5 under-utilized pci requirements and how you can leverage them
DESCRIPTION
5 Under-utilized PCI Requirements and how you can leverage themTRANSCRIPT
![Page 1: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/1.jpg)
By – Praveen Joseph Vackayil
5 Under-utilizedPCI Requirements
Praveen Joseph VackayilCISSP, CCNA, ISO 27001 LA, former PCI QSA, MS (Warwick), BE
AND HOW YOU CAN FULLY LEVERAGE THEM
![Page 2: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/2.jpg)
By – Praveen Joseph Vackayil
DISCLAIMER
![Page 3: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/3.jpg)
By – Praveen Joseph Vackayil
• Mobile phones – you know what to do! • Questions are welcome• Share your knowledge
Ground Rules
![Page 4: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/4.jpg)
By – Praveen Joseph Vackayil
• Quick Introduction to PCI DSS–CHD and SAD–PCI Requirements
• 5 Under-utilized PCI Requirements
Agenda
![Page 5: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/5.jpg)
By – Praveen Joseph Vackayil
A Quick Introduction to PCI DSS
![Page 6: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/6.jpg)
By – Praveen Joseph Vackayil
The Payment Card Industry Data Security Standards are a set of security standards created to protect credit and debit card data.
What is PCI?
![Page 7: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/7.jpg)
By – Praveen Joseph Vackayil
• One of the most precise and granular information security standards out there.• 12 broad requirements, 300+ sub-
requirements• People (10%) – Processes (30%) –
Technology (60%)
What is PCI?
![Page 8: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/8.jpg)
By – Praveen Joseph Vackayil
Cardholder Data:• Card Number• Cardholder Name• Service Code (not shown
in image)• Expiry Date
Cardholder Data
![Page 9: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/9.jpg)
By – Praveen Joseph Vackayil
Sensitive Authentication Data:• CVV• Track data (Magnetic
Stripe data or Chip data)• PINs or PIN blocks
123
Sensitive Authentication Data
![Page 10: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/10.jpg)
By – Praveen Joseph Vackayil
What does PCI say about CHD and SAD?
![Page 11: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/11.jpg)
By – Praveen Joseph Vackayil
Stored card numbers must be encrypted, truncated, hashed, or protected with one time pads.
In Other Words
1aM3fz9eo0F1idqKq2Z23i0F3akdjl53f32F23k3qsaf
4757 2828 9290 2929
![Page 12: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/12.jpg)
By – Praveen Joseph Vackayil
CVV, Track/Chip and PIN data must never be stored.
In Other Words
“July_Customer_CVV.xlsx”
![Page 13: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/13.jpg)
By – Praveen Joseph Vackayil
The PCI Requirements
Ref: PCI DSS v3.0
![Page 14: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/14.jpg)
By – Praveen Joseph Vackayil
Requirement 1 - FirewallsFormal Change Management
Updated Network Diagram
Firewall config vs Business Justification Document
NATting
Check incoming packets for IP Spoofing
Internal Zone-> DMZ->External Zone
Firewall Rule Review
![Page 15: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/15.jpg)
By – Praveen Joseph Vackayil
Requirement 2 – Device Configuration
Change all vendor supplieddefaults
Remove all unnecessary scripts, drivers, servers and other functionalities
One primary function per server
Non-console admin access must be encrypted
Hardening standards based on CIS, SANS, NIST, etc.
![Page 16: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/16.jpg)
By – Praveen Joseph Vackayil
Requirement 3 – Protect Stored CHD
Do not store any SAD
Mask PAN when displayed
Render stored PAN un-readable
Key Management
Drive Awareness
Review stored PAN via quarterly data discovery scans
Minimize stored PAN
![Page 17: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/17.jpg)
By – Praveen Joseph Vackayil
Requirement 4 – Protect Transmitted CHD
Encrypt PAN sent over wireless. Eg. IEEE 802.11i(No WEP, SSL v2.0)
Encrypt PAN sent on open public networks
Encrypt PAN if sent over email, chat, etc.
Drive Awareness
![Page 18: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/18.jpg)
By – Praveen Joseph Vackayil
Requirement 5 – Use Anti-Malware SoftwareIf AV exists, deploy it
Do RA to identify threats for Mainframes or other systems without AV
Periodic ScansAutomatic UpdatesAnti-virus logs
![Page 19: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/19.jpg)
By – Praveen Joseph Vackayil
Requirement 6 – SDLCIdentify new security vulnerabilities from external sources
Patch Management
Secure SDLCWAF or App VA for public facing web apps
![Page 20: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/20.jpg)
By – Praveen Joseph Vackayil
Requirement 7 – Need to KnowAccess to CHD based on job-based need to know
Default deny-all setting in access provisioning
![Page 21: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/21.jpg)
By – Praveen Joseph Vackayil
Requirement 8 – Accountability
User ID settings
Two-factor authentication for remote connections
Password settings
Session time-out settings
![Page 22: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/22.jpg)
By – Praveen Joseph Vackayil
Requirement 9 – Physical SecurityPhysical Access Controls:-CCTV and/or-Access control mechanism
Visitor Management
Media Management
Physical Security of POS devices
![Page 23: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/23.jpg)
By – Praveen Joseph Vackayil
Requirement 10 – Log ManagementWhat should be logged
What a log should contain
Log Retention
Log Review
FIM on logs
Time synchronization
Access to Logs
![Page 24: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/24.jpg)
By – Praveen Joseph Vackayil
Requirement 11 – Testing and Monitoring
Wireless Scan IDS/IPS
Penetration Testing
Vulnerability Assessment
Change Detection Software
![Page 25: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/25.jpg)
By – Praveen Joseph Vackayil
Requirement 12 – Documentation
Risk Assessment
Human Resources-NDA-BGV
Service Provider Management
Incident Management
Policies and Procedures- Information Security- Acceptable Usage, etc.
![Page 26: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/26.jpg)
By – Praveen Joseph Vackayil
5 Under-utilized PCI Requirements
![Page 27: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/27.jpg)
By – Praveen Joseph Vackayil
?WHICH REQUIREMENTS DO YOU THINK WILL BE DISCUSSED?
![Page 28: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/28.jpg)
By – Praveen Joseph Vackayil
Typical Challenge Areas in PCI Maintenance
![Page 29: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/29.jpg)
By – Praveen Joseph Vackayil
5 Under-utilized PCI Requirements
• Firewall Rule Review• Log Review• Penetration Testing• Risk Assessment• Service Provider Management
![Page 30: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/30.jpg)
By – Praveen Joseph Vackayil
Firewall Rule Review
![Page 31: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/31.jpg)
By – Praveen Joseph Vackayil
Firewall Rule Review
1.1.7 Review firewall and router rule sets at least once every six months
WHAT IT IS
![Page 32: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/32.jpg)
By – Praveen Joseph Vackayil
Firewall Rule ReviewHOW PEOPLE TEND TO DO IT
“Nipper gives a lot of false positives, you know?”
“We need ICMP for troubleshooting”
-We ran a Nipper scan.-And?-That’s it!
![Page 33: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/33.jpg)
By – Praveen Joseph Vackayil
A Good Rule Review Will Achieve• Re-validation of all business requirements (and nothing else)
being met through the firewall• Review/removal of ACLs which are convenient for firewall
device management but not for network security.• Protection from new attack vectors (especially public facing
firewalls)• Checking for incorrectly configured rules• Clean-up of obsolete rules and user ids on firewall• Revoke of “temporary” access requests on expiry• Firewall performance tuning• More accurate responses from network administrator during
external audit.
![Page 34: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/34.jpg)
By – Praveen Joseph Vackayil
Suggested Firewall Review Methodology
Prerequisites- Network Diagram- Device Inventory- Updated DFD- Firewall Rules Business Justification Document
Shortlist the firewalls to be reviewed - eg. Internet FW, Internal FW
- Review the network diagram, DFD- Validate the FW configuration against approved services, ports, protocols
What to Look For:- Obsolete ACLs- Inconsistencies with BJD- Insecure services, ports, protocols - FTP, Telnet, SNMP.
Remediation
![Page 35: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/35.jpg)
By – Praveen Joseph Vackayil
Sample Firewall Review Sheet
Ref: SANS - Methodology for Firewall Reviews for PCICompliancehttp://www.sans.org/reading-room/whitepapers/auditing/methodology-firewall-reviews-pci-compliance-34195
![Page 36: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/36.jpg)
By – Praveen Joseph Vackayil
Log Review
![Page 37: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/37.jpg)
By – Praveen Joseph Vackayil
Log ReviewSCOPE10.6 Review logs and security events for all system components
FREQUENCY10.6.1 Review the following at least daily:• All security events • Logs of all system components that store, process, or transmit CHD/SAD• Logs of all critical system components• Logs of security devices - firewalls, IPS, etc.10.6.2 Review logs of all other system components periodically as determined by a risk assessment.
REMEDIATION10.6.3 Follow up anomalies identified during the review process.
WHAT IT IS
![Page 38: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/38.jpg)
By – Praveen Joseph Vackayil
Log ReviewHOW PEOPLE TEND TO DO IT
“It is not possible to investigate all alerts. There are tons of false positives.”
-We manually review logs everyday. Surprisingly, we have no incidents so far.-You mean NOT surprisingly
![Page 39: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/39.jpg)
By – Praveen Joseph Vackayil
Good Log Review Principles
Log Review
Central Log Storage for easy access and review
Continuous and Automated Monitoring
“Do Not Show Again” configuration to reduce false positives
Qualified personnel who know what kind of logs to look for
Timely Response Mechanism
![Page 40: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/40.jpg)
By – Praveen Joseph Vackayil
Penetration Testing
![Page 41: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/41.jpg)
By – Praveen Joseph Vackayil
Penetration Testing
Requirements for PT in PCI v2.011.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification. These penetration tests must also include application and network layer penetration tests.
WHAT IT IS
![Page 42: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/42.jpg)
By – Praveen Joseph Vackayil
Penetration TestingHOW PEOPLE TEND TO DO IT
“We fixed all the VA findings. So there are no vulnerabilities to exploit, meaning there is no point in a PT.”
(hence proved)
“We ran a PT scan. Here is the report.”
![Page 43: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/43.jpg)
By – Praveen Joseph Vackayil
Penetration Testing• PT Methodology
– A methodology will bring structure and consistency to the testing approach– Provide standardized documentation– Assist in training and KT between staffEg. N/w PT – OSSTM (from Institute for Security and Open Methodologies), NIST SP 800-115 App PT - OWASP Testing Project for App PT
• External and Internal PT
WHAT HAPPENED IN V3.0 HAS BEEN NOTHING SHORT OF RADICAL
Outside Inside
Has no access to systemsNo knowledge about the systems
Has at least general user access, may have some knowledge on the systems
Begins with reconnaissance (public information) and enumeration (network discovery, port scanning)
Begins with user privilege escalation (eg. General to admin user)
![Page 44: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/44.jpg)
By – Praveen Joseph Vackayil
Penetration Testing• PT must validate network segmentation
methods used to isolate the CDE– Router or Firewall ACLs– VLANs configured on L3 switches
Eg. Port scanning to check for any open ports on the router through which one can connect from a trusted but non-CDE network.
• PT must be on-going – Remediation must be validated by re-testing
![Page 45: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/45.jpg)
By – Praveen Joseph Vackayil
SAMPLE TESTS• Database security audit• SQL injection techniques • Network traffic eavesdropping• Access control testing • Network intrusion testing • Network stress testing• DoS attacks• Manipulating user input data• Web application penetration
testing
OSSTM PT WorkflowInduction Phase:- Decide on test timelines- Shortlist the tests to be done
Interaction Phase:- Network Discovery-Select target systems for each test
Inquest Phase:Find out as much data as possible about target systems
Intervention Phase:Verify functionality of security and alerting mechanisms
• Web server, DB Server• Firewall, etc.
• Which ports are open• What services are
running• Device configuration
vulnerabilities
• Log alerts• FIM alerts• IPS alerts
![Page 46: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/46.jpg)
By – Praveen Joseph Vackayil
Risk Assessment
![Page 47: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/47.jpg)
By – Praveen Joseph Vackayil
Risk AssessmentPCI Req 12.2Implement a risk-assessment process that:Frequency:• Is performed at least annually and upon significant changes to
the environment (for example, acquisition, merger, relocation, etc.)
Entities:• Identifies critical assets, threats, and vulnerabilities, Methodology:• Results in a formal risk assessment
WHAT IT IS
![Page 48: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/48.jpg)
By – Praveen Joseph Vackayil
Risk AssessmentHOW PEOPLE TEND TO DO IT
This is an example of a compliance RA. Not a security RA
![Page 49: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/49.jpg)
By – Praveen Joseph Vackayil
Risk Assessment
A PCI Risk Assessment must be:• Formal:– Measurable– Comparable– Repeatable
• Focusing on card data as the central asset• Emphasizing security and not compliance
WHAT IT IS
![Page 50: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/50.jpg)
By – Praveen Joseph Vackayil
Risk Assessment
Risk Assessment can be used to• Tailor the PCI requirement to the unique
nature of the organization’s CDE• Reduce the overall cost of compliance
and security maintenance• Assist in scope reduction
![Page 51: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/51.jpg)
By – Praveen Joseph Vackayil
Suggested PCI RA WorkflowScope
Assets
Threat
VulnerabilityRisk Score
Risk Management-Treat, Transfer,
Terminate, Tolerate
Documentation
E-Commerce Website
Primary Asset – CHDSupporting Assets– People, Technology
Disclosure of CHD via compromise of perimeter firewall by external entity
No defined frequency for firewall rule review
Medium
Treat:Firewall config to be reviewed every quarter by Security team. Corrective action to be taken by Network team.
![Page 52: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/52.jpg)
By – Praveen Joseph Vackayil
Service Provider Management
![Page 53: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/53.jpg)
By – Praveen Joseph Vackayil
Service Provider Management: Typical Concerns
No knowledge on– the extent to which service provider can access client’s systems and
information– service provider’s information security controls and how effective they
are – how they verify employees’ backgrounds
No defined ownership of applicable PCI requirementsEg. Application hosted at client’s site, but developed remotely by a third party organization:
– 6.4.1 Separate development/test environments from production environments ->Client
– 6.4.2 Separation of duties between development/test and production -> Service Provider
![Page 54: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/54.jpg)
By – Praveen Joseph Vackayil
Service Provider Management12.8: Maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the security of cardholder data• Maintain a list of service providers• Due diligence in selecting service providers• MSA: Service providers are responsible for the security of
cardholder data they possess or otherwise store, process or transmit on behalf of the customer
• Annually monitor their PCI compliance• Classify PCI requirements as per client - service providers’
responsibility and get mutual agreement
WHAT IT IS
![Page 55: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/55.jpg)
By – Praveen Joseph Vackayil
?
![Page 56: 5 Under-utilized PCI Requirements and how you can leverage them](https://reader035.vdocuments.us/reader035/viewer/2022062709/558d0b95d8b42a915a8b4630/html5/thumbnails/56.jpg)
By – Praveen Joseph Vackayil
Stay in Touch
• www.linkedin.com/in/vackayil
THANK YOU