SlideShare uma empresa Scribd logo

Payment System Risk. Visa

Internet Security Auditors
Internet Security Auditors

En este presentación Andrew Mulvenna, de VISA, desgranó algunos puntos básicos de las normativas PCI DSS y PA DSS como por ejemplo las novedades de las versiones 2.0, el nuevo ciclo de vida de las normas, la aproximación a PCI DSS basada en una priorización de riesgos o la importancia del cifrado y la tokenización en las nuevas arquitecturas de los medios de pago.

TecnologiaEconomia e finanças
1 de 20
Baixar para ler offline
Visa Europe Public Payment System Risk Andrew Mulvenna 10th November 2010
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 2
Visa Europe Public PCI DSS & PA-DSS v2.0 – What’s new? • Mainly clarifications to existing requirements. • Certain requirements will be based more on risk assessment rather than being overly perspective. • The standards will be moving to a three year standard lifecycle.
Visa Europe Public The New Life-cycle
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 5
Visa Europe Public The Current Environment • Knowledge of cardholder and account data is (largely) considered proof of ownership. Consequently, cardholder data is inherently valuable to a criminal. • Many retailers believe that there is a disproportionate onus on them to protect data. • What if we could make data less valuable such that it needs less protection? =
Visa Europe Public Storing cardholder data Basic principles: • If you don’t need it don’t store it • Delete sensitive authentication data after authorisation • If you store cardholder data you must do one or more of the following: – Truncate – Hash – Encrypt 7Retail Fraud Conference 20 April 2010
Visa Europe Public Merchant Levels and Validation Requirements Level Definition Validation requirements 1 Merchants processing more than six million Visa transactions annually via all channels or global merchants identified as level one by any Visa region.** ** Where merchants operate in more than one country or region, if they meet level one criteria in any Visa country or region, they are considered a global Level one merchant. An exception may apply to global merchants if there is no common infrastructure and if Visa data is not aggregated across borders. In such cases merchants are validated according to regional levels. Annual Report on Compliance (ROC) to follow an on- site audit by either a Qualified Security Assessor or qualified internal security resource Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance form 2 Merchants processing one million to six million Visa transactions annually via all channels. Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance form
Visa Europe Public Merchant Levels and Validation Requirements (2) Level Definition Validation requirements 3 Merchants processing 20,000 to one million Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data. OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 E-commerce merchants only Merchants processing fewer than 20,000 Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 Non e-commerce merchants processing up to one million Visa transactions annually. Annual SAQ Quarterly network scan by an ASV Attestation of Compliance form
Visa Europe Public PCI DSS Prioritised Risk Based Approach Phase PCI DSS Objective (defined by PCI SSC) 1 Remove Sensitive Authentication Data and Limit Data Retention 2 Protect the Perimeter, Internal, and Wireless Networks 3 Secure Applications 4 Protect Through Monitoring and Access Control 5 Render Cardholder Data Unreadable 6 Achieve Final Compliance and Maintenance of PCI DSS Required Validation Merchant Discretion / Safe Harbour
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption And Tokenisation •Questions and Answers 11
Visa Europe Public Guidance Supplements
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 13
Visa Europe Public New Payment Architectures Encrypting Registers Segmenting Device PCI Compliant Zone Internal or Public Network Point of Decryption PCI Compliant Zone Segmenting Device Encrypting PEDs
Visa Europe Public The industry’s first specification for Data Field Encryption – A compressive guidance document describing the key management practices that would be necessary to support encryption solutions – Based on 5 key security objectives – Aimed at consolidating industry best practice 15
Visa Europe Public SRED – Secure Read and Exchange of Data • A new optional module within PCI PTS PoI v3. • Describes security requirements for the protection of account data originating from a secure PED.
Visa Europe Public What is Tokenisation? • Tokenisation defines a process through which PANs are replaced with surrogate values known as “tokens”. • The security of an individual token relies on the properties of uniqueness and the infeasibility to determine the original PAN knowing only the surrogate value.
Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation •Questions and Answers 18
Visa Europe Public Questions?
Visa Europe Public Thank you

Recomendados

PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sectorinnov-acts-ltd
 
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven WorldWSO2
 
AxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PEAxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PEcklacking
 
6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Know6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Knowcklacking
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowSasha Nunke
 

Recomendados

PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sectorinnov-acts-ltd
 
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven WorldWSO2
 
AxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PEAxiaMed_6 facts about P2PE
AxiaMed_6 facts about P2PEcklacking
 
6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Know6 Facts About P2PE That You Need To Know
6 Facts About P2PE That You Need To Knowcklacking
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowSasha Nunke
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarIdan Tohami
 
BUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkBUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkSimon Polrot
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitalityVishal Sharma
 
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...R3
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...WSO2
 
Introducing SWIFT
Introducing SWIFTIntroducing SWIFT
Introducing SWIFTIFAD International Fund for Agricultural Development
 
Mobile payments and PCI DSS
Mobile payments and PCI DSSMobile payments and PCI DSS
Mobile payments and PCI DSSManish Mahapatra
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services OverviewIosif Itkin
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FinTechLabs.io
 
The rise of fin tech presentation
The rise of fin tech presentationThe rise of fin tech presentation
The rise of fin tech presentationBovill
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0Shashank Kumar
 
Digital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsDigital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsIndiaMART InterMESH Limited
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
PruebaJLF.pptx
PruebaJLF.pptxPruebaJLF.pptx
PruebaJLF.pptxJoseLuna802663
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview- Mark - Fullbright
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)Miminten
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBTShanmugavel Sankaran
 

Mais conteúdo relacionado

Mais procurados

AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarIdan Tohami
 
BUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkBUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkSimon Polrot
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitalityVishal Sharma
 
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...R3
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...WSO2
 
Mobile payments and PCI DSS
Mobile payments and PCI DSSMobile payments and PCI DSS
Mobile payments and PCI DSSManish Mahapatra
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services OverviewIosif Itkin
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FinTechLabs.io
 
The rise of fin tech presentation
The rise of fin tech presentationThe rise of fin tech presentation
The rise of fin tech presentationBovill
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0Shashank Kumar
 
Digital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsDigital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsIndiaMART InterMESH Limited
 

Mais procurados (13)

AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
 
BUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets FrameworkBUIDL in France - Understanding the French Crypto-Assets Framework
BUIDL in France - Understanding the French Crypto-Assets Framework
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitality
 
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
BizDay: The Reality of Infrastructure in the Age of Enthusiasm for Blockchain...
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
 
Introducing SWIFT
Introducing SWIFTIntroducing SWIFT
Introducing SWIFT
 
Mobile payments and PCI DSS
Mobile payments and PCI DSSMobile payments and PCI DSS
Mobile payments and PCI DSS
 
LSEG Connectivity Services Overview
LSEG Connectivity Services OverviewLSEG Connectivity Services Overview
LSEG Connectivity Services Overview
 
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
FAPI / Open Banking Conformance #fapisum - Japan/UK Open Banking and APIs Sum...
 
The rise of fin tech presentation
The rise of fin tech presentationThe rise of fin tech presentation
The rise of fin tech presentation
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0MiFID_MARS_Traing_PPTT_v1.0
MiFID_MARS_Traing_PPTT_v1.0
 
Digital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security SolutionsDigital Identification Systems, pune, Security Solutions
Digital Identification Systems, pune, Security Solutions
 

Semelhante a Payment System Risk. Visa

A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview- Mark - Fullbright
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)Miminten
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...Ingenico Group
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWideInternet Security Auditors
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 

Semelhante a Payment System Risk. Visa (20)

A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
PruebaJLF.pptx
PruebaJLF.pptxPruebaJLF.pptx
PruebaJLF.pptx
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 

Mais de Internet Security Auditors

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoInternet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaInternet Security Auditors
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Internet Security Auditors
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsInternet Security Auditors
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosInternet Security Auditors
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOInternet Security Auditors
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaInternet Security Auditors
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)Internet Security Auditors
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?Internet Security Auditors
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCIInternet Security Auditors
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesInternet Security Auditors
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Internet Security Auditors
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...Internet Security Auditors
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidInternet Security Auditors
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.Internet Security Auditors
 

Mais de Internet Security Auditors (20)

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimiento
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional Datos
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPO
 
PCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del CumplimientoPCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del Cumplimiento
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
 
CIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINTCIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINT
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 

Payment System Risk. Visa

  • 1. Visa Europe Public Payment System Risk Andrew Mulvenna 10th November 2010
  • 2. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 2
  • 3. Visa Europe Public PCI DSS & PA-DSS v2.0 – What’s new? • Mainly clarifications to existing requirements. • Certain requirements will be based more on risk assessment rather than being overly perspective. • The standards will be moving to a three year standard lifecycle.
  • 4. Visa Europe Public The New Life-cycle
  • 5. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 5
  • 6. Visa Europe Public The Current Environment • Knowledge of cardholder and account data is (largely) considered proof of ownership. Consequently, cardholder data is inherently valuable to a criminal. • Many retailers believe that there is a disproportionate onus on them to protect data. • What if we could make data less valuable such that it needs less protection? =
  • 7. Visa Europe Public Storing cardholder data Basic principles: • If you don’t need it don’t store it • Delete sensitive authentication data after authorisation • If you store cardholder data you must do one or more of the following: – Truncate – Hash – Encrypt 7Retail Fraud Conference 20 April 2010
  • 8. Visa Europe Public Merchant Levels and Validation Requirements Level Definition Validation requirements 1 Merchants processing more than six million Visa transactions annually via all channels or global merchants identified as level one by any Visa region.** ** Where merchants operate in more than one country or region, if they meet level one criteria in any Visa country or region, they are considered a global Level one merchant. An exception may apply to global merchants if there is no common infrastructure and if Visa data is not aggregated across borders. In such cases merchants are validated according to regional levels. Annual Report on Compliance (ROC) to follow an on- site audit by either a Qualified Security Assessor or qualified internal security resource Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance form 2 Merchants processing one million to six million Visa transactions annually via all channels. Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance form
  • 9. Visa Europe Public Merchant Levels and Validation Requirements (2) Level Definition Validation requirements 3 Merchants processing 20,000 to one million Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data. OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 E-commerce merchants only Merchants processing fewer than 20,000 Visa e- commerce transactions annually. Use a service provider that has certified PCI DSS compliance to process, store and transmit card and account data OR Have certified their own PCI DSS compliance to the acquirer, who must, on request, be able to validate that compliance to Visa Europe 4 Non e-commerce merchants processing up to one million Visa transactions annually. Annual SAQ Quarterly network scan by an ASV Attestation of Compliance form
  • 10. Visa Europe Public PCI DSS Prioritised Risk Based Approach Phase PCI DSS Objective (defined by PCI SSC) 1 Remove Sensitive Authentication Data and Limit Data Retention 2 Protect the Perimeter, Internal, and Wireless Networks 3 Secure Applications 4 Protect Through Monitoring and Access Control 5 Render Cardholder Data Unreadable 6 Achieve Final Compliance and Maintenance of PCI DSS Required Validation Merchant Discretion / Safe Harbour
  • 11. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption And Tokenisation •Questions and Answers 11
  • 13. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation • Questions and Answers 13
  • 14. Visa Europe Public New Payment Architectures Encrypting Registers Segmenting Device PCI Compliant Zone Internal or Public Network Point of Decryption PCI Compliant Zone Segmenting Device Encrypting PEDs
  • 15. Visa Europe Public The industry’s first specification for Data Field Encryption – A compressive guidance document describing the key management practices that would be necessary to support encryption solutions – Based on 5 key security objectives – Aimed at consolidating industry best practice 15
  • 16. Visa Europe Public SRED – Secure Read and Exchange of Data • A new optional module within PCI PTS PoI v3. • Describes security requirements for the protection of account data originating from a secure PED.
  • 17. Visa Europe Public What is Tokenisation? • Tokenisation defines a process through which PANs are replaced with surrogate values known as “tokens”. • The security of an individual token relies on the properties of uniqueness and the infeasibility to determine the original PAN knowing only the surrogate value.
  • 18. Visa Europe Public Agenda • PCI DSS & PA-DSS v2.0 – What’s new? • Visa Europe’s PCI Compliance Programme • Vulnerability Guidance • Encryption and Tokenisation •Questions and Answers 18