PCI Compliance Risks

Payment Card Industry (PCI) compliance is the most discussed topic among consumers and business owners, small and large.  Being PCI compliant isn't just a standard to protect card holder information; it is about establishing a security perimeter to isolate the organization from financial and reputational risk.  Regardless of the type of organization, for profit or non-profit, conforming to PCI is required by most of the major credit card companies, such as VISA, MasterCard, and American Express (among others), to ensure that when a company collects payment card data during business transactions security is maintained to a universally accepted level.  PCI is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC), an open global forum for the development, enhancement, dissemination and implementation of security standards for account data protection.

The most important aspect of PCI compliance is vulnerability management.  Vulnerability is an application weakness or a design flaw that allows an attacker to exploit a system for potential harm or financial benefits.  Though it is practically impossible to have a vulnerability free system, one can implement tools to identify the nature of vulnerabilities and mitigate the potential risk they pose.  As an institution, it is very important for business managers, administrators, and IT security personnel to pay attention to those security warnings.  The webinar will identify types, sources, and the mitigation of external and internal threats.  The session will review Vulnerability Assessment and Penetration Testing (VAPT) tools available in the market and their benefits.  The presenter will engage the audience in polling questions about the available tools to detect vulnerabilities and threats and the steps needed to mitigate them.



Shiva Hullavarad, Manager of Compliance, Information & Record Systems, University of Alaska.


Learning Objectives:
Upon completion of this program participants will be able to:

  • Identify PCI requirements

  • Utilize the Payment Card Industry - Data Security Standards to test for system vulnerabilities

  • Develop a risk assessment related to PCI standards

    Knowledge Level: Overview

    Location: Virtual

    Field of Study: Specialized Knowledge and Applications

    Advance Preparation: None

    Prerequisites: None

    Delivery Method: Group-internet-based

    Number of Webinar Credits: 1 Credit

    Cost: None


    About the Presenter:

    Shiva Hullavarad is the Manager of Compliance, Information and Records Systems for the University of Alaska System.  In this role, Shiva is responsible for meeting University compliance on Personally Identifiable Information, Payment Card Industry standards, and enterprise ECM system.  He holds a PhD in Applied Physics and an MBA.  Shiva has authored various publications on ECM, digital signatures, risk and compliance.

PCI Compliance Risks presentation

PCI Compliance Risks presentation slides