Project PCI is RSPA's outreach program to help educate and provide direction to our members about Payment Card Industry Security Compliance. RSPA offers information on a wide-range of topics concerning PCI Compliance.

Click below to find out more information on:

  • PCI News
    • Here you will find the very latest news about Payment Card Industry Security including articles on trends, standards and blogs. NEW! PCI Deadlines
  • PCI DVD, 'Are you at Risk? '
    • RSPA produced a 12-minute educational video about PCI Security Compliance. Learn more about 'Are you at Risk?' and order your copy by clicking here.
  • PCI Handbook
    • This on-line handbook includes several documents to help RSPA members and their customers with information about PCI Compliance including standard documents and certified letters.
  • PCI Research & Reports
    • RSPA has offered several education sessions about PCI Compliance. Here you can find those reports including research and statistics by security forensic auditors.

PCI DVD, 'Are you at Risk?'

In July 2007, RSPA released 'Are you at Risk?', an educational DVD about Payment Card Industry Security Compliance. 'Are you at Risk?' defines the industry jargon to help business owners determine if their point-of-sale system is at risk of a security breach. RSPA traveled the country, interviewing the major players in the PCI issue to get to the bottom of what must be done to fix this growing problem. This DVD tells you why PCI Data Security Standards were created, shows you the underground world in cyberspace where hackers gather to buy and sell stolen information, and lets you hear first hand from a merchant who had a criminal hack into their point-of-sale system in early 2006.

The 12-minute DVD gives viewers a candid, inside look at the facts surrounding PCI Compliance and provides a sense of how costly compromises can be and how they are affecting the retail industry.

RSPA offers two versions of 'Are you at Risk?'. The original version includes an interview with a Micros, a vendor who is working to help customers become PCI Compliant. The updated version of 'Are you at Risk?' eliminates the vendor perspective (interview) and all logos seen throughout the original version enabling any vendor to use this video to educate their customers (without promoting another brand).

Click here to purchase a DVD.

PCI Research & Presentations

  • The Upside of Insecurity (Featured in January 2008 connect)- Lisa Terry, Industry Writer
  • An Integrator's Worst Nightmare (Featured in January 2008 connect) - Nicholas Percoco, TrustWave
  • Payment Applications: Is it the open door on your system? – Nicholas Percoco, TrustWave
    • This presentation reveals the vulnerabilities when supplementing a system with various payment applications. Statistics complied from over 200 forensic investigations are shared along with information about how hackers gain access to networks. This presentation teaches how to avoid the mistakes many companies make when they introduce payment applications.
  • Reducing Business Risk from Credit Card Breaches - Christopher Justice, Merchant Link
    • High profile data security breaches like Office Max and TJ Maxx grab the headlines, yet small to medium sized merchants received fines and penalties in excess of $40 million for similar circumstances. Aside from not making the news, they suffered in silence or went out of business. Reducing Business Risk from Credit Card Breaches provides a card industry overview and takes an in-depth look at the standard, reviews common breaches and illustrates the penalties and their aftermaths. This presentation is designed to provide resellers information on how to project their business from risk and their merchants from financial problems.
  • Protecting Card-holder Information - Jeff Wakefield, VeriFone Inc.
    • This presentation reviews the five different payment standards, explains their requirements and how they relate to each other. The importance of these requirements are illustrated with case studies of actual compromises. In addition, tips to achieve compliance, industry best practices and additional resources to manage your business are revealed.
  • A Forensic Approach to Incident Response – Kennet Westby & Rick Dankin, CoalFire Systems
    • As system developers and service providers engage with merchants in a more controlled, demanding environment, the question of liability control failure has become a hot topic. What can developers and service providers do to support merchants in defense of control failures and incident response when controls fail? This presentation by CoalFire will orient channel partners to the risks that can cause controls to fail and incident response support that can be provided.
  • Steps to Card holder Security: 5 Things Every Dealer Should Know - Irving Simpson, Precidia Technologies, Inc.
    • This presentation features perspective on card holder data security from a hospitality application developer and a dealer with 15 years of experience in Internet based payment technologies. The presentation looks at best practices for the industry including the roles of application developers, merchants and dealers as it relates to the PCI compliance mandate. Included is an understanding of the PCI mandate and what tools are available.

 

 

PCI News


To see a full list of VISA's payment card security best practices - Click Here

View Visa's Top 10 Best Practices For Payment Application Companies - Click Here

11/08 Guide to Understand PCI Compliance

10/08    Summary of Changes from PCI DSS Version 1.1 to 1.2
               Requirments & Security Assessment Procedures Version 1.2 

4/23/08 Visa's Payment Application Best Practices adopted as Security Standard

10/23/07 Visa Announces New Payment Application Security Mandates

 

 

 

PCI Compliance Handbook

PCI Security Compliance should be of vital interest to every member of RSPA. The RSPA PCI Compliance Committee, chaired by Brad Holaway of Copperstate Business Systems, has been working on several initiatives to assist members in managing this issue for their business and their customer base.

The PCI on-line Handbook include several documents to help provide you with information on PCI, CISP, and other best practices. Note that these documents have been reviewed by an RSPA legal counsel.

*Click on the link below to read document

To view PCI information in another language, click here.

1. PCI "CORRECT LANGUAGE"
PCI Primer for Dealership Staff

2. PCI SECURITY FOR ANY DEALER - IF MAILED PRIOR
PCI Compliance Notification to Customers

3. PCI DATA SECURITY STANDARD
The 12 PCI Requirements along with the 185 Sub-Requirements Document

4. PCI TRUSTWAVE RESTAURANT WHITE PAPER
Background Information for PCI Compliance in the Restaurant Vertical Market

5. PCI CISP VALIDATED PAYMENT APPLICATIONS
The Latest List as of 12/19/08

6. PCI CREDIT SECURITY WAIVER FOR EMPLOYEES
Policy Statement for Dealership Staff to Review and Sign

7. PCI CREDIT SECURITY WAIVER FOR CUSTOMERS
Policy Statement for Customer to Review and Sign if any Inappropriate Software is Installed on the System

8. Visa Policy Letter 
Dealer letter for customers who do not wish to become compliant

9. PCI Security Letter 
Certified Letter to send to customers with non-compliant equipment

10. Terms and Conditions
Installation Terms and Conditions pertaining to PCI Compliance


To see a full list of VISA's payment card security best practices, click here

To view PCI information in another language, click here