PCI DSS Training Command center

[Virtual Presenter] Good morning everyone. Today I'm here to talk to you about the Payment Card Industry Data Security Standard (PCI DSS) and the impact it has on BankAxept's command center operations. We will explore how implementing these standards can help BankAxept's operations become more secure and efficient. I appreciate you taking the time to listen to this presentation, and I look forward to answering any questions you may have..

[Audio] We will be discussing the Payment Card Industry Data Security Standard, or PCI DSS, version 4. This is an internationally recognized security standard developed to secure credit and debit card data. BankAxept is dedicated to adhering to this standard and will be covering how it applies to command center operations. Additionally, we will cover what the CTSP is and how it is compliant with the PCI DSS v4..

[Audio] Let us begin by discussing our backgrounds related to payments and IT, as we are CTSP, or Certified Third Party Service Professionals. It is essential for us to exchange our knowledge and skills. Therefore, let us go around the table and begin sharing our experiences in this field..

What is PCI DSS v4?.

[Audio] The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards designed to protect payment transactions and the sensitive personal data associated with them. Following the requirements of these standards can help companies to protect the data from unauthorized use and maintain customers' trust in the payment card industry. Get your copy now to begin understanding and implementing the PCI DSS..

[Audio] The Payment Card Industry Data Security Standard (PCI DSS) has specific requirements that must be fulfilled in order for command center operations to comply with the standard. This demonstration will outline these requirements and explain the audit process necessary to confirm that the recommendations of the standard have been met. We will now take a more detailed look..

[Audio] As we look at the payment card data that is of importance in the payment industry, it is important to understand the difference between Cardholder Data (CHD) and Sensitive Authentication Data (SAD). Cardholder Data, or CHD, is mostly made up of the Primary Account Number (PAN), which is the heart of payment card industry. SAD on the other hand is made up of Card Verification Code (CVV2) as well as the PIN or PIN Block..

[Audio] We will now discuss the Payment Card Industry Data Security Standard and its requirements. Primary Account Number, Cardholder Name, Expiration Date, Cardholder Data, Sensitive Authentication Data, Full-track data, magnetic-stripe data, PIN/PIN Block, CAV2/CVC2/CVV2/CID, and Bank Identification Number are all essential elements of PCI DSS, which was designed to ensure the secure handling and storage of cardholder information and to protect against fraud..

[Audio] At BankAxept, we understand why compliance with the Payment Card Industry Data Security Standard (PCI DSS) is critical for our customers. As a provider of payment services, we store, process and transmit payment data on behalf of our business partners, such as Thales. Therefore, to ensure the security of our customers' data, BankAxept is obligated to comply with the rigorous standards set by the PCI DSS..

[Audio] Today, we will talk about why organizations need to comply with PCI DSS. As you may already know, compliance with the PCI standards is generally not a legal requirement, but rather imposed by the card brands in order to protect customer data and money. The issuers require issuer services to comply, and further, issuer services require acquirer services and other third party services to comply. The acquirer services require merchants and third party services to comply as well. Finally, the merchants have to comply and thus require also equipment producers to comply. Hopefully, this explanation has cleared it up why it is imperative to comply with PCI DSS..

[Audio] Today we will be discussing the scope of the PCI DSS and what it means for Command Center Operations in 2023. The PCI DSS security requirements are applicable to all system components that are a part of, or connected to, the cardholder data environment. This environment is made up of people, processes, and technologies responsible for cardholder data or sensitive authentication data. These system components include network devices, servers, computers, and applications..

How does CTSP comply?.

[Audio] The slide focuses on Thales CTSP's Tokenization scope, outlining the process of consumer payments, such as debit and credit cards, through the Wallet website. The payment is split into two separate parts, card data being transmitted from the Bank (Issuer) to the Wallet Website, and from the Wallet Website to the Bank (Acquirer). Subsequently, the data is converted into the Token and secure Token PAN which is then shared with the Bank (Issuer). These steps are taken to improve the security of the transaction and protect the customer's card data..

[Audio] PCI DSS is a global security standard that aims to provide a secure environment for handling, storing and transferring credit card information. It is essential for Command Center Operations to be compliant with the PCI DSS standard in order to ensure the protection of their customers' data. To minimize risks, complexity and enhance manageability, scope segmentation is suggested. This entails restricting the scope of the PCI DSS requirements to only the parts of the network and operations that handle, store, and transmit credit card data..

[Audio] Tokenization is a process of replacing a Payment Card Industry Data Security Standard (PCI DSS) Protected Data Element (PDE) with a surrogate value. This surrogate value, referred to as a token, appears the same as the original PDE, but cannot be decrypted into the PDE. To obtain the original PDE, token needs to be detokenized. Cloud Token Service Providers provide a service for tokenizing information before transferring it on the network or saving it in wallets..

[Audio] PCI DSS is a set of security procedures and guidelines that must be adhered to by any businesses that store, process and transmit credit card data. Being part of the Command center operations team, staying aware, up to date and compliant with these security standards is essential. Preventative measures should be put in place to ensure systems and data are secured, which would help provide customers with a safe shopping experience..

[Audio] PCI DSS compliance is an essential component to ensure data security. It defines requirements related to protecting Cardholder Data (CHD) and Sensitive Authentication Data (SAD). Knowing and keeping track of the regulations and applicable changes is fundamental to remain compliant. This includes understanding the processes and procedures involved in the handling of data, and being prepared to report any compliance issues. To ensure that everyone is on the same page and to guarantee compliance, training is paramount..

[Audio] As part of the PCI DSS Introduction for Command Center Operations 2023 in Oslo, I will cover restricted access and non-disclosure, log and monitoring, and third parties. Furthermore, I will address the scope of storage and applications, as well as the network scope. It is imperative to guarantee that these areas are properly dealt with to secure the operations..

[Audio] Regarding incident handling in the context of Command Center Operations, we need to ensure efficient and secure routines to deal with any exceptional situations. Protocols must be established for data handling, anonymisation, communication channels, as well as escalation procedures and notable amendments. Let's delve deeper into this..

Questions and Comments.

Thank you!.