PCI Data Security Overview Presentation for Merchants 1. Now You Have a Friend in the Bankcard Business
PCI Compliance
Credit & Financial Development Division of
The National Association of Credit Management
Kansas City Chapter
© PRINETA, LLC This information is the property of PRINETA, LLC and/or its affiliates and may contain restricted, confidential or privileged materials
intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
2. So I guess you’ve heard about the risk?
In March 2011, a Massachusetts restaurant chain was the first company fined under the state's
toughest in the nation data breach law and will have to pay $110,000 in penalties.
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
3. Is your company adequately protected?
85% of breaches happen to
small companies
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
4. What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of
requirements designed to ensure that ALL companies that process, store or
transmit credit card information maintain a secure environment.
Robust and comprehensive standards
and supporting materials to enhance
payment card data security. An
actionable framework of specifications,
tools, measurements and support
resources to help organizations ensure
the safe handling of cardholder
information at every step -- including
prevention, detection and appropriate
reaction to security incidents.
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
5. PCI Data Security Standards Rock
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
6. Overview of PCI DSS Requirements
Guidance for Understanding PCI Security Requirements
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
7. PCI DSS Data Storage Do’s and Don’ts
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
8. Learn More About PCI
PCI Compliant Merchants Less Likely to be Victims
States Enact Data Security Breach Legislation
Non-Compliance Fines Range from $5,000 to $500,
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
9. Contact Prineta
G. Jason Schnellbacher
Security & PCI Compliance Expert
Schnell[at]Prineta.com
© Prineta LLC.. This information is the property of Prineta Payment Consulting and/or its affiliates and may contain restricted, confidential or
privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
Notes de l'éditeur In March 2011, a Massachusetts restaurant chain was the first company fined under the state's toughest in the nation data breach law and will have to pay $110,000 in penalties, according to a statement by the Massachusetts Attorney General. http://threatpost.com/en_us/blogs/restaurant-chain-first-fined-under-massachusetts-data-breach-law-032911 http://www.ponemon.org/news-2/23 Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf https://www.pcisecuritystandards.org/documents/PCI%20Data%20Storage%20Dos%20and%20Donts.pdf On July 9, 2009, Missouri Governor Jay Nixon signed House Bill 62 ("HB 62”), making the Show-Me State the 45th state with an information security breach notification law on the books. https://www.pcisecuritystandards.org/documents/PCI%20Data%20Storage%20Dos%20and%20Donts.pdf