Don t be tomorrow s headline: Protect and secure payment information
|
|
- Corey Harrison
- 8 years ago
- Views:
Transcription
1 Don t be tomorrow s headline: Protect and secure payment information Lexi Custis VP ereceivables Consultant Reid Andrews VP Treasury Management Consultant October 2015 Staunton, VA 2014 Wells Fargo Bank, N.A. All rights reserved.
2 Poll question: Are you familiar with Payment Card Industry (PCI)? A) Yes B) No 1
3 Agenda What is PCI-DSS & PA-DSS? Common causes of data breaches Tactics to help mitigate these risks Best practices for retail and card not present Best practices for other online transactions Q&A 2
4 What is PCI-DSS? Payment Card Industry Data Security Standards Industry tools and measurements to ensure the safe handling of sensitive information Applies to all merchants and third party service providers 3
5 What is PA-DSS? Payment Application Data Security Standard Applies to all vendors that develop payment applications and gateways 4
6 When does PCI & PA-DSS apply? Processing Storing Transmitting 5
7 PCI DSS validation requirements Compliance Classification Level Annual submission of compliant PCI DSS Report on Compliance (ROC) Annual submission of compliant Self Assessment Questionnaire (SAQ) Quarterly Network Scan Level 1 >6 MM annual transactions (Any payment network) Level 2* 1 MM to 6 MM annual transactions (Any payment network) Merchant can do either ROC or SAQ Level 3 20K to 1 MM annual transactions (Any payment network) ecommerce only Level 4 (recommended) < 20K e-commerce < 1MM annual transactions *Level 2 merchant Self Assessment Questionnaire (SAQ) must be completed by an ISA (Internal Security Assessor) 6
8 66% Breaches identified by external parties* 64% Breaches that go undetected for months* *Verizon 2013 Data Breach Investigations Report 7
9 63% Data breaches that involved a third Party responsible for system support* *Trustwave 2013 Global Security Report 8
10 Tactics to minimize data breach risk Card present E-commerce Point of sale (POS) system Remote access 9
11 Poll question: How are most breaches identified? A) By the merchant B) By the customer C) By the card processor D) By the issuing bank E) B,C,D Answer: E 10
12 Best practices 11
13 End-to-end encryption Card present transactions Includes tokenization Terminals and Point of sale Merchant 12
14 Tokenization Card not present transactions Card number: Tokenized Number:
15 Poll question: The average cost of a data breach to an organization is $7.2 million? A) True B) False Answer: True * Network World March 8, 2011 news article 14
16 Poll question: Do you know if your company is PCI compliant today? A) Yes B) No 15
17 Positive payment fraud trends Fraud protection real world perspectives Results of the 2015 AFP Payments Fraud and Control Survey reveal three reasons for optimism: 50% Organizations that have adopted a stronger form of authentication or added layers of security for access to bank services AFP Payments Fraud and Control Study 1. Check fraud is on the decline. 2. ACH debit fraud is declining and preventable. 3. Companies are fighting back. 77% of organizations that experienced actual or attempted fraud in 2014 were victims of check fraud down from 90% in As more businesses switch to electronic payments, expect the decline in check fraud to continue. 25% of organizations experienced ACH debit fraud in 2014 down from 27% in Of those that lost money, 40% attributed the loss to not using ACH debit blocks or filters. Nearly 28% cited the cause as untimely account reconciliation and 40% untimely ACH returns. Organizations have adopted or plan to adopt additional security measures: Nearly 70% of organizations now reconcile daily. 2 out of 5 are upgrading authentication procedures and devices for accessing their networks. Half are requiring a stronger form of authentication or adding layers of security for access to bank services. 16
18 Nine ways to foil ACH fraud Fraud protection best practices Three ways ACH fraud occurs 1. Thieves obtain account information from a check s MICR line. 2. Counterfeit and forged checks are converted to ACH debits. 3. Thieves access your online banking system and initiate ACH credits. 20 billion 23 billion Number of transactions Number processed of transactions through the Automated processed Clearing through the House Automated network in Clearing House network in NACHA The Electronic Payments NACHA Association, The Electronic April 15, Payments 2015 Association, April 12, 2012 Protect your accounts with these best practices 1. Use ACH Fraud Filter service to stop all ACH debits except those you specifically preauthorize. 2. Initiate online ACH payments using dedicated computers disabled from and web browsing. 3. Use repetitive ACH payment templates to prevent unauthorized modifications to key fields. 4. Set authorization limits for each individual user of the ACH payment service. 5. Implement dual custody and use it properly. Require payments and user changes initiated by one user to be approved by a second user on a different computer or mobile device before they take effect. 6. Integrate check and electronic payment systems so checks converted to ACH debits flow through the positive pay system. 7. Reconcile accounts daily to identify unauthorized ACH debits. 8. Return unauthorized ACH debits promptly. 9. Implement the Perfect Receivables service to provide proxy account numbers for your customers use. 17
19 Perfect Receivables service for ACH & Wire Fraud Prevention and Automatic Reconciliation Track payments from each of your remitters Reduce the amount of time your employees spend manually tracking payments Reduce risk of fraudulent activity against your account your actual account number is never used Benefit from improved cash flow money is moved into your account faster How it works: A 17-digit Wells Fargo Payment Identification Code (WPIC) is substituted for your actual account number A unique WPIC is created for each remitter The first 4 digits of the WPIC identify your account at Wells Fargo; the last 13 positions are assigned by you and are unique to the remitter When payments are made using the WPIC, each remitter is identified with 100% accuracy to help speed up your receivables posting process and reduce payment exceptions 18
20 Supply chain fraud: Verify your vendors Fraud protection essentials Four ways that supply chain fraud occurs: A fraudster, purporting to be a vendor, requests that you change the payment instructions you have on file for them bank, routing transit number, and/or account number. Dual custody is generally not effective against supply chain fraud because approvers routinely approve payments they believe are going to trusted vendors. An employee of your company or a vendor company copies or scans a real vendor invoice and creates a counterfeit invoice from it, directing the payment to their own account. A hacker breaches your system, studies the payment requests received by your accounts payable department, then submits a fraudulent invoice that looks legitimate. A hacker breaches your vendor s accounts receivable system and generates a fraudulent invoice or phony payment request. Three ways to reduce your risk: 1. Educate your employees 2. Verify payment change requests 3. Authenticate high-dollar invoices with out-of-band vendor communications 19
21 Imposter Fraud: Verify your executives Fraud protection essentials -----Original Message----- From: Christopher Howard Sent: Tuesday, September 29, :59 PM To: Subject: Re: Fund Transfer Mike, Dual custody is generally not effective against Imposter fraud because approvers routinely approve payments they believe are going to trusted vendors. I sent the wire instructions to Glenn earlier. Here are the details; Amount: $9,240 Wells Fargo Bank Name on Acc : Patrick Nsan Account number Routing : Address : 9715 Westheimer Rd, Houston, TX, Please process a same-day wire transfer to the beneficiary. Let me know when it is sent. Regards, Christopher Howard 20
22 Questions? 21
23 Thank you! 22
ICCCFO Conference, Fall 2011. Payment Fraud Mitigation: Securing Your Future
ICCCFO Conference, Fall 2011 Payment Fraud Mitigation: Securing Your Future Presented by: Brian Irwin, CTP Vice President Fifth Third Bank Commercial Treasury Management And Claire Dittrich Executive Consultant-
More information2014 Payments Fraud Survey
2014 Payments Fraud Survey Summary of Consolidated Results Payments Information & Outreach Office Federal Reserve Bank of Minneapolis December 2014 Topics Survey Methodology & Respondent Profile Fraud
More informationOffice of Finance and Treasury
Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationMORE GAIN/LESS PAIN Maximize your cash flow/minimize your effort
MORE GAIN/LESS PAIN Maximize your cash flow/minimize your effort Approved for 1 CTP/CCM Recertification Credit by the Association of Financial Professionals November 18, 2009 1 Presenters Mary Church,
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationCredit Card Processing Summer Lunch & Learn 2016
AGENDA 1. The Different Ways to Process Cards 2. EMV Chip Cards What You Need to Know 3. Understanding the Industry s Complex Pricing Structure 4. American Express The New Rate/Deposit Plan.Good News!
More informationData Security Basics for Small Merchants
Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided
More informationData Security, Fraud Prevention, and Cost Control. Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association
Data Security, Fraud Prevention, and Cost Control Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association Michigan Retailers Association Incorporated in 1940 Represent retail
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationPCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationSage Payment Solutions. Reduce Your PCI Liability with Integrated Payment Solutions
Sage Payment Solutions Reduce Your PCI Liability with Integrated Payment Solutions I know payments security is important, but I don t think I knew what measures needed to be in place to be compliant at
More informationCAPITAL PERSPECTIVES DECEMBER 2012
CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers
More informationReliable, Low-Cost Credit Card Processing Since 1998
Reliable, Low-Cost Credit Card Processing Since 1998 State-of-the-art credit card terminal Personal, expert customer service-24/7 No locked-in contracts or termination fees Lowest rates in the entire industry
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationTreasury ManagementSM
Inside Treasury Management A consultative guide for treasury and financial management professionals Employ best practices to protect Remote Deposit transactions Fall 2010 2 Make cross-currency payments
More informationPCI DSS Presentation University of Cincinnati
PCI DSS Presentation University of Cincinnati Quick PCI Level Set Higher Ed Challenges Getting Compliant Application w/ customers Q& A PCI DSS Payment Card Industry Data Security Standard What is the PCI
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment
More informationSellWise User Group. Thursday, February 19, 2015
SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User
More informationTorn Identity: Preventing New Forms of Corporate Identity Theft
Torn Identity: Preventing New Forms of Corporate Identity Theft Bonnie J. Hertz, CTP Cash Manager North Pacific Group, Inc. Greg Hansen VP, Product Management Wells Fargo Bank 1 Agenda Overview of fraud
More informationSpokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A
Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Request for Proposals (RFP) for PCI DSS COMPLIANCE SERVICES Project # 15-49-9999-016 Addendum #1 - Q&A May 29,
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationHow To Ensure Account Information Security
Global PCI DSS Framework Emöke Bitter Business Leader, Risk Management 26 February 2009 Agenda Introduction Merchants Service Providers Registry of Service Providers Payment Applications Resources Information
More informationHow Secure is Your Payment Card Data?
How Secure is Your Payment Card Data? Complying with PCI DSS SLIDE 1 PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security Practice PCI Practice Leader Francis has
More informationPCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv
PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)
More informationHOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS
HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS August 23, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Presenters Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security
More informationUnderstanding the Value of Tokens
Understanding the Value of Tokens 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. Introduction Credit
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationProperty of CampusGuard. Compliance With The PCI DSS
Compliance With The PCI DSS Today s Agenda PCI DSS Introduction How are Colleges and Universities Affected? How Do You Validate Compliance? Best Practices Q&A CampusGuard Full-Service QSA/ASV Firm We Know
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More informationCommercial Online Banking Frequently Asked Questions Bryn Mawr Trust Company
Commercial Online Banking Frequently Asked Questions Bryn Mawr Trust Company Bryn Mawr Trust Company August 2015 Page 1 of 9 CONTENTS Contents... 2 IMPORTANT NEWS!... 3 Fees and Enrollment... 3 Q&A: Commercial
More informationPCI Compliance 101: Payment Card. Your Presenter: 7/19/2011. Data Security Standards Compliance. Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT
PCI Compliance 101: Payment Card Industry Basics Data Security Standards Compliance Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT This complimentary webinar is brought to you by ASAE-Endorsed Business Solutions
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationSecurityMetrics Introduction to PCI Compliance
SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February
More informationIdentifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public
Identifying Security Issues in the Retail Payment System Federal Reserve Bank Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. June 5, 2008 Agenda 1. The Data Security Landscape 2. Recent Trends
More informationPCI DSS 3.0 Changes & Challenges P R E S I D E N T/ C O - F O U N D E R F R S EC U R E
PCI DSS 3.0 Changes & Challenges EVAN FRANCEN, CISSP CISM P R E S I D E N T/ C O - F O U N D E R F R S EC U R E PCI DSS 3.0 Changes & Challenges Topics FRSecure, the company Introduction to PCI-DSS Recent
More informationFederal Home Loan Bank of Chicago. Correspondent Products & Services
Federal Home Loan Bank of Chicago Correspondent Products & Services August 2013 Correspondent Products & Services I. Correspondent Products & Services Overview II. III. IV. Wire Transfers Foreign U.S.
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission
More informationPayment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions
PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data
More informationComplying with PCI is a necessary step in safely accepting Payment Cards.
What Every Director Needs to Know About Credit Cards & Patron Privacy Complying with PCI is a necessary step in safely accepting Payment Cards. Know the Risks! Some Interesting Facts: 94% of data breaches
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationWhy Is Compliance with PCI DSS Important?
Why Is Compliance with PCI DSS Important? The members of PCI Security Standards Council (American Express, Discover, JCB, MasterCard, and Visa) continually monitor cases of account data compromise. These
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationD. DFA: Mississippi Department of Finance and Administration.
MISSISSIPPI DEPARTMENT OF FINANCE AND ADMINISTRATION ADMINISTRATIVE RULE PAYMENTS BY CREDIT CARD, CHARGE CARD, DEBIT CARDS OR OTHER FORMS OF ELECTRONIC PAYMENT OF AMOUNTS OWED TO STATE AGENCIES The Department
More informationProtecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh
Protecting Your Customers' Card Data Presented By: Oliver Pinson-Roxburgh Agenda Trustwave Overview PCI Scope Compromise Statistics PCI Makes Business Sense Registration Process TrustKeeper Features Support
More informationThis policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationPROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN
PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More information* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationPC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA
PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?
More informationPayments Fraud: It's Not Fun & Games
Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice
More informationSimple & Secure Integrated Payment Processing from Element and Transformations
Simple & Secure Integrated Payment Processing from Element and Transformations Presented by: Chris Engelhardt Date: August 13 th, 2014 Questions We Will Cover How do you process your payments? Does your
More informationCredit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2
Credit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2 Joe Helmy, VP Emerging Verticals, MasterCard Jennifer Cooperman, MBA, CPFO, Treasurer, City of Portland, OR Tod Burton, Financial
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationE-Commerce, Merchant Processing, EMV and General Best Practices for Municipalities
E-Commerce, Merchant Processing, EMV and General Best Practices for Municipalities T.C. Kennedy. CTP Senior Vice President Treasury & Payment Solutions SunTrust Bank Electronic Commerce Defined Segment
More informationPayments Fraud Best Practices
Stephen W. Markwell Disbursements Product Executive J.P. Morgan Pamela R. Malmos Director Finance, Treasury Operations ConAgra Foods, Inc. Fraud Prevention Laura Howley, CTP Director, Global Treasury Operations
More informationPCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
More informationUCSB Credit Card Processing and PCI Compliance
UCSB Credit Card Processing and PCI Compliance Sandra Featherson Associate Director of Controls Campus Credit Card Coordinator May 2011 Agenda Campus Credit Card Process Overview Terminology Approval/Acceptance
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission
More informationFREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program
FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program MERCHANTS Can Level 1 merchants currently use internal auditors to perform an onsite assessment? Yes. However, after June 30,
More informationBank Account Reconciliation, Bank Account Access and Automated Clearing House (ACH) Transactions Review
Internal Audit Department 350 South 5th Street, Suite 302 Minneapolis, MN 55415-1316 (612) 673-2056 Audit Team on the Engagement: Kelcie Brady, Student Intern Jacob L. Claeys Lauren Heir, Student Intern
More informationCase 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A
Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationPCI DSS Gap Analysis Briefing
PCI DSS Gap Analysis Briefing The University of Chicago October 1, 2012 Walter Conway, QSA 403 Labs, LLC Agenda The PCI DSS ecosystem - Key players, roles - Cardholder data - Merchant levels and SAQs UofC
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationVersion 7.4 & higher is Critical for all Customers Processing Credit Cards!
Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software has met the latest credit card processing requirements with its release of Version 7.4 due to the
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationSection 1: Assessment Information
Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the service provider s self-assessment with the Payment Card Industry Data
More informationPhishing for Fraud: Don't Let your Company Get Hooked!
Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior
More informationWhy Data Security is Critical to Your Brand
Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait
More informationQ: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationPreparing for EMV chip card acceptance
Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June
More informationFraud Protection, You and Your Bank
Fraud Protection, You and Your Bank Maximize your chances to minimize your losses Presentation for Missouri GFOA April 2011 By: Terry Endres, VP, Government Treasury Solutions Phone: 314-466-6774 Terry.m.endres@baml.com
More informationPayment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More information2014 AFP Payments Fraud and Control Survey
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll 2014 AFP Payments Fraud and Control Survey Report of Survey Results Underwritten by 2014 AFP
More informationMerchants & PCI DSS Obse b r se vat va io i n o s n f s rom o a a P a P ym a en e t n Gat a ew e a w y a pe p r e spe sp ct e ive i
Merchants & PCI DSS Observations from a Payment Gateway perspective It has the words DON'T PANIC inscribed in large friendly letters on its cover Who are you?? 17 years in the Irish & European Acquiring
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
More informationThe State of Security and Compliance for E- Commerce and Retail
The State of Security and Compliance for E- Commerce and Retail Current state of security PCI regulations and compliance Does the data you hold require PCI compliance Security and safeguarding against
More informationImproving Small Business Payments Processing
Improving Small Business Payments Processing ASBDC State Directors Conference March 19, 2012 Claudia Swendseid Senior Vice President Federal Reserve Bank of Minneapolis 2012 Federal Reserve Bank of Minneapolis.
More informationInsurance-Specific Payment Services Requires Insurance Industry Knowledge
Insurance-Specific Payment Services Requires Insurance Industry Knowledge by Primoris Services Overview Every business has to accept payments in order to collect funds and operate. There are multiple ways
More informationPCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001
PCI Compliance Just the Facts Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 Agenda Regulatory Landscape Scary Bedtime Stories What went wrong? PCI Compliance Process o What
More information