Payment Card Industry Data Security Standard (PCI DSS) and Your Company

Why Should You Attend:

This webinar will prepare your organization to understand and potentially use PCI DSS to the organization’s benefit. Whether involved in the payments industry or not, this webinar will introduce attendees to PCI DSS, its impacts and its use in your business. PCI DSS not only supports those in the payments business but provides insight to vendor managers into companies that have validated compliance. It can be used by organizations not directly involved with the payments business. It provides standards for security policies, technologies and ongoing processes that protect the systems from breaches and theft of sensitive data.

The webinar instructor will provide an introduction to PCI DSS and a way that all businesses can benefit from consulting with both the standard and the list of payment processing companies that have validated PCI DSS compliance. Attendees will walk away with ideas on leveraging PCI DSS for their benefit.

Areas Covered in the Webinar:

• Overview of PCI DSS
• Organizations that must validate PCI DSS compliance
• Merchants
• Processors
• How is PCI DSS validated?
• Strengths and weaknesses of PCI DSS
• The value of compliance
• Costs of compliance
• Failures of compliance
• Risk reduction
• Sensitive data security
• P2PE and tokenization
• What your organization should do about PCI DSS
• Other standards that PCI SSC publishes and manages
• Payment Application Data Security Standard
• Payment Card Industry PIN
• Sources of information about companies that are PCI DSS compliant

Who Will Benefit:

• Compliance Management
• Risk Management
• Vendor Management
• Retail Business Owners
• Data Security
• Network Administration
• Data Base Administration
• Point of Sale Development
• Software Development

Instructor Profile:

Marc Perl brings over 30 years of professional experience to Teknowlogy Associates. Mr. Perl’s diverse experience includes risk management, payments processing, data security, product development, software development and software quality assurance. During his 20 years at Visa, he was a key member of Visa’s risk management team, where he developed and managed the compliance program for the Payment Card Industry Data Security Standard (PCI DSS) as part of the Cardholder Information Security Program (CISP). He led the team that developed the business requirements for Visa’s Point-to Point Encryption (P2PE) solution.

As a merchant acquiring expert, Mr. Perl built and managed Visa’s integrated debit platform to support merchants such as Walmart, Radio Shack, Kmart and others. He also served as project manager for Visa’s Y2K effort and assisted with the spin-off of Visa’s acquiring processor business into a joint venture with Total Systems Services (TSYS) called Vital Processing Services. In addition to his Visa experience, Mr. Perl has consulted with organizations as varied as Jet Propulsion Laboratories, TSYS Acquiring Solutions, and others. His early experience included computer operations, programming, creation of software development methodologies and software engineering. He holds a BA from California State University at Northridge.

Topic Background:

The Payment Card Industry Data Security Standard (PCI DSS) is one of few successful industry developed and maintained data security standards. Mandated compliance with a payment network enforced data security standard dates from 2001 when Visa instituted the Cardholder Information Security Program (CISP). CISP was initially developed as a risk reduction measure for on-line merchants. It has evolved into the global, industry wide data security standard called PCI DSS. Each major payment network has specific mandates for organizations that must validate PCI DSS compliance. These organizations include financial institutions, third party service providers and merchants of all sizes. Gaining access to sources of information about PCI DSS and organizations that are PCI DSS compliant is part of the curriculum. PCI DSS is managed and maintained by the Payment Card Industry Security Standards Council (PCI SSC) originally formed in 2006 by Visa, MasterCard, Amex, Discover and JCB International to own and manage what became PCI DSS.

The principles specified in PCI DSS can be a guide for all organizations that wish to secure their data. PCI DSS security requirements can be focused on any sensitive data. Your organization need not be involved with the payments process to benefit from exposure to PCI DSS. The PCI DSS requirements can be modified to protect any data that your organization considers vital. Development and deployment of PCI DSS compliant networks can assist your business to secure those electronic assets that the business considers vital.

Follow us :