We Got Hacked.. But We re Not Worried & Our Credit Cards & Personal Information Are Safe!!!
|
|
- Gervais Barker
- 8 years ago
- Views:
Transcription
1 We Got Hacked.. But We re Not Worried & Our Credit Cards & Personal Information Are Safe!!!
2
3 chance that your business will be 60% hacked in 2015 Source, Forrester Group
4 Traditional security mechanisms have been 96% breached Source, Tripwire
5
6 .had only been masking 25% of their sensitive data. Locations Expected vs Actual WHY DOES IT HAPPEN? Legacy code Users store data Undocumented Vendor Process Developer testing DBA Backups WHY DOES IT MATTER? Cost of Data Breach Application logic 67% University (Several) Healthcare (Homegrown) Manufacturing (EBS) Healthcare (PSFT) WHY IS DICTIONARY SEARCH NOT ENOUGH? Not all relationships defined in DB Backup tables More than one Application 0% 20% 40% 60% 80% 100% Undocumented Documented Expected Total
7 1 2 3 SENSITIVE DATA Data Classification Built-in Extendible DICTIONARY DATA CODE WAYS TO FIND Dictionary match Relationship match Pattern match Data match Code match DATA CODE USERS DRIVES Reporting Masking Method selection Template Creation ENTERPRISE SENSITIVE DATA INTELLIGENCE
8 Data useful for IT purposes, not for theft Sensitive Data Access is an Exception! No more Risk! Detect any unauthorized access STATIC DATA MASKING DYNAMIC DATA MASKING TOKENIZATION ACTIVITY MONITORING NON PRODUCTION PRODUCTION DATA CODE USERS ENTERPRISE SENSITIVE DATA INTELLIGENCE
9 .had only been masking 25% of their sensitive data. Locations Expected vs Actual 67% University (Several) Healthcare (Homegrown) Manufacturing (EBS) Healthcare (PSFT) 0% 20% 40% 60% 80% 100% If you do not know ALL the locations of sensitive data, you are not secure as you think Undocumented Documented Expected Total
10
11 TARGET LOCATIONS On-Premise Cloud DEV APPLICATION 1 APPLICATION 2 TEST DEV TEST UAT TYPICAL PROCESS 1. Instance is refreshed 2. MENTIS creates Agent, and moves code & template 3. Data is updated in place 4. All Logs are sent back to repository for reporting & audit/history 5. After client certifies, MENTIS Agent is dropped DEV TEST UAT TRAIN MASKING TEMPLATES DATA CODE USERS ENTERPRISE SENSITIVE DATA INTELLIGENCE BENEFITS Protections are embedded into the database Masking inside the instance Much better performance Higher Security Since the data is being scrambled where it is stored, no accidental data leakage possible Job Engines & Parallelism mechanisms provided by database are taken advantage of
12
13 Database Application Big Data Cloud Mainframe Four approaches Embedded in the Database Embedded in Application Architecture Web Proxy Mainframe Terminal Emulation Tightly integrated with Sensitive Data Discovery Code Discovery User Access Discovery WHO WHAT WHERE WHEN MASKING RULES Only Solution with: Location-aware masking - mask based on location of user Conditional masking - mask rows of data based on conditions being applied DATA CODE USERS ENTERPRISE SENSITIVE DATA INTELLIGENCE
14
15 World s first Enterprise Sensitive Data Intelligence Platform! Continuous Code Change Monitoring Sensitive Data Retirement Sensitive Data Discovery Sensitive Code Discovery PLATFORM Single, Enterprise-class platform Shared Intelligence Built-in Segregation-of-Duties Collaborative Single deployment architecture, or Multi-node deployment Database Subsetting User Access Discovery MODULAR Address today s issue, without compromise Visionary status User Access Discovery Intrusion Prevention Dynamic Data Masking Static Data Masking INTEGRATED Built from the ground-up as a Sensitive Data protection solution Only solution with coverage for all databases and data sources Database Activity Monitoring
16
17
18 COOL VENDOR in Risk & Compliance VISIONARY in Data Masking CHALLENGER in Data Masking CHALLENGER in Data Masking
19
20 We Got Hacked.. But We re Not Worried & Our Credit Cards & Personal Information Are Safe!!!
21 Security Breach Data State of Data Security Current State of Payment Data Security Breaches in the U.S. In 2015, data and payment security breaches continue to be a major ongoing threat to governments, industries and individuals The cost of a data breach is rising: from $159 per record in 2013, up to $170 per record in Recent News: Hackers compromised the U.S. government > Latest estimate: 4 million current and former workers As of June 2015, 329 data breaches YTD with 103 million records exposed 2 There are two types of companies in the marketplace today: 1. Those that have been hacked 2. Those that will be hacked 1 Ponemon Institute 2015 Cost of a Data Breach Study: Global Analysis 2 Lisa Monaco, U.S. Homeland Security Advisor to President
22 The Rise of RAM Scraper Malware
23 Target Breach Analysis
24 Ideal Solution: Encryption and Tokenization Ideal Solution: Encryption (P2PE) & Tokenization
25 Tokenization Protecting Your Sales Channels Image for tokenization (maybe slide 8 in CardConnect Capabilities presentation) Circle icons of 6 payment methods, from slide #13, that tokenization does/does not protect (orange for yes; gray for no): ALL 6 orange
26 How CardConnect s Tokens Stack Up
27 Card- Not-Present: AJAX Tokenizer & PANPad
28 Retail: PANPad POS
29 P2PE Certification PCI DSS Validated P2PE Solutions and Applications A point-to-point encryption solution includes validated software, hardware, and solution provider environment and processes. Validation is done by a PCI-qualified P2PE assessor Only Council-listed solutions are recognized as meeting the requirements necessary for merchants to reduce the scope of their cardholder data environment All PCI-approved solutions are listed on the Council s website; there are 13 Benefits of validated P2PE Simplifies compliance with PCI DSS The P2PE Self-Assessment Questionnaire includes only 26 PCI DSS requirements Makes account data unreadable by unauthorized parties
30 P2PE 2.0 Defining PCI DSS s P2PE 2.0 P2PE Solution Consists of P2PE encryption and decryption environments, their configuration and design, and any P2PE components used with these environments. P2PE Application Consists of software or other files with access to clear-text data, intended to be used with a POI device and used as part of a P2PE solution. P2PE Component P2PE services that could include encryption management, decryption management and key injection. P2PE Solution Provider A solution provider designs, implements, and manages the P2PE solution. The provider can outsource certain responsibilities. In 2.0, merchants may choose to act as their own solution provider: Merchant-Managed Solution (MMS).
31 Technology Innovation Program Technology Innovation Program Along with the reduced PCI questionnaire, Visa s Technology Innovation Program (TIP) gives merchants more incentive to use P2PE. If 75% of a merchant s transactions originate from a secure acceptance channel (either validated P2PE solution or EMV-enabled device) the merchant may be exempt from PCI DSS compliance
32 PCI Scope Reduction Cost Savings PCI 3.0 is 27% larger than its predecessor meaning businesses will be forced to implement more security controls, making PCI compliance more expensive 1 The Ponemon Institute s True Cost of Compliance found the cost of compliance was, on average, more than $3.5 million 2 Failing to comply with regulations could cost an estimated $9.4 million 2 Merchant Level Initial Scope Becoming Compliant Annual PCI Cost Level 1 Merchant Over 6 million Visa transactions per year Level 2 Merchant 1M to 6M Visa transactions per year Level 3 and 4 Merchants Up to 1M transactions per year $250,000 $550,000-$1,000,000 $250,000 $125,000 $260,000-$500,000 $100,000 $50,000 $75,000-$90,000 $35,000 1 TechTarget 13 Aug 2014: Gartner on PCI DSS 3.0 changes: Bigger, harder and more expensive 2 Ponemon Institute January 2011: The True Cost of Compliance
33 Interchange Optimization Interchange Optimization Interchange the fee that a merchant s bank pays a customer s bank If you re a business that is not automatically passing Level II and Level III data (customer code, item description, tax ID) with each transaction, you are missing out on real savings Stuller Inc. - March Interchange Optimization Analysis Level II & III Data $ 18, D Secure Savings $ 1, *Plus Fraud Liability Shift Total Savings $ 19, Interchange Category * Volume Current FeeCurrent Cost Optimized FeeAdjusted Cost Savings Optimization Type** VS - Signature Business B2B $ 1,410, % $ 33, % $ 28, $ 4, Level II & III Data VS - Business Enhanced B2B $ 637, % $ 14, % $ 13, $ 1, Level II & III Data VS - Business Card B2B $ 284, % $ 5, % $ 5, $ Level II & III Data VS - Signature Business STD $ 132, % $ 3, % $ 2, $ 1, Level II & III Data VS - Purchasing Card B2B $ 81, % $ 2, % $ 1, $ Level II & III Data VS - Signature Pref Standard $ 58, % $ 1, % $ 1, $ Level II & III Data VS - Business Enhanced Std $ 36, % $ 1, % $ $ Level II & III Data VS - Corporate Card B2B $ 2, % $ % $ $ Level II & III Data MC - Comm DataRate 1 Bus Dbt $ 368, % $ 9, % $ 6, $ 3, Level II & III Data MC - Bus Spend Level 4 Data Rate 1 $ 366, % $ 10, % $ 7, $ 3, Level II & III Data MC - Comm DataRate 1 Bus $ 139, % $ 3, % $ 2, $ 1, Level II & III Data MC - Comm DataRate 1 Fleet $ 11, % $ % $ $ Level II & III Data MC - Bus Spend Level 3 Data Rate 1 $ 112, % $ 3, % $ 2, $ 1, Level II & III Data MC - Bus Spend Level 2 Data Rate 1 $ 54, % $ 1, % $ 1, $ Level II & III Data MC - Comm DataRate 1 Purch $ 16, % $ % $ $ Level II & III Data MC - Comm DataRate 1 Corp $ 6, % $ % $ $ Level II & III Data MC - Comm DataRate 2 Bus Dbt $ 1, % $ % $ $ 7.98 Level II & III Data VS - CPS Rewards 2 $ 865, % $ 16, % $ 15, $ 1, DSecure VS - CPS E-Comm Basic Dbt $ 126, % $ 2, % $ 2, $ DSecure VS - CPS CNP Dbt $ 50, % $ % $ $ DSecure MC - World Elite Merit 1 $ 398, % $ 9, % $ 8, $ 1, DSecure MC - World US Merit 1 $ 152, % $ 3, % $ 2, $ DSecure MC - Mastercard Merit 1 $ 115, % $ 2, % $ 1, $ DSecure MC - Enhanced Merit 1 $ 103, % $ 2, % $ 1, $ DSecure MC - Mastercard Merit 1 Dbt $ 82, % $ 1, % $ $ DSecure ** Optimization Types - 3DSecure - Ecommerce Optimization as well as Fraud Liability shift to the consumer Level II & Level III data passed that ensures transactions qualify properly.
34 CardConnect Interchange Optimization 1. Historical Statement Review CardConnect examines historical processing statements to identify areas of interchange cost reduction 2. API Integration - CardConnect Gateway automatically pulls data via the CardConnect API to fulfill Level II/III data requirements 3. Level II/III Data Autopopulation - When data is not available, CC Gateway autopopulates Level II/III data fields with default values known to satisfy requirements 4. Interchange+ Pricing - Whether processing with CardConnect or another processor, business must be on an IC+ pricing model to pass on savings to business 5. 3DSecure
35 Who We Are CardConnect is a payments technology company helping businesses accept any form of payment for goods and services simply and securely. A little bit about us: Based in Philadelphia, with offices in Chicago, Cleveland, Boca Raton and Kansas City 50,000+ merchant customers nationwide, from the Fortune 500 to small businesses Clients include the Social Security Administration, General Electric and The New York Times $15 billion in bankcard volume in 2014 Accept and secure payments at the Point of Sale: retail, mobile, e-commerce, MOTO (mail order/telephone order), smartphone applications, software applications
36 A History of Protecting Payments CardConnect has a proven track record developing security technology for the payments industry. 1997: CardConnect builds first payment gateway integrated to SAP for Fortune 500 corporations. 2004: CardConnect builds CardSecure, a payment card encryption solution for SAP 2006: CardConnect's payment gateway validated as PABP Compliant under Visa s Payment Application Best Practices program. 2009: CardConnect's payment gateway validated as PA-DSS Compliant and listed on the PCI Security Standards Council website. 2010: CardConnect's payment gateway validated as PCI-DSS Compliant and listed on Visa Service Provider Registry. 2012: CardConnect's PANPAD, a terminal that encrypts card data at the point of entry, named winner of Security Products Guide's Global Excellent Award. 2012: CardConnect's payment gateway with CardSecure becomes the first Oracle Validated Integration for payment acceptance and security. 2013: CardConnect develops proprietary P2PE solution in response to security risks for point-of-sale transactions. 2013: CardConnect receives two United States patents for securing confidential information through tokenization. 2015: CardConnect P2PE solution certified by PCI Council.
37 Our Clients Our clients represent a cross-section of Fortune 500 companies. All with the common desire to secure flexible card processing solutions in a 100% PCI compliant manner. 50,000+ merchants processing annually with a total volume over 13 billion USD
38 Mark Cuneo Cell John Sosnowski Cell Mark Passifione Cell Rajesh Parthasarathy Cell
Revenue Security and Efficiency
Revenue Security and Efficiency Discussion with the Mid-Atlantic Oracle Applications Users Group CardConnect Solution Oracle EBS Validated Application Oracle EBS Validated Application Securing Payment
More informationOptimizing the Payment Process in SAP
Optimizing the Payment Process in SAP As a company, your goal is to serve your customers effectively, efficiently generating sales and collecting revenue. The nature of the sale and payment can take many
More informationEnterprise Payments for
Enterprise Payments for Table of Contents I. Introducing CardConnect II. III. IV. Gartner Tokenization Reporting Featuring CardConnect PCI Compliance, EMV & True Payment Security CardConnect for SAP V.
More informationSecurityMetrics Introduction to PCI Compliance
SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationData Security Basics for Small Merchants
Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided
More informationSecurityMetrics. PCI Starter Kit
SecurityMetrics PCI Starter Kit Orbis Payment Services, Inc. 42 Digital Drive, Suite 1 Novato, CA 94949 USA Dear Merchant, Thank you for your interest in Orbis Payment Services as your merchant service
More informationTransitions in Payments: PCI Compliance, EMV & True Transactions Security
Transitions in Payments: PCI Compliance, EMV & True Transactions Security There have been more than 600 million records compromised from approximately 4,000 data breaches since 2005 and those are just
More informationHow To Protect Your Business From A Hacker Attack
Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationPCI Compliance in Oracle E-Business Suite
PCI Compliance in Oracle E-Business Suite May 14, 2015 Mike Miller Chief Security Officer Integrigy Corporation David Kilgallon Oracle Integration Manager CardConnect Moderated by Phil Reimann, Director
More informationTokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism
Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More information5 TIPS TO PAY LESS FOR PCI COMPLIANCE
Ebook 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE YOUR PCI SCOPE 2015 SecurityMetrics 5 TIPS TO PAY LESS FOR PCI COMPLIANCE 1 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationPCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
More informationsubtitle area Paymetric, Inc. Corporate Presentation
Paymetric, Inc. Corporate Presentation 1 Agenda I. About Paymetric II. Market Forces III. Challenges IV. Solutions 2 What We Do Integrated & Secure epayment Processing for ERP Systems Improve Return on
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationIT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES
IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES Currently there are three University approved e-commerce website configurations: (1) MERCHANT-MANAGED E-COMMERCE IMPLEMENTATION (2) SHARED-MANAGEMENT
More informationCard Network Update Chip (EMV) Acceptance in the United States At-A-Glance
Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationPC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA
PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationIt Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe
It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationPCI COMPLIANCE AND WHAT IT MEANS TO YOU IN ENGLISH
PCI COMPLIANCE AND WHAT IT MEANS TO YOU IN ENGLISH PCI COMPLIANCE AND WHAT IT MEANS TO YOU IN ENGLISH How do I -know if I m compliant? -what do I do to become compliant? -how do I know if the fee(s) I
More informationHow Secure is Your Payment Card Data?
How Secure is Your Payment Card Data? Complying with PCI DSS SLIDE 1 PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security Practice PCI Practice Leader Francis has
More informationEncryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013
Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of
More informationDalPay Internet Billing. Technical Integration Overview
DalPay Internet Billing Technical Integration Overview Version 1.3 Last revision: 01/07/2011 Page 1 of 10 Version 1.3 Last revision: 01/07/2011 Page 2 of 10 REVISION HISTORY... 4 INTRODUCTION... 5 DALPAY
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationAdyen PCI DSS 3.0 Compliance Guide
Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants
More informationHOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS
HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS August 23, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Presenters Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationPCI Compliance Updates
PCI Compliance Updates E-Commerce / Cloud Security Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance Google: PCI e-commerce guidance https://www.pcisecuritystandards.org/pdfs/pci_dss_v2_ecommerce_guidelines.pdf
More informationCHEAT SHEET: PCI DSS 3.1 COMPLIANCE
CHEAT SHEET: PCI DSS 3.1 COMPLIANCE WHAT IS PCI DSS? Payment Card Industry Data Security Standard Information security standard for organizations that handle data for debit, credit, prepaid, e-purse, ATM,
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationUnderstanding and Managing PCI DSS
Understanding and Managing PCI DSS PCI DSS in Context Some History Key Players Validating Compliance Cardholder Data 2! 5 Stages of PCI Grief Denial: It doesn t apply to me PCI compliance is mandatory
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationSimplêfy Client Support and Information Services. PCI Compliance Guidebook
Simplêfy Client Support and Information Services PCI Compliance Guidebook Simplêfy, Inc. 301 Science Drive, Suite 280 Moorpark, CA 93021 Phone 888.341.2999 Fax 877.280.0885 Simplêfy is a Registered Trademark
More informationPCI DSS. CollectorSolutions, Incorporated
PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted
More informationMITIGATING LARGE MERCHANT DATA BREACHES
MITIGATING LARGE MERCHANT DATA BREACHES Tia D. Ilori Ed Verdurmen January 2014 1 DISCLAIMER The information or recommendations contained herein are provided "AS IS" and intended for informational purposes
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationWhy Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More informationPCI 3.0 2015 Deadline Are you Complying? Mark Cuneo. CardConnect
PCI 3.0 2015 Deadline Are you Complying? Mark Cuneo CardConnect PCI Compliance is Very Important And Very Exciting Agenda Why Do I Care? Key Changes Guidance Maintaining Inventory Penetration Testing Protect
More informationThe Relationship Between PCI, Encryption and Tokenization: What you need to know
October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,
More informationWhite Paper Solutions For Hospitality
White Paper Solutions For Hospitality Foreword Addressing the complexity of a hospitality ecosystem as varied as the front desk to the parking garage, to the restaurant, the website, and the call center,
More informationPCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz
PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationPCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationWhat is Payment Processing?
Payments For Oracle Overview What is Payment Processing? Payments for Oracle is your go-to handbook for understanding payment acceptance technology and security within Oracle E-Business Suite. This document
More informationPCI Compliance. Reducing cost & risk in Credit Card Transactions for Contact Centres V1.0
PCI Compliance Reducing cost & risk in Credit Card Transactions for Contact Centres V1.0 Contents Executive Summary 3 PCI DSS and the battle against card fraud Introduction 4 PCI DSS Requirements PCI DSS
More informationAchieving Compliance with the PCI Data Security Standard
Achieing Compliance with the PCI Data Security Standard Alex Woda 1 Agenda PCI Security Compliance Background Security Breaches - How do they happen? Oeriew of the Security Standards 10 Best Practices
More informationIntroduction to PCI Compliance
Introduction to PCI Compliance Who is HALOCK Security Labs? Established in 1996 Focused 100% on security since 1999 One of less than 5 QSA approved companies based in Chicago All Partners and Directors
More informationIs the PCI Data Security Standard Enough?
Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationPayment Card Industry Data Security Standard
Payment Card Industry Data Security Standard Office of the State Treasurer Ryan Pitroff Banking Services Manager Ryan.Pitroff@tre.wa.gov PCI-DSS A common set of industry tools and measurements to help
More informationPCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION. Suresh Dadlani, ControlCase
PCI COMPLIANCE TO BUILD HIGHER CONFIDENCE FOR CARD HOLDER AND BOOST CASHLESS TRANSACTION Suresh Dadlani, ControlCase About Vietnam Google search 2 Population 86 Mn Urban Population 25 Mn, approx 30% -
More information05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release
More informationSymposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda
2010 Finance & Business Operations Symposium (FBOS) PCI Compliance Cort M. Kane COO, designdata Judy Durham CFO, NPES Kymberly Bonzelaar, Sr. VP Capital One Richard Eggleston, Sr. Project Director, TMAR
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More information8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year
Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions
More informationWhite Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer
White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure By Christopher Kronenthal, Chief Technology Officer Advanced Commerce Platform Foreword 2015 will bring incredible change and innovation
More informationYour gateway to card acceptance.
MERCHANT SERVICES Authorize.Net Solutions Your gateway to card acceptance. Processing transactions reliably and securely is essential to your business. That s why BBVA Compass and Authorize.Net, a leading
More informationPlatform as a Service and PCI www.engineyard.com
Engine Yard White Paper Platform as a Service and PCI www.engineyard.com Purpose Achieving PCI compliance can be a complex, time-consuming, and expensive undertaking, but the right approach can make it
More informationLa règlementation VisaCard, MasterCard PCI-DSS
La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security
More informationAccelerating PCI Compliance
Accelerating PCI Compliance PCI Compliance for B2B Managed Services March 8, 2016 What s the Issue? Credit Card Data Breaches are Expensive for Everyone The Wall Street Journal OpenText Confidential. 2016
More informationPCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com
PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com Whoops!...3.1 Changes 3.1 PCI DSS Responsibility Information Technology Business Office PCI DSS Work Information
More informationrguest Pay Gateway: A Solution Review
rguest Pay Gateway: A Solution Review TABLE OF CONTENTS Introduction...3 Why P2PE?...4 PCI P2PE Standards...4 Buyer Beware...6 PCI DSS Scope Reduction...6 P2PE Payment Terminals...7 The Payment Information
More informationCorbin Del Carlo Director, National Leader PCI Services. October 5, 2015
PCI compliance: v3.1 Key Considerations Corbin Del Carlo Director, National Leader PCI Services October 5, 2015 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice
More informationPCI Compliance in Multi-Site Retail Environments
TECHNICAL ASSESSMENT WHITE PAPER PCI Compliance in Multi-Site Retail Environments Executive Summary As an independent auditor, Coalfire seeks to be a trusted advisor to our clients. Our role is to help
More informationPCI DSS Compliance White Paper
PCI DSS Compliance White Paper 2012 Edition Copyright 2012, NetClarity, Inc. All rights reserved worldwide. Patents issued and pending. PCI DSS Compliance White Paper NetClarity, Inc. Page 1 Welcome to
More informationNorth Carolina Office of the State Controller Technology Meeting
PCI DSS Security Awareness Training North Carolina Office of the State Controller Technology Meeting April 30, 2014 agio.com A Note on Our New Name Secure Enterprise Computing was acquired as the Security
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationTable of Contents. 2 TouchSuite Welcome Kit
Welcome Kit Table of Contents Important Account Information... Welcome to TouchSuite Merchant Services... Help Desk Card Enclosed... Your Merchant ID (MID)... 3 3 3 3 Customer Support Numbers... 4 Card
More informationThis appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
More informationIntro to PCI Compliance
Intro to PCI Compliance And the role Stone Edge V7.1 plays in helping you achieve that goal Monsoon Commerce. All rights reserved. What is PCI? PCI stands for Payment Card Industry In 2006, major financial
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationSecurity Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments
Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationCredit Card Processing Summer Lunch & Learn 2016
AGENDA 1. The Different Ways to Process Cards 2. EMV Chip Cards What You Need to Know 3. Understanding the Industry s Complex Pricing Structure 4. American Express The New Rate/Deposit Plan.Good News!
More informationManaging the Costs of Securing Cardholder Data
Payment Security ROI White Paper Managing the Costs of Securing Cardholder Data The costs and complexities related to protecting cardholder data and complying with PCI regulations have become burdensome
More informationComplying with Payment Card Industry (PCI-DSS) Requirements with DataStax and Vormetric
Complying with Payment Card Industry (PCI-DSS) Requirements with DataStax and Vormetric Table of Contents Table of Contents... 2 Overview... 3 PIN Transaction Security Requirements... 3 Payment Application
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This
More informationHealthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016
Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare
More informationCredit Cards and Oracle E-Business Suite Security and PCI Compliance Issues
Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues August 16, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy
More information