PCI: A Four-Letter Word of E-Commerce Presented by Matt Kleve - PowerPoint PPT Presentation

Commerce PCI: A Four-Letter Word of E-Commerce Presented by Matt Kleve (vordude)

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / s h a w n z l e a / 5 2 7 8 5 7 7 8 7 /

W h o i s t h i s g u y ? ● 5 y e a r s o f D r u p a l ● B e e n i n t h e P C I ' t r e n c h e s ' ● D r u p a l S e c u r i t y T e a m ● S e n i o r D e v e l o p e r , L u l l a b o t

W a r n i n g , t h i s g u y i s n o t : ● A PCI Qualified Security Assessor (QSA) ● A lawyer ● Willing to provide references or suggestions for web hosting, scanning vendors, consultants, etc.

O n c e u p o n a t i m e . . .

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / 7 6 0 2 9 0 3 5 @ N 0 2 / 6 8 2 9 4 3 8 0 7 5

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / s l w o r k i n g / 3 8 3 2 2 6 7 1 0 4

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / d r e w l e a v y / 3 3 9 4 8 9 7 7 0 6

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / d r e w l e a v y / 3 3 9 4 8 9 5 2 4 6

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / d r e w l e a v y / 3 3 9 4 8 9 2 5 8 4

h t t p : / / w w w . f l i c k r . c o m / p h o t o s / d u k e e n e r g y / 4 7 5 5 0 9 0 9 4 4

W h a t i s t h i s P C I T h i n g ? ● a y m e n t a r d n d u s t r y P C I ● a t a e c u r i t y t a n d a r d D S S ( P C I - D S S ) ( N o t t h e P A - D S S )

W h a t i s t h i s P C I T h i n g ? A r e y o u T r a n s mi t t i n g , P r o c e s s i n g , o r S t o r i n g C r e d i t C a r d D a t a ? I t a p p l i e s t o y o u .

W h a t i s t h i s P C I T h i n g ? “ B u t I d o n ' t h a n d l e 5 % o f t h e p a y m e n t s t h e b i g g u y s d o ”

W h a t i s t h i s P C I T h i n g ? ● > 8 0 % o f t h e i n s t a n c e s o f u n a u t h o r i z e d a c c e s s t o c a r d d a t a h a v e i n v o l v e d s m a l l m e r c h a n t s ● T h e s e b u s i n e s s e s a c c o u n t f o r 8 5 % o f t h e t o t a l n u m b e r o f m e r c h a n t s I n D a t a L e a k s , C u l p r i t s O f t e n A r e M o m , P o p W a l l S t r e e t J o u r n a l , 9 / 2 2 / 0 7

W h a t i s t h i s P C I T h i n g ? ● M a l i c i o u s a t t a c k s w e r e t h e r o o t c a u s e o f 3 1 % o f t h e d a t a b r e a c h e s ● A v e r a g e c o s t i s $ 2 1 4 p e r c o m p r o m i s e d r e c o r d 2 0 1 0 A n n u a l S t u d y : U . S . C o s t o f a D a t a B r e a c h S y m a n t e c a n d t h e P o n e m o n I n s t i t u t e

W h a t i s t h i s P C I T h i n g ? “ T h e c r e d i t c a r d p r o v i d e r i s g e n e r a l l y l i a b l e o n l y i f t h e r e t a i l e r w a s P C I - c o m p l i a n t a t t h e t i m e t h e s e c u r i t y b r e a c h o c c u r r e d . ” P r o t e c t i n g C r e d i t C a r d D a t a : H o w t o A c h i e v e P C I C o m p l i a n c e M o t o r o l a W h i t e P a p e r

W h a t i s t h i s P C I T h i n g ? F i n a n c i a l R i s k R e p u t a t i o n R i s k

W h a t i s t h i s P C I T h i n g ? 1 2 R e q u i r e m e n t s “ T h e D i r t y D o z e n ”

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 1 : I n s t a l l a n d m a i n t a i n a f i r e w a l l c o n f i g u r a t i o n t o p r o t e c t c a r d h o l d e r d a t a

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 2 : D o n o t u s e v e n d o r - s u p p l i e d d e f a u l t s f o r s y s t e m p a s s w o r d s a n d o t h e r s e c u r i t y p a r a m e t e r s

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 3 : P r o t e c t s t o r e d c a r d h o l d e r d a t a

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 4 : E n c r y p t t r a n s m i s s i o n o f c a r d h o l d e r d a t a a c r o s s o p e n , p u b l i c n e t w o r k s

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 5 : U s e a n d r e g u l a r l y u p d a t e a n t i - v i r u s s o f t w a r e o r p r o g r a m s

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 6 : D e v e l o p a n d m a i n t a i n s e c u r e s y s t e m s a n d a p p l i c a t i o n s

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 7 : R e s t r i c t a c c e s s t o c a r d h o l d e r d a t a b y b u s i n e s s n e e d t o k n o w

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 8 : A s s i g n a u n i q u e I D t o e a c h p e r s o n w i t h c o m p u t e r a c c e s s

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 9 : R e s t r i c t p h y s i c a l a c c e s s t o c a r d h o l d e r d a t a

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 1 0 : T r a c k a n d m o n i t o r a l l a c c e s s t o n e t w o r k r e s o u r c e s a n d c a r d h o l d e r d a t a

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 1 1 : R e g u l a r l y t e s t s e c u r i t y s y s t e m s a n d p r o c e s s e s .

W h a t i s t h i s P C I T h i n g ? R e q u i r e me n t 1 2 : M a i n t a i n a p o l i c y t h a t a d d r e s s e s i n f o r m a t i o n s e c u r i t y f o r a l l p e r s o n n e l

B a s i c P C I D S S P r i n c i p l e s ● D o n o t s t o r e c a r d h o l d e r d a t a u n l e s s i t ’ s a b s o l u t e l y n e c e s s a r y ● N e v e r s t o r e “ V e r i f i c a t i o n C o d e , ” “ F u l l T r a c k , ” o r “ P I N ” ● T h e f i r s t s i x a n d l a s t f o u r d i g i t s a r e t h e m a x i m u m n u m b e r o f d i g i t s t o b e d i s p l a y e d .

B a s i c P C I D S S P r i n c i p l e s D o c u m e n t e v e r y t h i n g

B a s i c P C I D S S P r i n c i p l e s G e t i t i n w r i t i n g f r o m y o u r v e n d o r s o r s e r v i c e p r o v i d e r s .

B a s i c P C I D S S P r i n c i p l e s Y o u a r e n e v e r d o n e → → A s s e s s R e me d i a t e R e p o r t

http://www.flickr.com/photos/merelymel/2824506032

http://www.flickr.com/photos/attercop311/3088780713

M e r c h a n t , K n o w T h y s e l f Wh i c h S A Q ? ● S A Q - A ● S A Q - B ● S A Q - C ● S A Q - C - V T ● S A Q - D