1 payment card industry (pci) security standard developed by the pci security council formed by...
TRANSCRIPT
1
Payment Card Industry (PCI) Security Standard
• Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express, Diners Club, JCB International and Discover Card.
• All issuing financial institutions and merchants that take credit card transactions on the Internet have to comply.
• Failure to comply may lead to financial penalty.Chan
PCI Security Standard
• Visa and MasterCard require major merchants and IT service organizations (over 1 million transactions annually or over 20,000 eTransactions annually) to have an annual external validation for compliance.
2
3
PCI Standards
1.Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.4. Encrypt transmission of cardholder data
across the Internet
4
PCI Standards
5. Use regularly updated anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business on a need-to-know basis
8. Assign a unique ID to each person with computer access
5
PCI Security Standard
9. Restrict physical access to cardholder data
10. Track and monitor all access to network
resources and cardholder data
11. Regularly test security systems and
processes
12. Maintain a policy that addresses
information security
Review Questions
1. What kinds of organizations are required to provide an annual external validation of
compliance with the PCI Security Standard? Organizations that process > 1 million transactions or 20,000 eTransactions annually
6
MC Question
• Which organization is most likely exempted from obtain external scanning for
compliance with the PCI Security Standard?
A. Sony
B. Amazon
C.Boeing
D.Walmart
7
MC Question
What kind of access to cardholder data must be monitored by Best Buy?
A.Update
B.All
C.External
D.Create
8
MC Question
Who make up the PCI Security Council?
A.Banks
B.Major credit card issuers
C.Governments
D.Central banks
9
MC Question
• What is the maximum number of digits in a credit card number that can be displayed
to a customer or a merchant?
A.First 6 and last 4
B.First 6
C.Last 4
D.First 4 and last 4
10
MC Question
How is the PIN verified?
A. Comparing the keyed PIN to the database
B. Comparing the keyed in value to the hash of the credit card number
C. Calculating the PIN offset based on decrypting the keyed in PIN and comparing the calculated PIN offset to the stored PIN offset.
11