Introduction to the Payment Card Industry Data Security Standard (PCI DSS)
Key Take Away:
This webinar will give you an understanding of PCI DSS its history, high level description, compliance, and impacts to your organization.
The Payment Card Industry Data Security Standard (PCI DSS) is one of few successful industries developed and maintained data security standards. Mandated compliance with a payment network enforced data security standard dates from 2001 when Visa instituted the Cardholder Information Security Program (CISP). It has evolved into the global, card payment industry wide data security standard called PCI DSS.
Each major payment network has specific mandates for organizations that must validate PCI DSS compliance. These organizations include financial institutions, third party service providers and merchants of all sizes. The principles specified in PCI DSS can be a guide for all organizations that wish to secure their sensitive data. PCI DSS security requirements can be applied to any sensitive data on your organization’s network. Your organization need not be involved with the payments process to benefit from exposure to PCI DSS.
Why should you attend:
This Webinar will prepare your organization to understand and potentially use PCI DSS to the organization’s benefit. Whether involved in the payments industry or not, this webinar will introduce you to PCI DSS, its impacts and its use in your business.
PCI DSS not only supports those in the payments business but provides insight to vendor managers into companies that have validated compliance. It can be used by organizations not directly involved with the payments business. It provides standards for security policies, technologies and ongoing processes that protect systems and networks from breaches and theft of sensitive data.
Areas Covered in this Webinar:
History of PCI DSS:
The history of Visa’s Cardholder Information Security Program (CISP) that lead to the formation of the Payment Card Industry Security Standards Council, the keeper of PCI DSSand other data security standards
Overview of PCI DSS:
You will learn the 12 major requirements of PCI DSS and what’s contained in each of the major requirements
What organizations must validate PCI DSS compliance
A full discussion of all organizations that must validate PCI DSS compliance and those that do not have the compliance mandate
How is PCI DSS validated?
You will learn the difference between a Report on Compliance (ROC), all types of Self-Assessment Questionnaires (SAQ) and attestations of Compliance (AOC).
Differences Between PCI DSS v3.1 and v3.2:
The major differences in the latest version of PCI DSS, version 3.2 released in April 2016. We will explore the potential impacts
Strengths and weaknesses of PCI DSS:
As always, there are pluses and minuses. We will give you the value of our experience with PCI DSS, compromises and other influencing factors
How validating compliance reduces risk
What your organization should do about PCI DSS:
The steps that your organization must take to achieve and maintain PCI DSS compliance
Other standards that PCI SSC publishes and manages
Sources of information about companies that are PCI DSS compliant
There are publically available lists of service providers that are PCI DSS compliant
Other data security standards that your organization may want to consult
• The reason that PCI DSS was created
• Why PCI DSS remains a key element in securing the payment system
• The use of an Integrated Security Management System (ISMS)
• The high level description of the 12 major requirements in PCI DSS
• What your organization must do to validate PCI DSS compliance
• The steps that your organization should take to assure annual compliance
Who Will Benefit:
• Executive Positions
• Compliance Management Professionals
• Risk Management Professionals
• Vendor Management Professionals
• Data Security Professionals
• Network Administrators
• Database Administrators
• Vendor Management Professionals
• Point of Sale Development Professionals
• Software Development Professionals
• Retail Business Owners
• All Businesses that need to protect sensitive data and networks
• Merchants, both face-to-face and on-line
• Third party payment processors
• Any Business accepting payment cards
• Financial Institutions such as Credit Unions and Community Banks
• Municipalities and other Governmental Entities
• Business Ownership Groups
• Non Profit Organizations
Marc Perl brings over 30 years of professional experience to Teknowlogy Associates. Marc’s diverse experience includes risk management, payments processing, data security, product development, software development and software quality assurance.
During 20 years at Visa, he was a key member of Visa’s Risk Management team, where he developed and managed the compliance program for the Payment Card Industry Data Security Standard (PCI DSS) as part of the Cardholder Information Security Program (CISP). Marc led the team that developed the business requirements for Visa’s Point-to Point Encryption (P2PE) solution. Marc continues to conduct risk reviews at financial institutions and processors globally.