and should not be relied upon for
marketing, legal, regulatory or other advice. You should independently evaluate all content and
recommendations in light of your specific business needs, operations and policies as well as any
applicable laws and regulations. Caribbean Credit Card Corporation Ltd. is not responsible for your
use of these materials, including errors of any kind, or any assumptions or conclusions you might
draw from their use.
Use of the following information is the sole and exclusive responsibility of the user.
A brief review of the Payment Card Data Security Standards
Requirements and Relevance
What is PCI DSS?
PCI DSS is:
A set of requirements established by the Payment
Card Industry Security Standards Council (PCI SSC)
to protect cardholder data.
The founders of the PCI SSC:
Visa Inc., MasterCard Worldwide, American Express,
Discover Financial Services and JCB International
What is PCI DSS?
There are six (6) main goals and twelve (12) basic requirements of
the PCI DSS.
Is PCI DSS relevant to me?
Compliance with the PCI data security standards is
mandatory for ALL entities that store, process or
transmit cardholder data.
This includes merchants, acquirers, processors and
other participants in the industry.
Why Comply?
Benefits of compliance:
Helps to create a secure environment for customers
Increased customer confidence
Greater Market Leverage
Why Comply?
Consequences of non-compliance:
Fines and penalties
Termination of ability to accept payment cards
Lost confidence, so customers go to other merchants
Lost sales
Cost of reissuing new payment cards
Legal costs, settlements and judgments
Fraud losses
Higher subsequent costs of compliance
Going out of business
www.pcisecuritystandards.org
What do I need to protect?
PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 2.0, October 2010
What do I need to protect?
PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 2.0, October 2010
What do I need to protect?
Points from which cardholder data can be stolen:
Compromised card reader
Paper stored in a filing cabinet
Data in a payment system database
Hidden camera recording entry of authentication data
Secret tap into your store’s wireless or wired network
www.pcisecuritystandards.org
PCI DSS: An Ongoing Process
Assess – take an inventory of IT
systems and business processes to
identify cardholder data and
determine vulnerabilities.
Remediate – fix vulnerabilities;
don’t store card data unless
needed.*
Report – submit compliance
reports to your bank.
Common Myths of PCI DSS
Myth 5 – PCI DSS is unreasonable; it requires too
much
Myth 7 – We don’t take enough credit cards to be
compliant
PCI DSS compliance is required for any business
that accepts payment cards – even if the quantity of
transactions is just one.
Myth 8 – We completed a SAQ so we’re compliant
QUESTIONS