Copyright 2015 CDI Technology, LLC

PCI Compliance In JD Edwards Environment

Keep Your Company Out of Tomorrow’s Headlines

Milind Joshi

Greg Pesavento

February 4th, 2015

Copyright 2015 CDI Technology, LLC

Overview

• In Business Since 1991

• JD Edwards partner since 1994

• Payments and E-Commerce focus

• Oracle OVI Solution

• Now a company

Copyright 2015 CDI Technology, LLC

Product Portfolio

• ERP2Web B2B and B2C solution

• SnapPay Payments Engine

• SnapPOS Point of Sale solution

• SnapVSS Buyer / Supplier collaboration solution

• SnapMobile Mobile e-commerce solution

Copyright 2015 CDI Technology, LLC

First, the Headlines

Copyright 2015 CDI Technology, LLC

Second, the Numbers

Data breaches in 2014

Companies failed their baseline PCI DSS assessment

Known records

exposed

Sources: ITRC Data Breach Reports / Verizon 2014 PCI Compliance Report

Copyright 2015 CDI Technology, LLC

PCI Security Standards Council

• Launched in 2006

• Founded by 5 payment card brands in North America

• Shared governance and agreed to common standards

• Enforcement and penalties remains with brands

Copyright 2015 CDI Technology, LLC

Components of Payment Processing

Other System 1

Other System 2

Other System 3

Other System 4

Payment Application

(like SnapPay)

Payment Gateway (e.g. PayPal, BluePay)

Payment Processor (e.g. BluePay, FirstData)

Bank Network

Credit Cards Network

Oracle Validated

Integration

PCI PA-DSS Validated Solution

PCI DSS Certified Solution

Key Considerations: Capture, Transmission, Storage

Key Considerations: Scope of PCI Audit

Copyright 2015 CDI Technology, LLC

Important considerations for selecting Payment Processing Solution

• Total Cost of Payments

• Direct to Bank – ACH

• Fraud Filters

Copyright 2015 CDI Technology, LLC

Other System 1

Other System 2

Other System 3

Other System 4

Payment App. CDI’s SnapPay

A BluePay Company

Payment Gateway (BluePay)

Payment Processor (BluePay)

Bank Network

Credit Cards Network

Oracle Validated

Integration

All three pieces from a single company

PCI DSS Certified Solution PCI PA-DSS Validated Solution

Three Pieces of the Payment Puzzle After the BluePay / CDI Merger

Copyright 2015 CDI Technology, LLC

PCI Scope Reduction Strategies

• Do not store credit cards on your internal systems

• Tokenize your credit cards for reuse

• Use cloud for credit card entry and storage

• Mail Order Telephone Order (MOTO)

– Customer registration of credit cards

– IVR for phone orders

– CSRs credit card entry via encrypted key pad

• Point of Sale

– Use encrypted card readers, EMV is still coming

Copyright 2015 CDI Technology, LLC

In Conclusion

• Becoming PCI Compliant is not your end goal

• Treat payment risks like brick and mortar risks

• The right tools and solutions can

reduce compliance efforts

• Stay abreast of emerging trends

– Blogs, newsletters, twitter, local user groups, conferences

• Engage with a trusted QSA … while developing your

own expertise in payment security

Copyright 2015 CDI Technology, LLC

Order Activity Rules To Support SnapPay Automated Credit Card Processing

520 – 540 Enter / Create Sales Order

SnapPay Authorization: (1) JDE SOM Screen or SnapPay Web Form (2) Batch

540 – 544 Credit Card Authorization – Failure

540 – 545 Credit Card Authorization – Successful

545 – 550 Print Pick Slips

550 – 555 Ship Confirm

SnapPay Settlement / Capture: (1) Batch or (2) JDE SOM Screen

555 – 557 Settlement – Failure

555 – 580 Settlement - Successful

580 – 620 Invoice Print

620 – 999 Sales Update

SnapPay JDE Batch AR Receipts – Clears Open AR

SnapPay Sales Order Process Flow