SlideShare a Scribd company logo

Does your API need to be PCI Compliant?

Apigee | Google Cloud
Apigee | Google Cloud

Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices. But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance. In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.

Technology
1 of 24
Download to read offline
Does  Your  API  Need  to  be  PCI  Compliant?     Rapid  API  Workshop   Brian  Pagano      @brianpagano   Sco7  Metzger  @sco7metzger  
@brianpagano @sco7metzger
Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  of  Successful  API  Programs   API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Today:  Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  A7rac?ng  Developers  
We  Will  Cover   •  Facts  &  Common  Myths  about  PCI  Compliance   •  What  does  it  mean  to  be  PCI  compliant  when   transac?ng  via  APIs?   •  How  can  Apigee  enable  you  to  be  PCI   compliant?  
PCI  Fundamentals   What  is  it?   •  The  Payment  Card  Industry  specifica?on  is   produced  by  a  consor?um  consis?ng  of  Visa,   MasterCard,  JCB,  American  Express,  and   Discover.   •  It  describes  the  proper  handling  of  credit  card   informa?on  (during  transac?ons  and  at  rest).  
PCI  Fundamentals     What  is  it?   •  Council  originally  formed  in  2006.   •  DSS  (Data  Security  Standards)  define  12   requirements  for  compliance.  
PCI  Fundamentals   What  it  isn’t?   •  It  is  not  an  enforcement  or  policing   organiza?on.  
PCI  Fundamentals   Then  what  does  it  do?   •  The  intent  is  to  prevent  merchants  from  having   to  write  to  mul?ple,  proprietary  standards.   •  Gives  consumers  confidence.   •  Useful  for  audits.  
PCI  Fundamentals   •  So  who  should  care  about  PCI?  
Main  PCI  Control  Objec?ves   •  Build  and  maintain  a  secure  network   •  Protect  cardholder  data   •  Maintain  a  vulnerability  management  program   •  Implement  strong  access  control  measures   •  Regularly  monitor  and  test  networks   •  Maintain  an  informa?on  security  policy  
PCI  Control  Objec?ves   Build  and  maintain  a  secure  network   •  Install  and  maintain  a  firewall   •  Do  not  use  any  default  passwords  
PCI  Control  Objec?ves   Protect  Cardholder  Data   •  Protect  stored  data   •  Encrypt  transmission  of  data  
PCI  Control  Objec?ves   Maintain  a  vulnerability  management  program   •  Update  an?-­‐virus   •  Develop  secure  applica?ons  and  systems  
PCI  Control  Objec?ves   Implement  strong  access  control  measures   •  Need-­‐to-­‐know  access  to  cardholder  data   •  System  access  only  via  unique  IDs   •  Physical  access  controls  
PCI  Control  Objec?ves   Regularly  monitor  and  test  networks   •  Monitor  network  access   •  Test  systems,  test  processes  
PCI  Control  Objec?ves   Maintain  an  informa?on  security  policy  
What  does  it  mean  to  be  PCI  Compliant?   •  A  company  must  have  an  audit  performed   •  By  a  third  party  audi?ng  firm   •  From  the  Visa/Mastercard  approved  auditor   list,   •  Which  checks  that  the  correct  processes  and   technologies  are  in  place.    
PCI  Compliance   Does  my  API  need  to  be  PCI  compliant?    
PCI  Compliance   Can  a  sofware  tool  make  me  PCI  compliant?   •  No.    
PCI  &  Apigee   So,  PCI  is  a  specifica?on  for  (a)  processes  and  (b)   security  measures  to  protect  cardholder  informa?on.   •  Apigee  can  help  with  the  process.   •  Apigee  can  help  with  the  technology.    
PCI  &  Apigee:  Process   •  The  Apigee  gateway  provides  a  central  loca?on   for  logging,  policies,  and  security.   •  The  gateway  can  perform  data  masking  to  log   transac?ons  without  storing  any  sensi?ve   informa?on.    Also,  feeds  into  log  aggregators.   •  This  centraliza?on  helps  with  audi?ng  and   a7esta?ons.  
PCI  &  Apigee:  Technology   •  The  Apigee  gateway  contributes  to  defense  in   depth,  protects  backend  systems,  and   strengthens  network  security.   •  Apigee  provides  a  hosted  solu?on  that  enables   PCI  compliance.     •  No  product  will  make  someone  PCI  compliant!   •  Apigee  enables  and  contributes  to   compliance.    
Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  in  Successful  API  Programs   Today:  API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  ADracEng  Developers  
THANKS!     Send  ques)ons,  examples,  and  ideas  to  @apigee   Brian  Pagano      Sco7  Metzger   bpagano@apigee.com    smetzger@apigee.com   @brianpagano      @sco7metzger                  

Recommended

2016 overview of lexis nexis risk solutions 16x9_march 8 2016
2016 overview of lexis nexis risk solutions 16x9_march 8 20162016 overview of lexis nexis risk solutions 16x9_march 8 2016
2016 overview of lexis nexis risk solutions 16x9_march 8 2016
Kyle Etheridge, CFE
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
 
Five Pain Points of Agile Development (And How Software Version Management Ca...
Five Pain Points of Agile Development (And How Software Version Management Ca...Five Pain Points of Agile Development (And How Software Version Management Ca...
Five Pain Points of Agile Development (And How Software Version Management Ca...
Perforce
 
API Economy - Key Learnings
API Economy - Key LearningsAPI Economy - Key Learnings
API Economy - Key Learnings
AxEdge Consulting
 
Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products Overview
Apigee | Google Cloud
 
1846 Business Automation with IBM Robotic Process Automation (RPA)
1846 Business Automation with IBM Robotic Process Automation (RPA)1846 Business Automation with IBM Robotic Process Automation (RPA)
1846 Business Automation with IBM Robotic Process Automation (RPA)
Allen Chan
 
Building an E-commerce website.ppt
Building an E-commerce website.pptBuilding an E-commerce website.ppt
Building an E-commerce website.ppt
LilianNjoki2
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
 

Recommended

2016 overview of lexis nexis risk solutions 16x9_march 8 2016
2016 overview of lexis nexis risk solutions 16x9_march 8 20162016 overview of lexis nexis risk solutions 16x9_march 8 2016
2016 overview of lexis nexis risk solutions 16x9_march 8 2016
Kyle Etheridge, CFE
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
 
Five Pain Points of Agile Development (And How Software Version Management Ca...
Five Pain Points of Agile Development (And How Software Version Management Ca...Five Pain Points of Agile Development (And How Software Version Management Ca...
Five Pain Points of Agile Development (And How Software Version Management Ca...
Perforce
 
API Economy - Key Learnings
API Economy - Key LearningsAPI Economy - Key Learnings
API Economy - Key Learnings
AxEdge Consulting
 
Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products Overview
Apigee | Google Cloud
 
1846 Business Automation with IBM Robotic Process Automation (RPA)
1846 Business Automation with IBM Robotic Process Automation (RPA)1846 Business Automation with IBM Robotic Process Automation (RPA)
1846 Business Automation with IBM Robotic Process Automation (RPA)
Allen Chan
 
Building an E-commerce website.ppt
Building an E-commerce website.pptBuilding an E-commerce website.ppt
Building an E-commerce website.ppt
LilianNjoki2
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
 
The API Economy
The API EconomyThe API Economy
The API Economy
Catalyst Investors
 
Sitecore Experience Edge
Sitecore Experience EdgeSitecore Experience Edge
Sitecore Experience Edge
Pieter Brinkman
 
Chapter 01 Information systems in global business today
Chapter 01 Information systems in global business todayChapter 01 Information systems in global business today
Chapter 01 Information systems in global business today
Van Chau
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
Aditya Thatte
 
Management Information System
Management Information SystemManagement Information System
Management Information System
Zeinul Haleem
 
Oracle IT Financial Management
Oracle IT Financial ManagementOracle IT Financial Management
Oracle IT Financial Management
Joseph Alaimo Jr
 
Never Upgrade Again With Siebel Innovation Packs
Never Upgrade Again With Siebel Innovation PacksNever Upgrade Again With Siebel Innovation Packs
Never Upgrade Again With Siebel Innovation Packs
Jerome Leonard
 
Chap12 Developing Business/IT Solutions
Chap12 Developing Business/IT SolutionsChap12 Developing Business/IT Solutions
Chap12 Developing Business/IT Solutions
Aqib Syed
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWS
Amazon Web Services
 
Use Case: Airbus and Process Mining Technology
Use Case: Airbus and Process Mining TechnologyUse Case: Airbus and Process Mining Technology
Use Case: Airbus and Process Mining Technology
Celonis
 
SAP
SAPSAP
SAP
AJAL A J
 
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Technology
 
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
WSO2
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
 
Building an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into ProductsBuilding an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into Products
Nuwan Dias
 
Build and Innovate on Cloud - PWC
Build and Innovate on Cloud - PWCBuild and Innovate on Cloud - PWC
Build and Innovate on Cloud - PWC
Amazon Web Services
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
Amirul Shafiq Ahmad Zuperi
 
A Guide to a Successful SAP Hybris Commerce Cloud Project
A Guide to a Successful SAP Hybris Commerce Cloud ProjectA Guide to a Successful SAP Hybris Commerce Cloud Project
A Guide to a Successful SAP Hybris Commerce Cloud Project
SAP Customer Experience
 
Ethical issues of IS
Ethical issues of ISEthical issues of IS
Ethical issues of IS
university of education,Lahore
 
IT Inftractructures - Evolution of IT Inftractructure
IT Inftractructures - Evolution of IT InftractructureIT Inftractructures - Evolution of IT Inftractructure
IT Inftractructures - Evolution of IT Inftractructure
Mahmoud Al ahmad
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
Apigee | Google Cloud
 

More Related Content

What's hot

The API Economy
The API EconomyThe API Economy
The API Economy
Catalyst Investors
 

What's hot (20)

The API Economy
The API EconomyThe API Economy
The API Economy
 
Sitecore Experience Edge
Sitecore Experience EdgeSitecore Experience Edge
Sitecore Experience Edge
 
Chapter 01 Information systems in global business today
Chapter 01 Information systems in global business todayChapter 01 Information systems in global business today
Chapter 01 Information systems in global business today
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
Oracle IT Financial Management
Oracle IT Financial ManagementOracle IT Financial Management
Oracle IT Financial Management
 
Never Upgrade Again With Siebel Innovation Packs
Never Upgrade Again With Siebel Innovation PacksNever Upgrade Again With Siebel Innovation Packs
Never Upgrade Again With Siebel Innovation Packs
 
Chap12 Developing Business/IT Solutions
Chap12 Developing Business/IT SolutionsChap12 Developing Business/IT Solutions
Chap12 Developing Business/IT Solutions
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWS
 
Use Case: Airbus and Process Mining Technology
Use Case: Airbus and Process Mining TechnologyUse Case: Airbus and Process Mining Technology
Use Case: Airbus and Process Mining Technology
 
SAP
SAPSAP
SAP
 
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
 
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
 
Building an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into ProductsBuilding an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into Products
 
Build and Innovate on Cloud - PWC
Build and Innovate on Cloud - PWCBuild and Innovate on Cloud - PWC
Build and Innovate on Cloud - PWC
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 
A Guide to a Successful SAP Hybris Commerce Cloud Project
A Guide to a Successful SAP Hybris Commerce Cloud ProjectA Guide to a Successful SAP Hybris Commerce Cloud Project
A Guide to a Successful SAP Hybris Commerce Cloud Project
 
Ethical issues of IS
Ethical issues of ISEthical issues of IS
Ethical issues of IS
 
IT Inftractructures - Evolution of IT Inftractructure
IT Inftractructures - Evolution of IT InftractructureIT Inftractructures - Evolution of IT Inftractructure
IT Inftractructures - Evolution of IT Inftractructure
 

Viewers also liked

I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and SwaggerI Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
Apigee | Google Cloud
 
The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3
Apigee | Google Cloud
 
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Apigee | Google Cloud
 
APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?
Apigee | Google Cloud
 
10 patterns in successful api programs 2
10 patterns in successful api programs 210 patterns in successful api programs 2
10 patterns in successful api programs 2
Apigee | Google Cloud
 
Economic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIsEconomic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIs
Apigee | Google Cloud
 
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare AppsCreate FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Apigee | Google Cloud
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)
Apigee | Google Cloud
 

Viewers also liked (20)

Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
 
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and SwaggerI Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
 
Developers Hate Marketing! Driving API Adoption
Developers Hate Marketing! Driving API AdoptionDevelopers Hate Marketing! Driving API Adoption
Developers Hate Marketing! Driving API Adoption
 
The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3
 
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
 
API Copyrights: New Considerations for Building or Using APIs
API Copyrights: New Considerations for Building or Using APIsAPI Copyrights: New Considerations for Building or Using APIs
API Copyrights: New Considerations for Building or Using APIs
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slides
 
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
 
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
 
Edge API BaaS Deep-Dive: Streamline app development
Edge API BaaS Deep-Dive: Streamline app developmentEdge API BaaS Deep-Dive: Streamline app development
Edge API BaaS Deep-Dive: Streamline app development
 
APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?
 
Pragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee WebinarPragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee Webinar
 
10 patterns in successful api programs 2
10 patterns in successful api programs 210 patterns in successful api programs 2
10 patterns in successful api programs 2
 
Economic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIsEconomic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIs
 
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare AppsCreate FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
 
Using APIs to Program Disparate IoT Devices
Using APIs to Program Disparate IoT DevicesUsing APIs to Program Disparate IoT Devices
Using APIs to Program Disparate IoT Devices
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
 
API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)
 

Similar to Does your API need to be PCI Compliant?

An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
Avi Networks
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
RightScale
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
Risk Crew
 

Similar to Does your API need to be PCI Compliant? (20)

An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
 

More from Apigee | Google Cloud

More from Apigee | Google Cloud (20)

How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Does your API need to be PCI Compliant?

  • 1. Does  Your  API  Need  to  be  PCI  Compliant?     Rapid  API  Workshop   Brian  Pagano      @brianpagano   Sco7  Metzger  @sco7metzger  
  • 2. @brianpagano @sco7metzger
  • 3. Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  of  Successful  API  Programs   API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Today:  Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  A7rac?ng  Developers  
  • 4. We  Will  Cover   •  Facts  &  Common  Myths  about  PCI  Compliance   •  What  does  it  mean  to  be  PCI  compliant  when   transac?ng  via  APIs?   •  How  can  Apigee  enable  you  to  be  PCI   compliant?  
  • 5. PCI  Fundamentals   What  is  it?   •  The  Payment  Card  Industry  specifica?on  is   produced  by  a  consor?um  consis?ng  of  Visa,   MasterCard,  JCB,  American  Express,  and   Discover.   •  It  describes  the  proper  handling  of  credit  card   informa?on  (during  transac?ons  and  at  rest).  
  • 6. PCI  Fundamentals     What  is  it?   •  Council  originally  formed  in  2006.   •  DSS  (Data  Security  Standards)  define  12   requirements  for  compliance.  
  • 7. PCI  Fundamentals   What  it  isn’t?   •  It  is  not  an  enforcement  or  policing   organiza?on.  
  • 8. PCI  Fundamentals   Then  what  does  it  do?   •  The  intent  is  to  prevent  merchants  from  having   to  write  to  mul?ple,  proprietary  standards.   •  Gives  consumers  confidence.   •  Useful  for  audits.  
  • 9. PCI  Fundamentals   •  So  who  should  care  about  PCI?  
  • 10. Main  PCI  Control  Objec?ves   •  Build  and  maintain  a  secure  network   •  Protect  cardholder  data   •  Maintain  a  vulnerability  management  program   •  Implement  strong  access  control  measures   •  Regularly  monitor  and  test  networks   •  Maintain  an  informa?on  security  policy  
  • 11. PCI  Control  Objec?ves   Build  and  maintain  a  secure  network   •  Install  and  maintain  a  firewall   •  Do  not  use  any  default  passwords  
  • 12. PCI  Control  Objec?ves   Protect  Cardholder  Data   •  Protect  stored  data   •  Encrypt  transmission  of  data  
  • 13. PCI  Control  Objec?ves   Maintain  a  vulnerability  management  program   •  Update  an?-­‐virus   •  Develop  secure  applica?ons  and  systems  
  • 14. PCI  Control  Objec?ves   Implement  strong  access  control  measures   •  Need-­‐to-­‐know  access  to  cardholder  data   •  System  access  only  via  unique  IDs   •  Physical  access  controls  
  • 15. PCI  Control  Objec?ves   Regularly  monitor  and  test  networks   •  Monitor  network  access   •  Test  systems,  test  processes  
  • 16. PCI  Control  Objec?ves   Maintain  an  informa?on  security  policy  
  • 17. What  does  it  mean  to  be  PCI  Compliant?   •  A  company  must  have  an  audit  performed   •  By  a  third  party  audi?ng  firm   •  From  the  Visa/Mastercard  approved  auditor   list,   •  Which  checks  that  the  correct  processes  and   technologies  are  in  place.    
  • 18. PCI  Compliance   Does  my  API  need  to  be  PCI  compliant?    
  • 19. PCI  Compliance   Can  a  sofware  tool  make  me  PCI  compliant?   •  No.    
  • 20. PCI  &  Apigee   So,  PCI  is  a  specifica?on  for  (a)  processes  and  (b)   security  measures  to  protect  cardholder  informa?on.   •  Apigee  can  help  with  the  process.   •  Apigee  can  help  with  the  technology.    
  • 21. PCI  &  Apigee:  Process   •  The  Apigee  gateway  provides  a  central  loca?on   for  logging,  policies,  and  security.   •  The  gateway  can  perform  data  masking  to  log   transac?ons  without  storing  any  sensi?ve   informa?on.    Also,  feeds  into  log  aggregators.   •  This  centraliza?on  helps  with  audi?ng  and   a7esta?ons.  
  • 22. PCI  &  Apigee:  Technology   •  The  Apigee  gateway  contributes  to  defense  in   depth,  protects  backend  systems,  and   strengthens  network  security.   •  Apigee  provides  a  hosted  solu?on  that  enables   PCI  compliance.     •  No  product  will  make  someone  PCI  compliant!   •  Apigee  enables  and  contributes  to   compliance.    
  • 23. Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  in  Successful  API  Programs   Today:  API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  ADracEng  Developers  
  • 24. THANKS!     Send  ques)ons,  examples,  and  ideas  to  @apigee   Brian  Pagano      Sco7  Metzger   bpagano@apigee.com    smetzger@apigee.com   @brianpagano      @sco7metzger