SlideShare ist ein Scribd-Unternehmen logo

Pci dss in retail now and into the future

V
VisionID

A presentation from Stephen O’Boyle, Head of Consultancy at Espion on Pci dss in retail now and into the future!

Technologie
1 von 18
Downloaden Sie, um offline zu lesen
PCI DSS in Retail Now and into the Future Presenter: Stephen O’Boyle, Head of Consultancy © Espion Sept 2013 For more information visit www.espiongroup.com 1
Agenda 1. Current PCI process – Challenges for • Small retailers • Large retailers 2. Point to Point Encryption (P2PE) 3. PCI DSS v3 Highlights – Clarification – Additional Guidance – Evolving Requirement 4. Summary © Espion Sept 2013 For more information visit www.espiongroup.com 2
Current PCI process • PCI Standards - strong framework for protecting payment card data • Principles apply to various environments and industry verticals including small to large retailers – Cardholder data is processed, stored, or transmitted • Size & type of business will determine the specific compliance requirements that must be met • Enforcement and fines managed by payment brands / acquirers – Not the PCI Council © Espion Sept 2013 For more information visit www.espiongroup.com 3
Challenges • Small Retailers – Awareness of compliance requirements – Implications of non-compliance • Fines, reputational damage – Identifying correct scope – Performing a self assessment to the appropriate SAQ © Espion Sept 2013 For more information visit www.espiongroup.com 4
Challenges • Large Retailers – Identifying scope – Staff awareness – Annual audits / SAQ – Maintaining compliance – P2PE © Espion Sept 2013 For more information visit www.espiongroup.com 5
Point to Point Encryption • Point-to-Point Encryption (P2P Encryption) designed to – Reduce PCI DSS scope – Protect cardholder data throughout electronic payment processing cycle • Protects data as soon as it is collected from a card swipe until the payment settlement process is complete • Sometimes referred to as End-to-End Encryption • “...remember?no silver bullet to securing a payment environment,” said Bob Russo, general manager, PCI SSC – “Implementing one of these technologies will not automatically make you compliant with the PCI DSS”. © Espion Sept 2013 For more information visit www.espiongroup.com 6
Point to Point Encryption • Guidance produced on P2PE, compliant solution qualifies for reduced scope. Guidance also states: – P2PE solutions do not eliminate the need to maintain PCI DSS compliance for specific systems – Recognizes the need for a set of criteria to validate the effectiveness of P2PE solutions so that merchants can have confidence that the solution they deploy properly secures cardholder data • Previously no global standardization of point-to-point encryption technology or validation of its implementation exists in the industry. © Espion Sept 2013 For more information visit www.espiongroup.com 7
PCI DSS v3 – Change Highlights • Types of changes to the Standards are categorized as follows: 1. Clarification 2. Additional Guidance 3. Evolving Requirement © Espion Sept 2013 For more information visit www.espiongroup.com 8
Clarification - PCI DSS v3 • Enhanced testing procedures to clarify the level of validation expected for each requirement – To put more emphasis on the quality and consistency of assessments. • Clarified that sensitive authentication data must not be stored after authorization even if PAN is not present – To ensure better understanding of protection of sensitive authentication data. • Clarified the intent and scope of daily log reviews – To help entities focus log-review efforts on identifying suspicious activity and allow flexibility for review of lesscritical logs events, as defined by the entity’s © Espion Sept 2013 For more information visit www.espiongroup.com 9
Additional Guidance - PCI DSS v3 • Added guidance for all requirements with content from the former Navigating PCI DSS Guide – To assist understanding of security objectives and intent of each requirement • Added guidance for implementing security into businessas-usual (BAU) activities and best practices for maintaining on-going PCI DSS compliance – To address compromises where the organization had been PCI DSS compliant but did not maintain that status. – Recommends focus on helping organizations take a proactive approach to protect cardholder data that focuses on security, not compliance, and makes PCI DSS a business-as-usual practice. © Espion Sept 2013 For more information visit www.espiongroup.com 10
Evolving Requirement - PCI DSS v3 • Update list of common vulnerabilities in alignment with OWASP, NIST, SANS, etc., for inclusion in secure coding practices – To keep current with emerging threats • Evaluate evolving malware threats for systems not commonly affected by malware – To promote on-going awareness and due diligence to protect systems from malware © Espion Sept 2013 For more information visit www.espiongroup.com 11
Summary • Current PCI process • Point to Point Encryption (P2PE) • Highlights of changes in PCI DSS v3 © Espion Sept 2013 For more information visit www.espiongroup.com 12
Questions ??? Contact: Stephen.oboyle@espiongroup.com © Espion Sept 2013 For more information visit www.espiongroup.com 13
About Espion Information Risk, Security & Compliance Digital Investigations & Litigation Support Insight, Intelligence & Control Expertise, Innovation & IP Knowledge Transfer and Certification Technology & Product Distribution © Espion Sept 2013 For more information visit www.espiongroup.com 14
About Espion Seven locations and growing. For more information visit www.espiongroup.com 15
About Espion 57 consultants and hiring. For more information visit www.espiongroup.com
About Espion Highly qualified and continuously developing. For more information visit www.espiongroup.com
About Espion A culture of achieving. For more information visit www.espiongroup.com

Empfohlen

PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for Retail
InDefense Security
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
ControlCase
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure
 
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...
Iryna Chekanava
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
Mark Ginnebaugh
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
Anton Chuvakin
 

Empfohlen

PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for Retail
InDefense Security
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
ControlCase
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure
 
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation M...
Iryna Chekanava
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
Mark Ginnebaugh
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
Anton Chuvakin
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
Koenig Solutions Ltd.
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activity
Transcendent Group
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
Sasha Nunke
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
Edwin_Bos
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness Assessment
CBIZ, Inc.
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
Next generation access controls
Next generation access controlsNext generation access controls
Next generation access controls
Transcendent Group
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_eb
Open Data Center Alliance
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychain
Shawn Brown
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
 
Effective security monitoring mp 2014
Effective security monitoring mp 2014Effective security monitoring mp 2014
Effective security monitoring mp 2014
Ricardo Resnik
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
Kimberly Simon MBA
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
Tripwire
 
PCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve StepsPCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve Steps
Terra Verde
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
ControlCase
 
Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0
Kriangkrai Chumsaktrakul
 

Weitere ähnliche Inhalte

Was ist angesagt?

PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
Edwin_Bos
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
 

Was ist angesagt? (20)

How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activity
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness Assessment
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
Next generation access controls
Next generation access controlsNext generation access controls
Next generation access controls
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_eb
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychain
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
 
Effective security monitoring mp 2014
Effective security monitoring mp 2014Effective security monitoring mp 2014
Effective security monitoring mp 2014
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
 
PCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve StepsPCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve Steps
 

Ähnlich wie Pci dss in retail now and into the future

Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
Shaun O'keeffe
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.ppt
gealehegn
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
Dermot Clarke
 

Ähnlich wie Pci dss in retail now and into the future (20)

PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0
 
Looking Forward: What to Expect With PCI 4.0
Looking Forward: What to Expect With PCI 4.0Looking Forward: What to Expect With PCI 4.0
Looking Forward: What to Expect With PCI 4.0
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.ppt
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
 

Mehr von VisionID

Atex overview
Atex overviewAtex overview
Atex overview
VisionID
 
Connected shopper
Connected shopperConnected shopper
Connected shopper
VisionID
 
Opening presentation retail day
Opening presentation retail dayOpening presentation retail day
Opening presentation retail day
VisionID
 

Mehr von VisionID (17)

Atex zones infographic
Atex zones infographicAtex zones infographic
Atex zones infographic
 
Tab-ex Zone 1 Approved Tablet
Tab-ex Zone 1 Approved TabletTab-ex Zone 1 Approved Tablet
Tab-ex Zone 1 Approved Tablet
 
Atex overview
Atex overviewAtex overview
Atex overview
 
Connected shopper
Connected shopperConnected shopper
Connected shopper
 
Retail - How Can You Improve The Shoppers Purchase Path?
Retail - How Can You Improve The Shoppers Purchase Path?Retail - How Can You Improve The Shoppers Purchase Path?
Retail - How Can You Improve The Shoppers Purchase Path?
 
Healthcare solutions
Healthcare solutionsHealthcare solutions
Healthcare solutions
 
GS1: Conformance Barcoding in Manufacturing
GS1: Conformance Barcoding in ManufacturingGS1: Conformance Barcoding in Manufacturing
GS1: Conformance Barcoding in Manufacturing
 
Barcode Verification - how and why?
Barcode Verification - how and why?Barcode Verification - how and why?
Barcode Verification - how and why?
 
“Unlock Your Manufacturing Data to Drive Manufacturing Optimisation and Resul...
“Unlock Your Manufacturing Data to Drive Manufacturing Optimisation and Resul...“Unlock Your Manufacturing Data to Drive Manufacturing Optimisation and Resul...
“Unlock Your Manufacturing Data to Drive Manufacturing Optimisation and Resul...
 
Applying manufacturing IT
Applying manufacturing ITApplying manufacturing IT
Applying manufacturing IT
 
Building efficiency, growing economies - manufacturing solutions
Building efficiency, growing economies - manufacturing solutionsBuilding efficiency, growing economies - manufacturing solutions
Building efficiency, growing economies - manufacturing solutions
 
GS1 - an overview
GS1 - an overviewGS1 - an overview
GS1 - an overview
 
IMaR & RFID in Europe
IMaR & RFID in EuropeIMaR & RFID in Europe
IMaR & RFID in Europe
 
Using the online channel to reach customers
Using the online channel to reach customersUsing the online channel to reach customers
Using the online channel to reach customers
 
The future of retail
The future of retailThe future of retail
The future of retail
 
Retail Technology - The Experience is Everything
Retail Technology - The Experience is EverythingRetail Technology - The Experience is Everything
Retail Technology - The Experience is Everything
 
Opening presentation retail day
Opening presentation retail dayOpening presentation retail day
Opening presentation retail day
 

Kürzlich hochgeladen

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 

Pci dss in retail now and into the future

  • 1. PCI DSS in Retail Now and into the Future Presenter: Stephen O’Boyle, Head of Consultancy © Espion Sept 2013 For more information visit www.espiongroup.com 1
  • 2. Agenda 1. Current PCI process – Challenges for • Small retailers • Large retailers 2. Point to Point Encryption (P2PE) 3. PCI DSS v3 Highlights – Clarification – Additional Guidance – Evolving Requirement 4. Summary © Espion Sept 2013 For more information visit www.espiongroup.com 2
  • 3. Current PCI process • PCI Standards - strong framework for protecting payment card data • Principles apply to various environments and industry verticals including small to large retailers – Cardholder data is processed, stored, or transmitted • Size & type of business will determine the specific compliance requirements that must be met • Enforcement and fines managed by payment brands / acquirers – Not the PCI Council © Espion Sept 2013 For more information visit www.espiongroup.com 3
  • 4. Challenges • Small Retailers – Awareness of compliance requirements – Implications of non-compliance • Fines, reputational damage – Identifying correct scope – Performing a self assessment to the appropriate SAQ © Espion Sept 2013 For more information visit www.espiongroup.com 4
  • 5. Challenges • Large Retailers – Identifying scope – Staff awareness – Annual audits / SAQ – Maintaining compliance – P2PE © Espion Sept 2013 For more information visit www.espiongroup.com 5
  • 6. Point to Point Encryption • Point-to-Point Encryption (P2P Encryption) designed to – Reduce PCI DSS scope – Protect cardholder data throughout electronic payment processing cycle • Protects data as soon as it is collected from a card swipe until the payment settlement process is complete • Sometimes referred to as End-to-End Encryption • “...remember?no silver bullet to securing a payment environment,” said Bob Russo, general manager, PCI SSC – “Implementing one of these technologies will not automatically make you compliant with the PCI DSS”. © Espion Sept 2013 For more information visit www.espiongroup.com 6
  • 7. Point to Point Encryption • Guidance produced on P2PE, compliant solution qualifies for reduced scope. Guidance also states: – P2PE solutions do not eliminate the need to maintain PCI DSS compliance for specific systems – Recognizes the need for a set of criteria to validate the effectiveness of P2PE solutions so that merchants can have confidence that the solution they deploy properly secures cardholder data • Previously no global standardization of point-to-point encryption technology or validation of its implementation exists in the industry. © Espion Sept 2013 For more information visit www.espiongroup.com 7
  • 8. PCI DSS v3 – Change Highlights • Types of changes to the Standards are categorized as follows: 1. Clarification 2. Additional Guidance 3. Evolving Requirement © Espion Sept 2013 For more information visit www.espiongroup.com 8
  • 9. Clarification - PCI DSS v3 • Enhanced testing procedures to clarify the level of validation expected for each requirement – To put more emphasis on the quality and consistency of assessments. • Clarified that sensitive authentication data must not be stored after authorization even if PAN is not present – To ensure better understanding of protection of sensitive authentication data. • Clarified the intent and scope of daily log reviews – To help entities focus log-review efforts on identifying suspicious activity and allow flexibility for review of lesscritical logs events, as defined by the entity’s © Espion Sept 2013 For more information visit www.espiongroup.com 9
  • 10. Additional Guidance - PCI DSS v3 • Added guidance for all requirements with content from the former Navigating PCI DSS Guide – To assist understanding of security objectives and intent of each requirement • Added guidance for implementing security into businessas-usual (BAU) activities and best practices for maintaining on-going PCI DSS compliance – To address compromises where the organization had been PCI DSS compliant but did not maintain that status. – Recommends focus on helping organizations take a proactive approach to protect cardholder data that focuses on security, not compliance, and makes PCI DSS a business-as-usual practice. © Espion Sept 2013 For more information visit www.espiongroup.com 10
  • 11. Evolving Requirement - PCI DSS v3 • Update list of common vulnerabilities in alignment with OWASP, NIST, SANS, etc., for inclusion in secure coding practices – To keep current with emerging threats • Evaluate evolving malware threats for systems not commonly affected by malware – To promote on-going awareness and due diligence to protect systems from malware © Espion Sept 2013 For more information visit www.espiongroup.com 11
  • 12. Summary • Current PCI process • Point to Point Encryption (P2PE) • Highlights of changes in PCI DSS v3 © Espion Sept 2013 For more information visit www.espiongroup.com 12
  • 13. Questions ??? Contact: Stephen.oboyle@espiongroup.com © Espion Sept 2013 For more information visit www.espiongroup.com 13
  • 14. About Espion Information Risk, Security & Compliance Digital Investigations & Litigation Support Insight, Intelligence & Control Expertise, Innovation & IP Knowledge Transfer and Certification Technology & Product Distribution © Espion Sept 2013 For more information visit www.espiongroup.com 14
  • 15. About Espion Seven locations and growing. For more information visit www.espiongroup.com 15
  • 16. About Espion 57 consultants and hiring. For more information visit www.espiongroup.com
  • 17. About Espion Highly qualified and continuously developing. For more information visit www.espiongroup.com
  • 18. About Espion A culture of achieving. For more information visit www.espiongroup.com