|
 PCI DVD, 'Are you at Risk?'
In July 2007, RSPA released 'Are you at Risk?', an educational DVD about Payment Card Industry Security Compliance. 'Are you at Risk?' defines the industry jargon to help business owners determine if their point-of-sale system is at risk of a security breach. RSPA traveled the country, interviewing the major players in the PCI issue to get to the bottom of what must be done to fix this growing problem. This DVD tells you why PCI Data Security Standards were created, shows you the underground world in cyberspace where hackers gather to buy and sell stolen information, and lets you hear first hand from a merchant who had a criminal hack into their point-of-sale system in early 2006.
The 12-minute DVD gives viewers a candid, inside look at the facts surrounding PCI Compliance and provides a sense of how costly compromises can be and how they are affecting the retail industry.
RSPA offers two versions of 'Are you at Risk?'. The original version includes an interview with a Micros, a vendor who is working to help customers become PCI Compliant. The updated version of 'Are you at Risk?' eliminates the vendor perspective (interview) and all logos seen throughout the original version enabling any vendor to use this video to educate their customers (without promoting another brand).
Click here to purchase a DVD.
|
|
PCI News
Here you will find the very latest news about Payment Card Industry Security including articles on trends, standards and blogs. If you have PCI Information you would like to submit, please send to: Publications@GoRSPA.org
|
PCI Compliance Handbook
This on-line handbook includes several documents to help RSPA members and their customers with information about PCI Compliance including standard documents and certified letters.
|
PCI Research
& Presentations
RSPA has offered several education sessions about PCI Compliance. Here you can find those reports including research and statistics by security forensic auditors.
|
|
2011.10.14
PCI Security Standards Council Updates PTS Program for Encryption, Mobile
2010.11.29
PCI Deadline Extended
2008.11
Guide to Understand PCI Compliance
2008.10
Summary of Changes from PCI DSS Version 1.1 to 1.2
2008.10
Requirments & Security Assessment Procedures Version 1.2
2008.4.23
Visa's Payment Application Best Practices adopted as Security Standard
2007.10.23
Visa Announces New Payment Application Security Mandates
|
PCI Security Compliance should be of vital interest to every member of RSPA. The RSPA PCI Compliance Committee, chaired by Brad Holaway of Copperstate Business Systems, has been working on several initiatives to assist members in managing this issue for their business and their customer base.
The PCI on-line Handbook include several documents to help provide you with information on PCI, CISP, and other best practices. Note that these documents have been reviewed by an RSPA legal counsel.
PCI "Correct Language"
PCI Primer for Dealership Staff
PCI Security For Any Dealer - If Mailed Prior
PCI Compliance Notification to Customers
PCI Data Security Standard
The 12 PCI Requirements along with the 185 Sub-Requirements Document
PCI TRUSTWAVE Restaurant White Paper
Background Information for PCI Compliance in the Restaurant Vertical Market
PCI CISP Validated Payment Applications
The Latest List as of 12/19/08
PCI Credit Security Waiver For Employees
Policy Statement for Dealership Staff to Review and Sign
PCI Credit Security Waiver For Customers
Policy Statement for Customer to Review and Sign if any Inappropriate Software is Installed on the System
Visa Policy Letter
Dealer letter for customers who do not wish to become compliant
PCI Security Letter
Certified Letter to send to customers with non-compliant equipment
Terms and Conditions
Installation Terms and Conditions pertaining to PCI Compliance
To see a full list of VISA's payment card security best practices, click here
View Visa's Top 10 Best Practices For Payment Application Companies - Click Here
To view PCI information in another language, click here
|
Learn more about RSPA's PCIwise Certificate Program
The Upside of Insecurity
(Featured in January 2008 connect)- Lisa Terry, Industry Writer
An Integrator's Worst Nightmare
(Featured in January 2008 connect) - Nicholas Percoco, TrustWave
Payment Applications: Is it the open door on your system? – Nicholas Percoco, TrustWave
This presentation reveals the vulnerabilities when supplementing a system with various payment applications. Statistics complied from over 200 forensic investigations are shared along with information about how hackers gain access to networks. This presentation teaches how to avoid the mistakes many companies make when they introduce payment applications.
Reducing Business Risk from Credit Card Breaches - Christopher Justice, Merchant Link
High profile data security breaches like Office Max and TJ Maxx grab the headlines, yet small to medium sized merchants received fines and penalties in excess of $40 million for similar circumstances. Aside from not making the news, they suffered in silence or went out of business. Reducing Business Risk from Credit Card Breaches provides a card industry overview and takes an in-depth look at the standard, reviews common breaches and illustrates the penalties and their aftermaths. This presentation is designed to provide resellers information on how to project their business from risk and their merchants from financial problems.
Protecting Card-holder Information - Jeff Wakefield, VeriFone Inc.
This presentation reviews the five different payment standards, explains their requirements and how they relate to each other. The importance of these requirements are illustrated with case studies of actual compromises. In addition, tips to achieve compliance, industry best practices and additional resources to manage your business are revealed.
A Forensic Approach to Incident Response – Kennet Westby & Rick Dankin, CoalFire Systems
As system developers and service providers engage with merchants in a more controlled, demanding environment, the question of liability control failure has become a hot topic. What can developers and service providers do to support merchants in defense of control failures and incident response when controls fail? This presentation by CoalFire will orient channel partners to the risks that can cause controls to fail and incident response support that can be provided.
Steps to Card holder Security: 5 Things Every Dealer Should Know - Irving Simpson, Precidia Technologies, Inc.
This presentation features perspective on card holder data security from a hospitality application developer and a dealer with 15 years of experience in Internet based payment technologies. The presentation looks at best practices for the industry including the roles of application developers, merchants and dealers as it relates to the PCI compliance mandate. Included is an understanding of the PCI mandate and what tools are available.
|
