PCI Seminar, July 22nd 2009

Introduction

An auditor’s viewRitchie Jeune - Evolution Systems Limited

PCI compliant web hostingFrancis Ofungwu - Rackspace

PCI compliant payment handlingJohn Fitchett - Sagepay

Pod1’s perspectiveMark Hopwood - Pod1

Panel discussionClose & drinks

Welcome

Mark HopwoodTechnology & Operations Director

Pod1

PCI - Pod1’s perspective

Why is PCI important?How we view PCIA brief history of eCommerce at Pod1Gutenberg - a Pod1 developed eCommerce solutionMagento - supported open source eCommerceOur plans for PCI compliance

Why is PCI important?

It’s mandatory

It’s good for business

It’s a trojan horse

How we view PCI

A brief history of eCommerce at Pod1

2001 to 2008

2008 onwards

Gutenberg - a Pod1 developed eCommerce solution

Magento - supported open source eCommerce

Developed by VarienThriving open source communityForrester Research “One to Watch”Enterprise Version launched May 2009

Pod1 now has 6 live Magento clients with more on the way

Varien committed to PA-DSS compliance for Magento

Pod1’s plans for PCI compliance

Aiming to be a PCI compliant organisation this Autumn:✓ Rackspace PCI compliant infrastructure✓ PCI compliant payment service providers, including

Sagepay✓ Varien pursuing PA-DSS for Magento✓ Plans for all of our Gutenberg clients

... allowing all our clients to become PCI compliant without the need to audit Pod1

Pod1’s plans for PCI compliance

Internal change to support this:• Stronger processes• Regular internal code reviews• Better tools for testing and deployment• Separate staging from live• Applies to all clients

Suggested next steps

Speak to your account management teamConduct your own self-assessmentStart raising internal awareness, if you haven’t alreadyGet in touch with the experts

Thank you

mark.hopwood@pod1.com