Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 ....
-
Upload
truongcong -
Category
Documents
-
view
223 -
download
0
Transcript of Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 ....
![Page 1: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/1.jpg)
Copyright 2015 CDI Technology, LLC
PCI Compliance In JD Edwards Environment
Keep Your Company Out of Tomorrow’s Headlines
Milind Joshi
Greg Pesavento
February 4th, 2015
![Page 2: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/2.jpg)
Copyright 2015 CDI Technology, LLC
Overview
• In Business Since 1991
• JD Edwards partner since 1994
• Payments and E-Commerce focus
• Oracle OVI Solution
• Now a company
![Page 3: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/3.jpg)
Copyright 2015 CDI Technology, LLC
Product Portfolio
• ERP2Web B2B and B2C solution
• SnapPay Payments Engine
• SnapPOS Point of Sale solution
• SnapVSS Buyer / Supplier collaboration solution
• SnapMobile Mobile e-commerce solution
![Page 4: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/4.jpg)
Copyright 2015 CDI Technology, LLC
First, the Headlines
![Page 5: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/5.jpg)
Copyright 2015 CDI Technology, LLC
Second, the Numbers
Data breaches in 2014
Companies failed their baseline PCI DSS assessment
Known records
exposed
Sources: ITRC Data Breach Reports / Verizon 2014 PCI Compliance Report
![Page 6: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/6.jpg)
Copyright 2015 CDI Technology, LLC
PCI Security Standards Council
• Launched in 2006
• Founded by 5 payment card brands in North America
• Shared governance and agreed to common standards
• Enforcement and penalties remains with brands
![Page 7: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/7.jpg)
Copyright 2015 CDI Technology, LLC
Components of Payment Processing
Other System 1
Other System 2
Other System 3
Other System 4
Payment Application
(like SnapPay)
Payment Gateway (e.g. PayPal, BluePay)
Payment Processor (e.g. BluePay, FirstData)
Bank Network
Credit Cards Network
Oracle Validated
Integration
PCI PA-DSS Validated Solution
PCI DSS Certified Solution
Key Considerations: Capture, Transmission, Storage
Key Considerations: Scope of PCI Audit
![Page 8: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/8.jpg)
Copyright 2015 CDI Technology, LLC
Important considerations for selecting Payment Processing Solution
• Total Cost of Payments
• Direct to Bank – ACH
• Fraud Filters
![Page 9: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/9.jpg)
Copyright 2015 CDI Technology, LLC
Other System 1
Other System 2
Other System 3
Other System 4
Payment App. CDI’s SnapPay
A BluePay Company
Payment Gateway (BluePay)
Payment Processor (BluePay)
Bank Network
Credit Cards Network
Oracle Validated
Integration
All three pieces from a single company
PCI DSS Certified Solution PCI PA-DSS Validated Solution
Three Pieces of the Payment Puzzle After the BluePay / CDI Merger
![Page 10: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/10.jpg)
Copyright 2015 CDI Technology, LLC
PCI Scope Reduction Strategies
• Do not store credit cards on your internal systems
• Tokenize your credit cards for reuse
• Use cloud for credit card entry and storage
• Mail Order Telephone Order (MOTO)
– Customer registration of credit cards
– IVR for phone orders
– CSRs credit card entry via encrypted key pad
• Point of Sale
– Use encrypted card readers, EMV is still coming
![Page 11: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/11.jpg)
Copyright 2015 CDI Technology, LLC
In Conclusion
• Becoming PCI Compliant is not your end goal
• Treat payment risks like brick and mortar risks
• The right tools and solutions can
reduce compliance efforts
• Stay abreast of emerging trends
– Blogs, newsletters, twitter, local user groups, conferences
• Engage with a trusted QSA … while developing your
own expertise in payment security
![Page 12: Milind Joshi Greg Pesavento February 4 , 2015 - Oracle · Greg Pesavento February 4th, 2015 . Copyright 2015 CDI Technology, LLC Overview • In Business Since 1991 • JD Edwards](https://reader030.fdocuments.in/reader030/viewer/2022021706/5b8a640d7f8b9a655f8e3160/html5/thumbnails/12.jpg)
Copyright 2015 CDI Technology, LLC
Order Activity Rules To Support SnapPay Automated Credit Card Processing
520 – 540 Enter / Create Sales Order
SnapPay Authorization: (1) JDE SOM Screen or SnapPay Web Form (2) Batch
540 – 544 Credit Card Authorization – Failure
540 – 545 Credit Card Authorization – Successful
545 – 550 Print Pick Slips
550 – 555 Ship Confirm
SnapPay Settlement / Capture: (1) Batch or (2) JDE SOM Screen
555 – 557 Settlement – Failure
555 – 580 Settlement - Successful
580 – 620 Invoice Print
620 – 999 Sales Update
SnapPay JDE Batch AR Receipts – Clears Open AR
SnapPay Sales Order Process Flow