SlideShare a Scribd company logo

Does your API need to be PCI Compliant?

Apigee | Google Cloud
Apigee | Google Cloud

Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices. But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance. In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.

1 of 24
Downloaded 53 times
Does  Your  API  Need  to  be  PCI  Compliant?     Rapid  API  Workshop   Brian  Pagano      @brianpagano   Sco7  Metzger  @sco7metzger  
@brianpagano @sco7metzger
Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  of  Successful  API  Programs   API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Today:  Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  A7rac?ng  Developers  
We  Will  Cover   •  Facts  &  Common  Myths  about  PCI  Compliance   •  What  does  it  mean  to  be  PCI  compliant  when   transac?ng  via  APIs?   •  How  can  Apigee  enable  you  to  be  PCI   compliant?  
PCI  Fundamentals   What  is  it?   •  The  Payment  Card  Industry  specifica?on  is   produced  by  a  consor?um  consis?ng  of  Visa,   MasterCard,  JCB,  American  Express,  and   Discover.   •  It  describes  the  proper  handling  of  credit  card   informa?on  (during  transac?ons  and  at  rest).  
PCI  Fundamentals     What  is  it?   •  Council  originally  formed  in  2006.   •  DSS  (Data  Security  Standards)  define  12   requirements  for  compliance.  
PCI  Fundamentals   What  it  isn’t?   •  It  is  not  an  enforcement  or  policing   organiza?on.  
PCI  Fundamentals   Then  what  does  it  do?   •  The  intent  is  to  prevent  merchants  from  having   to  write  to  mul?ple,  proprietary  standards.   •  Gives  consumers  confidence.   •  Useful  for  audits.  
PCI  Fundamentals   •  So  who  should  care  about  PCI?  
Main  PCI  Control  Objec?ves   •  Build  and  maintain  a  secure  network   •  Protect  cardholder  data   •  Maintain  a  vulnerability  management  program   •  Implement  strong  access  control  measures   •  Regularly  monitor  and  test  networks   •  Maintain  an  informa?on  security  policy  
PCI  Control  Objec?ves   Build  and  maintain  a  secure  network   •  Install  and  maintain  a  firewall   •  Do  not  use  any  default  passwords  
PCI  Control  Objec?ves   Protect  Cardholder  Data   •  Protect  stored  data   •  Encrypt  transmission  of  data  
PCI  Control  Objec?ves   Maintain  a  vulnerability  management  program   •  Update  an?-­‐virus   •  Develop  secure  applica?ons  and  systems  
PCI  Control  Objec?ves   Implement  strong  access  control  measures   •  Need-­‐to-­‐know  access  to  cardholder  data   •  System  access  only  via  unique  IDs   •  Physical  access  controls  
PCI  Control  Objec?ves   Regularly  monitor  and  test  networks   •  Monitor  network  access   •  Test  systems,  test  processes  
PCI  Control  Objec?ves   Maintain  an  informa?on  security  policy  
What  does  it  mean  to  be  PCI  Compliant?   •  A  company  must  have  an  audit  performed   •  By  a  third  party  audi?ng  firm   •  From  the  Visa/Mastercard  approved  auditor   list,   •  Which  checks  that  the  correct  processes  and   technologies  are  in  place.    
PCI  Compliance   Does  my  API  need  to  be  PCI  compliant?    
PCI  Compliance   Can  a  sofware  tool  make  me  PCI  compliant?   •  No.    
PCI  &  Apigee   So,  PCI  is  a  specifica?on  for  (a)  processes  and  (b)   security  measures  to  protect  cardholder  informa?on.   •  Apigee  can  help  with  the  process.   •  Apigee  can  help  with  the  technology.    
PCI  &  Apigee:  Process   •  The  Apigee  gateway  provides  a  central  loca?on   for  logging,  policies,  and  security.   •  The  gateway  can  perform  data  masking  to  log   transac?ons  without  storing  any  sensi?ve   informa?on.    Also,  feeds  into  log  aggregators.   •  This  centraliza?on  helps  with  audi?ng  and   a7esta?ons.  
PCI  &  Apigee:  Technology   •  The  Apigee  gateway  contributes  to  defense  in   depth,  protects  backend  systems,  and   strengthens  network  security.   •  Apigee  provides  a  hosted  solu?on  that  enables   PCI  compliance.     •  No  product  will  make  someone  PCI  compliant!   •  Apigee  enables  and  contributes  to   compliance.    
Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  in  Successful  API  Programs   Today:  API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  ADracEng  Developers  
THANKS!     Send  ques)ons,  examples,  and  ideas  to  @apigee   Brian  Pagano      Sco7  Metzger   bpagano@apigee.com    smetzger@apigee.com   @brianpagano      @sco7metzger                  
Ad

Recommended

apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays Australia 2023 - The Swiss Cheese Model of Layered API Security, Leon...
apidays
 
Security analytics for dummies Securonix special edition
Security analytics for dummies Securonix special editionSecurity analytics for dummies Securonix special edition
Security analytics for dummies Securonix special edition
Marusya Maruzhenko
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security Fundamentals
José Haro Peralta
 
Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!
Net at Work
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
bilcorry
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
ISMS Awareness_Intan Rahayu
ISMS Awareness_Intan RahayuISMS Awareness_Intan Rahayu
ISMS Awareness_Intan Rahayu
Directorate of Information Security | Ditjen Aptika
 
Proactive Internal Auditing -- The Key to Improving Your Quality System
Proactive Internal Auditing -- The Key to Improving Your Quality SystemProactive Internal Auditing -- The Key to Improving Your Quality System
Proactive Internal Auditing -- The Key to Improving Your Quality System
SafetyChain Software
 
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Votre Assistante
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
barnetdh
 
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdfCertified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Tuan Yang
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
Mark S. Mahre
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
deepikakumari643428
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
Apigee | Google Cloud
 
Ad

More Related Content

What's hot (20)

PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
bilcorry
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
ISMS Awareness_Intan Rahayu
ISMS Awareness_Intan RahayuISMS Awareness_Intan Rahayu
ISMS Awareness_Intan Rahayu
Directorate of Information Security | Ditjen Aptika
 
Proactive Internal Auditing -- The Key to Improving Your Quality System
Proactive Internal Auditing -- The Key to Improving Your Quality SystemProactive Internal Auditing -- The Key to Improving Your Quality System
Proactive Internal Auditing -- The Key to Improving Your Quality System
SafetyChain Software
 
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Votre Assistante
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
barnetdh
 
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdfCertified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Tuan Yang
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
Mark S. Mahre
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
deepikakumari643428
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
bilcorry
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
ISMS Awareness_Intan Rahayu
ISMS Awareness_Intan RahayuISMS Awareness_Intan Rahayu
ISMS Awareness_Intan Rahayu
Directorate of Information Security | Ditjen Aptika
 
Proactive Internal Auditing -- The Key to Improving Your Quality System
Proactive Internal Auditing -- The Key to Improving Your Quality SystemProactive Internal Auditing -- The Key to Improving Your Quality System
Proactive Internal Auditing -- The Key to Improving Your Quality System
SafetyChain Software
 
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Comment transformer vos fichiers Excel en présentation PowerPoint en 1 clic ?
Votre Assistante
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
barnetdh
 
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdfCertified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Tuan Yang
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
Mark S. Mahre
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
deepikakumari643428
 

Viewers also liked (20)

Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
Apigee | Google Cloud
 
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and SwaggerI Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
Apigee | Google Cloud
 
Developers Hate Marketing! Driving API Adoption
Developers Hate Marketing! Driving API AdoptionDevelopers Hate Marketing! Driving API Adoption
Developers Hate Marketing! Driving API Adoption
Apigee | Google Cloud
 
The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3
Apigee | Google Cloud
 
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Apigee | Google Cloud
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
Apigee | Google Cloud
 
API Copyrights: New Considerations for Building or Using APIs
API Copyrights: New Considerations for Building or Using APIsAPI Copyrights: New Considerations for Building or Using APIs
API Copyrights: New Considerations for Building or Using APIs
Apigee | Google Cloud
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slides
Apigee | Google Cloud
 
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Apigee | Google Cloud
 
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
Apigee | Google Cloud
 
Edge API BaaS Deep-Dive: Streamline app development
Edge API BaaS Deep-Dive: Streamline app developmentEdge API BaaS Deep-Dive: Streamline app development
Edge API BaaS Deep-Dive: Streamline app development
Apigee | Google Cloud
 
APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?
Apigee | Google Cloud
 
Pragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee WebinarPragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee Webinar
Apigee | Google Cloud
 
10 patterns in successful api programs 2
10 patterns in successful api programs 210 patterns in successful api programs 2
10 patterns in successful api programs 2
Apigee | Google Cloud
 
Economic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIsEconomic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIs
Apigee | Google Cloud
 
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare AppsCreate FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Apigee | Google Cloud
 
Using APIs to Program Disparate IoT Devices
Using APIs to Program Disparate IoT DevicesUsing APIs to Program Disparate IoT Devices
Using APIs to Program Disparate IoT Devices
Apigee | Google Cloud
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)
Apigee | Google Cloud
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
Apigee | Google Cloud
 
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and SwaggerI Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
I Love APIs 2015: Create Design-driven APIs with Node.js and Swagger
Apigee | Google Cloud
 
Developers Hate Marketing! Driving API Adoption
Developers Hate Marketing! Driving API AdoptionDevelopers Hate Marketing! Driving API Adoption
Developers Hate Marketing! Driving API Adoption
Apigee | Google Cloud
 
The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3The API Facade Pattern: Technology - Episode 3
The API Facade Pattern: Technology - Episode 3
Apigee | Google Cloud
 
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Real-time hypermedia APIs: Exploring the fundamentals of how we build network...
Apigee | Google Cloud
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
Apigee | Google Cloud
 
API Copyrights: New Considerations for Building or Using APIs
API Copyrights: New Considerations for Building or Using APIsAPI Copyrights: New Considerations for Building or Using APIs
API Copyrights: New Considerations for Building or Using APIs
Apigee | Google Cloud
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slides
Apigee | Google Cloud
 
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Deep-Dive: How Can APIs Help You Innovate? (Partner Ecosystems)
Apigee | Google Cloud
 
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
O'Reilly author webinar "APIs: A Strategy guide": Transforming Your Business...
Apigee | Google Cloud
 
Edge API BaaS Deep-Dive: Streamline app development
Edge API BaaS Deep-Dive: Streamline app developmentEdge API BaaS Deep-Dive: Streamline app development
Edge API BaaS Deep-Dive: Streamline app development
Apigee | Google Cloud
 
APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?APIs Inside Enterprise - SOA Displacement?
APIs Inside Enterprise - SOA Displacement?
Apigee | Google Cloud
 
Pragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee WebinarPragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee Webinar
Apigee | Google Cloud
 
10 patterns in successful api programs 2
10 patterns in successful api programs 210 patterns in successful api programs 2
10 patterns in successful api programs 2
Apigee | Google Cloud
 
Economic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIsEconomic Models for Reinventing Telco - Innovation with APIs
Economic Models for Reinventing Telco - Innovation with APIs
Apigee | Google Cloud
 
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare AppsCreate FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Create FHIR-Enabled Experiences: API-First Approach for Healthcare Apps
Apigee | Google Cloud
 
Using APIs to Program Disparate IoT Devices
Using APIs to Program Disparate IoT DevicesUsing APIs to Program Disparate IoT Devices
Using APIs to Program Disparate IoT Devices
Apigee | Google Cloud
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)
Apigee | Google Cloud
 
Ad

Similar to Does your API need to be PCI Compliant? (20)

An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
Sasha Nunke
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
ControlCase
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
ControlCase
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
Avi Networks
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
RightScale
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
Kimberly Simon MBA
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
Miminten
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
Sasha Nunke
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
ControlCase
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
ControlCase
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
Avi Networks
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
RightScale
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
Kimberly Simon MBA
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
Ad

More from Apigee | Google Cloud (20)

How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
Apigee | Google Cloud
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
Apigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
Apigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
Apigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
Apigee | Google Cloud
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
Apigee | Google Cloud
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
Apigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
Apigee | Google Cloud
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
Apigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
Apigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
Apigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
Apigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
Apigee | Google Cloud
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
Apigee | Google Cloud
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
Apigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
Apigee | Google Cloud
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
Apigee | Google Cloud
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
Apigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
Apigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
Apigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
Apigee | Google Cloud
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
Apigee | Google Cloud
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
Apigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
Apigee | Google Cloud
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
Apigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
Apigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
Apigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
Apigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
Apigee | Google Cloud
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
Apigee | Google Cloud
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
Apigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
Apigee | Google Cloud
 

Recently uploaded (20)

Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 

Does your API need to be PCI Compliant?

  • 1. Does  Your  API  Need  to  be  PCI  Compliant?     Rapid  API  Workshop   Brian  Pagano      @brianpagano   Sco7  Metzger  @sco7metzger  
  • 2. @brianpagano @sco7metzger
  • 3. Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  of  Successful  API  Programs   API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Today:  Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  A7rac?ng  Developers  
  • 4. We  Will  Cover   •  Facts  &  Common  Myths  about  PCI  Compliance   •  What  does  it  mean  to  be  PCI  compliant  when   transac?ng  via  APIs?   •  How  can  Apigee  enable  you  to  be  PCI   compliant?  
  • 5. PCI  Fundamentals   What  is  it?   •  The  Payment  Card  Industry  specifica?on  is   produced  by  a  consor?um  consis?ng  of  Visa,   MasterCard,  JCB,  American  Express,  and   Discover.   •  It  describes  the  proper  handling  of  credit  card   informa?on  (during  transac?ons  and  at  rest).  
  • 6. PCI  Fundamentals     What  is  it?   •  Council  originally  formed  in  2006.   •  DSS  (Data  Security  Standards)  define  12   requirements  for  compliance.  
  • 7. PCI  Fundamentals   What  it  isn’t?   •  It  is  not  an  enforcement  or  policing   organiza?on.  
  • 8. PCI  Fundamentals   Then  what  does  it  do?   •  The  intent  is  to  prevent  merchants  from  having   to  write  to  mul?ple,  proprietary  standards.   •  Gives  consumers  confidence.   •  Useful  for  audits.  
  • 9. PCI  Fundamentals   •  So  who  should  care  about  PCI?  
  • 10. Main  PCI  Control  Objec?ves   •  Build  and  maintain  a  secure  network   •  Protect  cardholder  data   •  Maintain  a  vulnerability  management  program   •  Implement  strong  access  control  measures   •  Regularly  monitor  and  test  networks   •  Maintain  an  informa?on  security  policy  
  • 11. PCI  Control  Objec?ves   Build  and  maintain  a  secure  network   •  Install  and  maintain  a  firewall   •  Do  not  use  any  default  passwords  
  • 12. PCI  Control  Objec?ves   Protect  Cardholder  Data   •  Protect  stored  data   •  Encrypt  transmission  of  data  
  • 13. PCI  Control  Objec?ves   Maintain  a  vulnerability  management  program   •  Update  an?-­‐virus   •  Develop  secure  applica?ons  and  systems  
  • 14. PCI  Control  Objec?ves   Implement  strong  access  control  measures   •  Need-­‐to-­‐know  access  to  cardholder  data   •  System  access  only  via  unique  IDs   •  Physical  access  controls  
  • 15. PCI  Control  Objec?ves   Regularly  monitor  and  test  networks   •  Monitor  network  access   •  Test  systems,  test  processes  
  • 16. PCI  Control  Objec?ves   Maintain  an  informa?on  security  policy  
  • 17. What  does  it  mean  to  be  PCI  Compliant?   •  A  company  must  have  an  audit  performed   •  By  a  third  party  audi?ng  firm   •  From  the  Visa/Mastercard  approved  auditor   list,   •  Which  checks  that  the  correct  processes  and   technologies  are  in  place.    
  • 18. PCI  Compliance   Does  my  API  need  to  be  PCI  compliant?    
  • 19. PCI  Compliance   Can  a  sofware  tool  make  me  PCI  compliant?   •  No.    
  • 20. PCI  &  Apigee   So,  PCI  is  a  specifica?on  for  (a)  processes  and  (b)   security  measures  to  protect  cardholder  informa?on.   •  Apigee  can  help  with  the  process.   •  Apigee  can  help  with  the  technology.    
  • 21. PCI  &  Apigee:  Process   •  The  Apigee  gateway  provides  a  central  loca?on   for  logging,  policies,  and  security.   •  The  gateway  can  perform  data  masking  to  log   transac?ons  without  storing  any  sensi?ve   informa?on.    Also,  feeds  into  log  aggregators.   •  This  centraliza?on  helps  with  audi?ng  and   a7esta?ons.  
  • 22. PCI  &  Apigee:  Technology   •  The  Apigee  gateway  contributes  to  defense  in   depth,  protects  backend  systems,  and   strengthens  network  security.   •  Apigee  provides  a  hosted  solu?on  that  enables   PCI  compliance.     •  No  product  will  make  someone  PCI  compliant!   •  Apigee  enables  and  contributes  to   compliance.    
  • 23. Rapid API Workshop Webinar Series Mapping  out  your  API  Strategy     Pragma?c  REST:  API  Design  Fu   10  Pa7erns  in  Successful  API  Programs   Today:  API  Metrics  –  What  to  Measure?   API  Technology  &  Opera?ons   Your  API  Sucks!   Does  Your  API  Need  to  be  PCI  Compliant?   Next:  Launching  Your  API  and  ADracEng  Developers  
  • 24. THANKS!     Send  ques)ons,  examples,  and  ideas  to  @apigee   Brian  Pagano      Sco7  Metzger   [email protected]    [email protected]   @brianpagano      @sco7metzger