milind joshi greg pesavento february 4 , 2015...title snappay overview author cdi created date...
TRANSCRIPT
Copyright 2015 CDI Technology, LLC
PCI Compliance In JD Edwards Environment
Keep Your Company Out of Tomorrow’s Headlines
Milind Joshi
Greg Pesavento
February 4th, 2015
Copyright 2015 CDI Technology, LLC
Overview
• In Business Since 1991
• JD Edwards partner since 1994
• Payments and E-Commerce focus
• Oracle OVI Solution
• Now a company
Copyright 2015 CDI Technology, LLC
Product Portfolio
• ERP2Web B2B and B2C solution
• SnapPay Payments Engine
• SnapPOS Point of Sale solution
• SnapVSS Buyer / Supplier collaboration solution
• SnapMobile Mobile e-commerce solution
Copyright 2015 CDI Technology, LLC
First, the Headlines
Copyright 2015 CDI Technology, LLC
Second, the Numbers
Data breaches in 2014
Companies failed their baseline PCI DSS assessment
Known records
exposed
Sources: ITRC Data Breach Reports / Verizon 2014 PCI Compliance Report
Copyright 2015 CDI Technology, LLC
PCI Security Standards Council
• Launched in 2006
• Founded by 5 payment card brands in North America
• Shared governance and agreed to common standards
• Enforcement and penalties remains with brands
Copyright 2015 CDI Technology, LLC
Components of Payment Processing
Other System 1
Other System 2
Other System 3
Other System 4
Payment Application
(like SnapPay)
Payment Gateway (e.g. PayPal, BluePay)
Payment Processor (e.g. BluePay, FirstData)
Bank Network
Credit Cards Network
Oracle Validated
Integration
PCI PA-DSS Validated Solution
PCI DSS Certified Solution
Key Considerations: Capture, Transmission, Storage
Key Considerations: Scope of PCI Audit
Copyright 2015 CDI Technology, LLC
Important considerations for selecting Payment Processing Solution
• Total Cost of Payments
• Direct to Bank – ACH
• Fraud Filters
Copyright 2015 CDI Technology, LLC
Other System 1
Other System 2
Other System 3
Other System 4
Payment App. CDI’s SnapPay
A BluePay Company
Payment Gateway (BluePay)
Payment Processor (BluePay)
Bank Network
Credit Cards Network
Oracle Validated
Integration
All three pieces from a single company
PCI DSS Certified Solution PCI PA-DSS Validated Solution
Three Pieces of the Payment Puzzle After the BluePay / CDI Merger
Copyright 2015 CDI Technology, LLC
PCI Scope Reduction Strategies
• Do not store credit cards on your internal systems
• Tokenize your credit cards for reuse
• Use cloud for credit card entry and storage
• Mail Order Telephone Order (MOTO)
– Customer registration of credit cards
– IVR for phone orders
– CSRs credit card entry via encrypted key pad
• Point of Sale
– Use encrypted card readers, EMV is still coming
Copyright 2015 CDI Technology, LLC
In Conclusion
• Becoming PCI Compliant is not your end goal
• Treat payment risks like brick and mortar risks
• The right tools and solutions can
reduce compliance efforts
• Stay abreast of emerging trends
– Blogs, newsletters, twitter, local user groups, conferences
• Engage with a trusted QSA … while developing your
own expertise in payment security
Copyright 2015 CDI Technology, LLC
Order Activity Rules To Support SnapPay Automated Credit Card Processing
520 – 540 Enter / Create Sales Order
SnapPay Authorization: (1) JDE SOM Screen or SnapPay Web Form (2) Batch
540 – 544 Credit Card Authorization – Failure
540 – 545 Credit Card Authorization – Successful
545 – 550 Print Pick Slips
550 – 555 Ship Confirm
SnapPay Settlement / Capture: (1) Batch or (2) JDE SOM Screen
555 – 557 Settlement – Failure
555 – 580 Settlement - Successful
580 – 620 Invoice Print
620 – 999 Sales Update
SnapPay JDE Batch AR Receipts – Clears Open AR
SnapPay Sales Order Process Flow