confidential 1 preparing for & maintaining pci compliance
TRANSCRIPT
CONFIDENTIAL2
Topics of Discussion
• About Link2Gov• Establishing security policy and e-commerce
infrastructure• Preparing for the audit• Facility and resource requirements during the
audit• Responsiveness to findings• Maintaining security standards following audit• Marketing PCI compliance• Questions
CONFIDENTIAL3
About Link2Gov
• Our mission is to be the premier provider of integrated IP payment services using web, telephony, point of sale and other transaction technologies.
CONFIDENTIAL4
About Link2Gov
• Payment methods include: – Credit Cards– ATM/Debit Cards
(PIN-Secured)
– Check Cards (Signature-Debit)
– Electronic Checks (Conversion, Verification and Guarantee)
• Payment channels include:– Point-of-Sale (POS)– Internet– Interactive Voice
Response (IVR)– Mail and Kiosks
CONFIDENTIAL5
About Link2Gov
• IP Gateway
• Virtual Terminal: LINK2POS
• Network Controlled VeriFone POS Terminals
• Web & IVR Application Generator & Hosting
• Consolidated Real-Time Internet Reporting
• Flexible Funding Models
CONFIDENTIAL6
Establishing security policy and e-commerce infrastructure
• Ecommerce Infrastructure• Documentation• Implementation• Enforcement• Policy
CONFIDENTIAL8
Preparing for the audit
• Yearly Changes• Computer Security Test Plan Review• Configuration Management Plan• Risk Assessment Plan• Disaster Recovery Plan• Trusted Facilities Manual
CONFIDENTIAL9
Facility and resource requirements during the audit
• Staffing• Travel• Infrastructure
CONFIDENTIAL10
Responsiveness to findings
• Reviewing Findings• Verify Results• False Positives• Exceptions• Implementation
– Configuration Management
CONFIDENTIAL11
Maintaining security standards following audit
• Security Policy Documentation• Enforcement
– Audit Trail– System Logs– Accounting
• Change Control
CONFIDENTIAL12
Marketing PCI compliance
• Cost Avoidance Through L2G Products– Pass Thru– Web / IVR
• Security Validation by Third Party• Certifications