Mitigating Card System Breaches. October 11, :00 pm 2:50 pm

Transcription

1 Mitigating Card System Breaches October 11, :00 pm 2:50 pm

2

3

4 Direct Costs of a Data Breach

5 Indirect Costs of a Data Breach

6 Objectives Technology arm of NACS Volunteers do the heavy lifting Create technology standards Educate Advocate NACS partner in Technology Edge at the Show Technology Edge Solution Center (Booth 5709)

7 Moderator Linda Toth Director of Standards Conexxus Speakers Kara Gunderson POS Manager Citgo Petroleum Corporation Phil Schwartz IS Manager, Credit Card Systems POS App Support Valero Energy Corporation

8 Objectives Objectives Define security versus compliance as it pertains to your organization s data security Identify the resources available today to help you secure your sensitive data Connect with resources that can provide you with additional information on data security

9 What we are going to discuss Difference between Security vs. Compliance Anti-skimming Risk Mitigation Plan Conexxus Security Incident Reporting Tool Q & A

10 Are you PCI compliant today? A. Yes B. No C. Not sure

11 Don t concentrate on the finger

12 What is the most frequently used method of data theft in the convenience retail channel? A. RAM skimming B. AFD skimming C. Remote access infiltration D. SQL injection

13 Skimming Devices

14 How many of the previously pictured devices are skimmers? A. One B. Two C. All three D. None

15 Skimming Devices

16 Tamper-proof Stickers

17 Replace Standard Locks

18 Inspect Dispensers Regularly

19 NACS / Conexxus We Care Program

20 Start with a PA-DSS Point of Sale

21 PCI Terminology PA-DSS = Point of Sale Developers Payment Application Data Security Standard PCI-DSS = Merchants Payment Card Industry Data Security Standard

22 Keep your payment application patched

23 Are you running the most current version of your payment application? A. Yes B. No C. Don t know

24 Internet access? Back Office PC Fuel Dispensers Video Surveillance Point of Sale

25 Install a firewall

26 Firewall installation Back Office PC & Surveillance Cardholder Data FIREWALL with Segmentation

27 Use two-factor authentication

28 Passwords

29 Do you have a schedule for changing all passwords on your retail systems?

30 Anti-virus

31 White Listing ONLY ALLOW THESE WEBSITES or IP ADDRESSES Managed Firewall Service Provider Help Desk Point of Sale Vendor Help Desk Fuel Dispenser Manufacturer Help Desk Underground Tank Storage Monitoring Service Video Surveillance Company Back Office Accounting Software Help Desk Use Managed Firewall Service Provider or IT person to set up White List

32 New/Upgraded POS = IP Based DIRECT CONNECTION Install Managed Firewall Service & Anti-Virus Software Inspect Fuel Dispensers Daily

33 Pen Testing

34 Has an external vulnerability scan been performed at your sites this year?

35 Data Security Incident Report Database Developed by the Conexxus Data Security Standards Committee Complete Anonymous No IP tracking Single Username and Password

36 Incident tracking

37 Key takeaways Compliance is required Security should be your focus There are some simple steps that you can take to enhance security of sensitive customer data You are not alone

38 Available resources NACS We Care Anti-Skimming Video: NACS We Care Security Stickers: Conexxus-NACS We Care Program: NACS - PCI Compliance Information:

39

40 Objectives Technology Edge Solution Center (Booth 5709) Website: LinkedIn Group: Conexxus Online Follow us on

41 Session Survey Question #1 I would recommend this session to my peers. ( Swipe your rating on your phone or tablet) Please complete the three survey questions if you wish to receive the presentation

42 Session Survey Question #2 I can apply the content from this session in my job. ( Swipe your rating on your phone or tablet) Please complete the three survey questions if you wish to receive the presentation

43 Session Survey Question #3 Please share what you liked most or least about this session as well as future topics for education sessions (Type your response in the text field. The last edit is your final submission) Please complete the three survey questions if you wish to receive the presentation

44 Copyright Notice The copyright law of the United States (Title 17, United States Code) governs the making of photocopies or other reproduction of copyrighted material. Under certain conditions specified in the law, libraries and archives are authorized to furnish a photocopy or other reproduction. One of these specified conditions is that the photocopy or reproduction is not to be "used for other purpose than private study, scholarship or research." If a user makes a request for, or lateruses, a photocopy or reproduction for purposes in excess of "fair use," that person may be liable for copyright infringement. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of Convenience Stores. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, shall not constitute or imply an endorsement, recommendation, or support by the National Association of Convenience Stores. The National Association of Convenience Stores makes no warranty, express or implied, nor does it assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process described in these materials.