Académique Documents
Professionnel Documents
Culture Documents
Angela Hare
Disclaimer Angela Hare is by no means a PCI expert. She is simply the only employee at Central EMC who didnt know to be sick the day a compliance meeting was mentioned.
What in the world is PCI??? The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
OR ELSE..
Merchant Levels
Level 1 Any merchantregardless of acceptance channelprocessing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Level 2 Any merchantregardless of acceptance channelprocessing 1M to 6M Visa transactions per year. Level 3 Any merchant processing 20,000 to 1M Visa e-commerce transactions per year. Level 4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchantsregardless of acceptance channelprocessing up to 1M Visa transactions per year.
Central EMCs Approach Self-Assessment Questionnaire EMC Technologies evaluation & penetration testing Form a team to assess. Make the needed changes.
Changes to IVR Before CC info stored in engine logs & CC pmt table Stored for 30 days Network Admin & Milsoft personnel have access Now No CC information stored Access is the same
Other Changes
CIS CC information is XXXXX out. Network Firewall installed Tipping Point installed Secureworks monitoring PCI Scan Quarterly
Physical CSR notebooks are locked up at night. Additional doors are locked. New Security System to be installed Additional security cameras to be installed Employee training/policy
Are we better off? Yes, but Social Engineering Tracking the fraud
Questions?
Thank you! Angela Hare Director of Information Systems Central EMC harea@cemcpower.com