Payment- Card- Industry- Digital- Security- Standards- Presented-课件.pptVIP

* * * * * * * * * * * * * * * * * * * * * * Copyright Security-A 2005 Copyright Security-A 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson Overview of PCI DSS Compliance Levels and Requirements PCI DSS in More Detail Discussion, Questions and Clarifications Agenda Topics in this section PCI-DSS Defined Brief History Responsibilities Terminology for Who’s Who Confusion: PCI vs. AIS, CISP, SDP… PCI Assessments PCI Enforcement Overview of PCI-DSS Payment Card Industry Digital Security StandardsA collaborative effort to achieve a common set of security standards for use by entities that process, store or transport payment card data. Multiple Credit Card organisations participating in PCI effortsMembers include Visa, MasterCard, American Express (Amex), Diner’s Club, Discover Card, and JCB Other PCI efforts underway (PABP) Payment Application Best Practices ? (PASS) Payment Application Security Standards PCI-DSS Defined Companies developed and managed own standards independently Visa – (AIS) Account Information Security MasterCard – (SDP) Site Data Protection American Express – (DSS) Data Security Standards Discover Card – (DISC) Discover Card Information Security and Compliance Current PCI is evolved from the more mature Visa AIS standards Present iteration was published December 2004; a revision is due August 2006 Brief History MasterCard is responsible for certifying products and companies capable of fulfilling the Scanning requirements These are often referred to (somewhat erroneously) as SDP Certified products and/or companies Visa is responsible for training and certifying companies and individuals capable of fulfilling the Onsite Audit requirements Such companies are called QSAs (Qualified Security Assessors) and the individuals are called QSAPs (Qualified Security Assessor Personnel) The other PCI organisations are contributors to the standards Responsibilities Visa and MasterCard are made up of Member or