payment card industry
Group Assignment 1: Part 1 Outline
Venkata Karthik Kilaru (551511)
Saiteja Tula (558665)
Srinivasa reddy Kandi (558416)
BA60276 H6 Management Information Systems
Contents
PCI Compliance
Effectiveness of PCI
Life cycle of PCI
Key business process of PCI
PCI Security Standards
PCI – DSS (Payment Card Industry – Digital Security Standards)
PCI Compliance
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Use and regularly update anti-virus software.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a security policy and ensure that all personnel are aware of it.
What is PCI DSS compliance?
The Payment Card Industry Data Security Standard (PCI DSS) refers to payment security standards that ensure all sellers safely and securely accept, store, process, and transmit cardholder data (also known as your customers’ credit card information) during a credit card transaction.
Any merchant with a merchant ID that accepts payment cards must follow these PCI-compliance regulations to protect against data breaches. The requirements range from establishing data security policies for your business and employees to removing card data from your processing system and payment terminals.
Effectiveness of PCI
Increased awareness and general concerns over data privacy
Significant fines and penalties that can be imposed by payment card brands
Potential reputation and brand damage, leading to loss of revenue
Concerns over civil liability resulting from customer identity theft
Industry peer pressure
Proposed changes to the Privacy Act around mandatory disclosure of breaches
Alignment with corporate risk management guidelines
Life cycle of PCI
Key business process of PCI
payment Card industry Participants
Before you can understand the process of a payment card industry, it’s best first to familiarize yourself with the key players involved:
Cardholder
Merchant
Acquiring Bank/Merchant’s Bank
Acquiring Processor/Service Provider
Payment Card Network/Association Member
Issuing Bank/Payment Card Issuer
Payment Card Transaction Process
Authorization
Authentication
Clearing & Settlement
payment Card Processing Fees & Costs
Merchant Discount Rate
Interchange Fee
Assessments
Markups
Chargebacks
When a payment Card Transaction Gets Declined
Incorrect payment card number or expiration date
Insufficient funds
Some payment card companies reject international charges
The issuing bank or payment card company experienced technical issues while your transaction was being processed
If the customer made a large number of online purchases within a short period of time, some banks will reject several of the charges as a fraud-prevention measure
Why It's Important
Credit card fraud in the US is at an all-time high. The PCI DSS standard establishes a framework by which organizations can protect their cardholder data environment. By complying with PCI requirements, merchants and service providers can reduce the risk of a breach, gain competitive advantage, and increase their credibility.
Our PCI engagements focus on managing the full life cycle of our client’s certification process for their cardholder data environment. Compliance Point offers a full suite of services to assist organizations with all aspects of their compliance effort.
PCI DSS
The PCI Data Security Standard applies to major credit card providers, and is intended to protect cardholder data
PCI PA-DSS
The Payment Application Data Security Standard applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties.
Point-to-Point Encryption
Point-to-Point Encryption, also known as end-to-end encryption, is an emerging technology that is used to protect sensitive credit card data from point of swipe, while in transit, all the way to the payment processor. This type of protection is critical as hackers increasingly focus on stealing credit card data while it is in transit. Compliance Point is one of a very select group of PCI compliance certification firms authorized to certify to Point to Point Encryption standards.
Experian Independent 3rd Party Assessment
it is an annual assessment of Experian's 3rd Party Processors' ability to protect Experian's Personally Identifiable Information data. If you are a company processing, storing, or transmitting Personally Identifiable Information provided by Experian, you may be required to have your systems assessed to determine how well you are protecting this information externally and internally from unauthorized users.
PCI – DSS (Payment Card Industry – Digital Security Standards):
Developed to improve card holder data security to help prevent payment card fraud.
Created by 4 major payment cards brand – Visa, MasterCard, Discover & American Express.
Includes security assessment procedures company must comply with annually.
Requires employees to keep payment card information confidential and secure.
To provide security requirements allowing flexibility to implement and customize security measures of payment account data security.
References:
Odysseas Papadimitriou, Apr 2, 2009 How Credit Card Transaction Processing Works: Steps, Fees & Participants Retrieved on 05/21/2018 from https://wallethub.com/edu/credit-card-transaction/25511/
Retrieved on 05/21/2018 from
https://chargebacks911.com/knowledge- base/the-lifecycle-of-a-credit-card-purchase/
Retrieved on 05/21/2018 from
https://www.pwc.com.au/consulting/assets/risk-controls/complianceburdenoropportunity.pdf
Retrieved on 05/21/2018 from
http://www.compliancepoint.com/pci-security-standards-audits
Retrieved on 05/21/2018 from
https://squareup.com/guides/pci-compliance