Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


PCI Compliance

PCI Presentation for 2013 Andar Conference

Karissa Kleven

on 3 March 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of PCI Compliance

What we are covering today: IT Audits - The PCI Self-Assessment Risks
My UW's Requirements
Sample SAQ
UWGM's Process
Your next steps Risks What are my UW's Requirements? Talk to your merchant bank
Determine merchant level
Determine assessment questionnaire
Review 12 assessment areas Definitions: PCI DSS - Payment Card Industry Data Security Standards
PCI SAQ - Self Assessment Questionnaire
Credit Card Data Parts SAQ A - 13 Requirements Eligibility - Craig Nuechterlein - UW Greater Milwaukee Milwaukee Nonprofit Hacked Risks for non-compliance: Mandatory for all merchants
Fines for non-compliance can be as high as $500,000 per occurrence
Non-compliant merchants that experience breach:
Mandatory forensic audit
Victim notification
Loss of privileges/higher transaction costs
Data loss and operations disruption
Damage to reputation and brand - can affect ALL UWs
Difficulty switching processors Who Sets the Standard? Payment Card Industry Security Standards Council, or PCI SSC Established 2006 American Express
Discover Financial
JCB International
MasterCard International
Visa Inc. Who is required to follow PCI Requirements? PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. UWGM Practices and Your Next Steps: SAQ-C-VT
Incorporate the requirements into the IT Audit Level 1 - over 6 million
Level 2 - 1 to 6 million
Level 3 - 20,000 to 1 million
Level 4 - 1 to 20,000 Transactions Per Year PCI Validation Requirements Merchant Level 13 29 79 282 51 Number of PCI DSS Requirements pci_saq_a_v2.0 Implement Strong Access Control Measures Maintain an Information Security Policy Compensating Controls UWGM Your Next Steps:
Review the FAQ on the PCI site (https://www.pcisecuritystandards.org/faq/)
Download and read the PCI SAQ Instructions to determine your PCI DSS (pci_dss_saq_instr_guide_v2.0.pdf)
Talk to your merchant bank.
Download and complete the SAQ that fits your credit card processing environment
Full transcript