payment card industry
vasu9005
BA602-PPT.pdf
Group Assignment 1: Part 1 Outline
Venkata Karthik Kilaru (551511)
Saiteja Tula (558665)
Srinivasa reddy Kandi (558416)
BA60276 H6 Management Information Systems
Contents
• PCI Compliance • Effectiveness of PCI • Life cycle of PCI • Key business process of PCI • PCI Security Standards • PCI – DSS (Payment Card Industry – Digital Security Standards)
PCI Compliance
• Do not use vendor-supplied defaults for system passwords and other security parameters.
• Protect stored cardholder data.
• Encrypt transmission of cardholder data across open, public networks.
• Use and regularly update anti-virus software.
• Develop and maintain secure systems and applications.
• Restrict access to cardholder data by business need-to-know.
• Assign a unique ID to each person with computer access.
• Restrict physical access to cardholder data. • Track and monitor all access to network resources and cardholder data. • Regularly test security systems and processes. • Maintain a security policy and ensure that all personnel are aware of it. • What is PCI DSS compliance? • The Payment Card Industry Data Security Standard (PCI DSS) refers to payment security standards that ensure all sellers safely and securely accept, store, process, and transmit cardholder data (also known as your customers’ credit card information) during a credit card transaction.
• Any merchant with a merchant ID that accepts payment cards must follow these PCI-compliance regulations to protect against data breaches. The requirements range from establishing data security policies for your business and employees to removing card data from your processing system and payment terminals.
Effectiveness of PCI
ØIncreased awareness and general concerns over data privacy
ØSignificant fines and penalties that can be imposed by payment card brands
ØPotential reputation and brand damage, leading to loss of revenue
ØConcerns over civil liability resulting from customer identity theft
ØIndustry peer pressure
ØProposed changes to the Privacy Act around mandatory disclosure of breaches
ØAlignment with corporate risk management guidelines
Life cycle of PCI
Key business process of PCI
payment Card industry Participants
Before you can understand the process of a payment card industry, it’s best first to familiarize yourself with the key players involved:
• Cardholder • Merchant • Acquiring Bank/Merchant’s Bank • Acquiring Processor/Service Provider
• Payment Card Network/Association Member • Issuing Bank/Payment Card Issuer Payment Card Transaction Process
• Authorization • Authentication • Clearing & Settlement payment Card Processing Fees & Costs
• Merchant Discount Rate • Interchange Fee • Assessments • Markups • Chargebacks
When a payment CardTransaction Gets Declined
• Incorrect payment card number or expiration date • Insufficient funds • Some payment card companies reject international charges • The issuing bank or payment card company experienced technical issues while your transaction was being processed
• If the customer made a large number of online purchases within a short period of time, some banks will reject several of the charges as a fraud- prevention measure
Why It's Important
• Credit card fraud in the US is at an all-time high. The PCI DSS standard establishes a framework by which organizations can protect their cardholder data environment. By complying with PCI requirements, merchants and service providers can reduce the risk of a breach, gain competitive advantage, and increase their credibility.
• Our PCI engagements focus on managing the full life cycle of our client’s certification process for their cardholder data environment. Compliance Point offers a full suite of services to assist organizations with all aspects of their compliance effort.
PCI DSS • The PCI Data Security Standard applies to major credit card providers, and is intended to protect cardholder data
PCI PA-DSS • The Payment Application Data Security Standard applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties.
Point-to-Point Encryption • Point-to-Point Encryption, also known as end-to-end encryption, is an emerging technology that is used to protect sensitive credit card data from point of swipe, while in transit, all the way to the payment processor. This type of protection is critical as hackers increasingly focus on stealing credit card data while it is in transit. Compliance Point is one of a very select group of PCI compliance certification firms authorized to certify to Point to Point Encryption standards.
Experian Independent 3rd PartyAssessment • it is an annual assessment of Experian's 3rd Party Processors' ability to protect Experian's Personally Identifiable Information data. If you are a company processing, storing, or transmitting Personally Identifiable Information provided by Experian, you may be required to have your systems assessed to determine how well you are protecting this information externally and internally from unauthorized users.
PCI – DSS (Payment Card Industry – Digital Security Standards): • Developed to improve card holder data security to help prevent payment card fraud.
• Created by 4 major payment cards brand – Visa, MasterCard, Discover & American Express.
• Includes security assessment procedures company must comply with annually.
• Requires employees to keep payment card information confidential and secure.
• To provide security requirements allowing flexibility to implement and customize security measures of payment account data security.
References: • Odysseas Papadimitriou, Apr 2, 2009 How Credit Card Transaction Processing Works: Steps, Fees
& Participants Retrieved on 05/21/2018 from https://wallethub.com/edu/credit-card-transaction/25511/ • Retrieved on 05/21/2018 from
https://chargebacks911.com/knowledge- base/the-lifecycle-of-a-credit-card-purchase/ • Retrieved on 05/21/2018 from
https://www.pwc.com.au/consulting/assets/risk-controls/complianceburdenoropportunity.pdf • Retrieved on 05/21/2018 from
http://www.compliancepoint.com/pci-security-standards-audits • Retrieved on 05/21/2018 from
https://squareup.com/guides/pci-compliance
