DATA BREACHES AND ITS IMPACT ON CONSUMERS
|
|
- Edward Green
- 8 years ago
- Views:
Transcription
1 DATA BREACHES AND ITS IMPACT ON CONSUMERS
2 AGENDA About UNCLE Credit Union Current Trends Financial Industry Target Breach EMV 3 Layers Of Prevention Cybersecurity Framework Protecting Your Identity Legislative Update
3 THE HISTORY OF UNCLE FYI - it has nothing to do with your mom s brother
4 BACK IN THE DAY Photo from 1957 at Radiation Laboratory in Livermore Our credit union was first opened in 1957 as Radiation Laboratory Credit Union The lab changed its name to Lawrence Livermore National Laboratory in 1970 We changed our name to UNCLE, which is short for UNiversity of California Livermore Employees
5 UNCLE TODAY In 2001, UNCLE was granted a four-county community charter This opened membership to anyone who lives, works, worships, or attends school in either Alameda, Contra Costa, San Joaquin or Stanislaus county We have four financial centers and proudly serve over 21,000 members
6 CURRENT TRENDS Attacks? What attacks?!?!
7 IT S OCCURRING ALL THE TIME
8 BY A VARIETY OF MEANS Phishing , Mail Pharming Web Site Hacking Data Skimming Credit/Debit Cards Key Loggers Social Engineering Theft Vishing Social Engineering over the phone using IP technology, which is hard to trace. Denial-of-Service (DoS) Not a breach but very disruptive.
9 TOP 3 METHODS OF DATA LOSS # of Incidents Stolen Laptop Social Engineering Hacking Source: Risk Based Security, Inc.
10 ACROSS ALL INDUSTRIES 43% 10% 34% 9% Business Education Finanical Government Healthcare 4% Source: CSID
11 SOME OF THE LARGEST Who: Adobe Systems Inc. When: 10/19/2013 What: 152 Million Records How: Hack of company systems exposed customer, names, ID, encrypted password and debit/credit card numbers and expiration dates.
12 SOME OF THE LARGEST Who: Heartland When: 1/20/2009 What: 130 Million Records How: Hack/malicious software exposes credit card data at processor
13 SOME OF THE LARGEST Who: TJX Corporation When: 1/17/2007 What: 94 Million Records How: Hack exposes credit card and transaction information.
14 SOME OF THE LARGEST Who: Sony When: 4/26/2011 What: 77 Million Records How: Hack exposes names, addresses, , birthdates, PlayStation usernames and passwords, Online Profile, online purchase history and possibly credit card numbers.
15 SOME OF THE LARGEST Who: Experian When: What: 200 Million Records How: Vietnamese criminals posing as a U.S. based private investigator successfully tricked Experian into selling them social security and driver's license numbers, bank account, credit card data and birthdates.
16 WHAT THE EXPERTS ARE SAYING 89% could have been prevented. 31% were due to insider threats or mistakes. 21% were the result of physical loss. 40% of the top breaches recorded to-date occurred in % were due to weak or stolen account credentials. 29% of compromises were via social engineering. Source: OTA analysis utilizing data provided by the Open Security Foundation, Risk Based Security, Symantec and the Privacy Rights Clearinghouse.
17 WHO HAS HAD A CARD REPLACED RECENTLY?
18 WHO HAS EXPERIENCE FRAUD/IDENTITY THEFT?
19 FINANCIAL INDUSTRY
20 FINANCIAL ATTACKS Theft of Money Stolen Computers / Backup Media Member Data And
21 CREDIT CARDS REMAIN THE MOST FREQUENT TARGET OF ACCOUNT TAKE OVER!
22 WHY HACKERS FOCUS ON POINT-OF-SALE DEVICES AND ATMS 3 Main Points of Attacks Point of Sale Merchants Transmission Processors Credit Card Issuers - Financial Institutions
23 WHY HACKERS FOCUS ON POINT-OF-SALE DEVICES AND ATMS
24 WHAT DO HACKERS WANT? Card Number Expiration Date Name PIN CVV - Card Verification Value
25 TARGET BREACH
26 SOME OF THE LARGEST Who: Target Brands, Inc. When: 12/18/2013 What: 110 Million Records * May even be more! How: Hack exposes customer names, addresses, phone numbers, addresses, as well as credit/debit card numbers with expiration dates, PINs, and CVV numbers.
27 TARGET SUMMARY What Happened? It appears to have begun with a malware-laced phishing attack sent to employees at an HVAC firm that did business with Target. Hackers then gained access to a billing system and it is believed that through this system they gained access to the network and the point-of-sale devices. How Long Did It Take To Report? At least 19 days but reports vary. Like many recent breaches, early signs were ignored or not deemed high risk. Source:
28 TARGET SUMMARY THE COSTS Target: Over $61 million in the 4th quarter 2013, decline in business, numerous class action lawsuits Consumers: Had to report fraud, get replacement cards, and update automatic/recurring accounts (i.e. gym, subscriptions). Financial Institutions: Cover fraud losses, provide consumer information in the form of letters and had to reissue cards. The estimated costs of the Target breach alone on credit unions is close to $30 million dollars. Most credit unions have yet to see any reimbursement from the retailers to cover these costs. Source:
29 WHAT ABOUT EMV?
30 TARGET BREACH AND EMV EMV will help reduce fraud but it is only part of the equation. EMV would have helped authenticate the card but once the authentication occurred, the data was temporarily stored unencrypted in memory so the hackers would have still gotten all the information.
31 THE CURRENT TECHNOLOGY IS OLD! SIGNATURES? WHY NOT A HANDSHAKE? The concept of customers paying different merchants using the same card was expanded in 1950 by Ralph Schneider and Frank McNamara, founders of Diners Club, to consolidate multiple cards.
32 EMV EMV stands for Europay, Mastercard and Visa Chip card technology. Widely used outside of the Unites States. Focuses on authenticating the card.
33 EMV REQUIRES AN INVESTMENT IN TECHNOLOGY Needs upgraded point-ofsale hardware, ATMs, software and cards. Everyone need to be involved: merchants, transaction processors and financial institutions.
34 EMV PROS Will reduce merchant losses and associated costs from fraud caused by counterfeit and stolen swiped card transactions. Most EMV-capable terminals and POS systems will also be enabled to accept contactless and mobile payments. Chip cards and smartphone payments will potentially offer new revenue sources via marketing offers and loyalty programs that can be transmitted directly from the merchant to the card or device. Foreign travelers to the U.S. will be better able to use their existing EMV cards.
35 EMV CONS Purchasing new or upgrading existing terminals and POS systems will be expensive. Transaction messaging requirements are different for EMV than magnetic strip sales. Merchants will need to coordinate with their acquirer to support both message types while they continue to accept both EMV and magnetic strip cards. New card association policies will likely result in liability shift from issuers to acquirers (and ultimately merchants) in certain situations.
36 VISA LIABILITY SHIFT Liability shifts beginning in October 2015 Merchants will be on the hook for all fraud that results from an EMV-compliant card being used in a non-emv-compliant POS terminal.
37 NEW PAYMENT SOLUTIONS
38 NEW PAYMENT SOLUTIONS In addition to credit card technologies, there are more methods of making payments coming Simple New type of online bank account. Offers an online banking account with a Simple Visa Card. Funds are actually held with Bancorp Bank. Simple provides the interface. Square Take mobile credit card payments P2P Dwolla, Paypal and others allowing users to make person to person payments. Coin Puts credit/debit card information from several cards on a single card.. And
39 BITCOIN bitcoin is a cryptocurrency and has been around since bitcoin ATMs were introduced in the US earlier this year. Mt. Gox, a leading bitcoin exchange, experiences loss of 850,000 bitcoins valued at over $500 million! Filed for bankruptcy on February 28th. On March 21st announced that they found 200,000 bitcoins in old digital wallet. Mt. Gox statement reads At the start of February 2014, illegal access through the abuse of a bug in the bitcoin system resulted in an increase in incomplete bitcoin transfer transactions and we discovered that there was a possibility that bitcoins had been illicitly moved through the abuse of this bug. As a result of our internal investigation, we found that a large amount of bitcoins had disappeared. Although the complete extent is not yet known, we found that approximately 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to us had disappeared. Source: Techcrunch 3/3/14
40 WHAT CAN YOUR ORGANIZATION DO?
41 3 LAYERS OF PREVENTION Administrative Safeguards Technical Safeguards Physical Safeguards
42 EXAMPLES OF ADMINISTRATIVE SAFEGUARDS IT Policies review regularly Procedures Authority / Access Limits People and Training Conduct Risk Assessments Social Engineering Exercises Incident Response Plan Vendor Management
43 EXAMPLES OF TECHNICAL SAFEGUARDS Firewalls Antivirus/Malware Software Intrusion Detection/Prevention Solutions Encryption User Credentials Multi-factor Authentication Regular Patching System Logs
44 EXAMPLES OF TECHNICAL SAFEGUARDS Fraud Monitoring Ongoing assessments, audits and testing IT Audits Regular internal and external vulnerability testing Penetration Testing - internal and external
45 PHYSICAL SAFEGUARDS Ask Yourself Three Questions: Where is your data stored? Who has physical access to it? Can you monitor/log access to it?
46 EXAMPLES OF PHYSICAL SAFEGUARDS Secured Building Video Security Biometric Security Card Access Alarms Shredding Locked dumpsters
47 CYBERSECURITY FRAMEREWORK
48 CYBERSECURITY FRAMEWORK President Obama issued Executive Order 13636(EO), Improving Critical Infrastructure Cybersecurity, on February 12, This Executive Order calls for the development of a voluntary Cybersecurity Framework that provides guidance to an organization on managing cybersecurity risk. National Institute of Standards and Technology (NIST) delivered version 1.0 of the Cybersecurity Framework on February 12, 2014.
49 CYBERSECURITY FRAMEWORK 5 CORE FUNCTIONS Identify Develop the organizational understanding to manage risk to systems, assets, data and capabilities. Protect Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Source: The National Institute of Standards and Technology
50 CYBERSECURITY FRAMEWORK 5 CORE FUNCTIONS Respond Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to cybersecurity event. Source: The National Institute of Standards and Technology
51 PROTECTING YOUR IDENTITY
52 WHAT CAN YOU DO TO PROTECT Passwords YOURSELF? Use strong passwords. Alpha-Numeric with special characters when possible. Don t use the same password on different system. Don t share your passwords. Use a Password Manager LastPass 1Password KeePass Keeper
53 BE AWARE Think before you clink on that link or reply to that . Scams are everywhere and becoming very sophisticated! Monitor account balances and transactions. Setup alerts based on large transactions or balances falling below a certain level. Be aware of social engineering scams and always check credentials and escort vendors. Don t use a wireless hot spot or public computer to conduct financial transactions
54 USE AVAILABLE SECURITY TOOLS Update software on your computers and phones. Use Antivirus/Malware software Use mobile security features such as setting up a passcode on your phone. Make sure your computers and phones lock after a certain amount of time.
55 IDENTITY THEFT PROTECTION Credit Report Blocking LifeLock
56 TAKE AWAY We all need to play a part if we are going to prevent data breaches. Industry Merchants Financial Institutions Consumers Government Consumers
57 LEGISLATIVE UPDATE
58 DURBIN AMENDMENT Part of Dodd-Frank financial reform law of 2010 which focused on interchange. Gave issuers an extra 1 cent per transaction for effective fraud-prevention measures. Didn t do anything on the merchant side.
59 GRAMM-LEACH BLILEY ACT OF 1999 Established security standards for banks and credit unions to guard consumer data. There is no comparable law that governs merchants.
60 SECURITIES AND EXCHANGE COMMISSION Says public companies hit with breaches should inform consumers in a timely manner. There is no national law that compels retailers or any firm to disclose a data breach.
61 Requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. CALIFORNIA LAW
62 QUESTIONS?
63 OPEN DISCUSSION Any last words?
64 WHERE TO GET MORE INFORMATION orlds-biggest-data-breaches-hacks/
Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation
Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards
More informationNewtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba
thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationTop Authentication & Identification Methods to Protect Your Credit Union
Top Authentication & Identification Methods to Protect Your Credit Union Presented on: Thursday, May 7, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Tammy Behnke Credit
More informationNEWS BULLETIN 2015-16
NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager
More informationHow To Control Credit Card And Debit Card Payments In Wisconsin
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
More informationCal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1
Cal Poly PCI DSS Compliance Training and Information Information Security http://security.calpoly.edu 1 Training Objectives Understanding PCI DSS What is it? How to comply with requirements Appropriate
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationPolicy for Protecting Customer Data
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
More informationPCI and EMV Compliance Checkup
PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationThe Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.
1 February 2010 Volume 2, Issue 1 The Merchant Serving Florida State University s Payment Card Community Individual Highlights: Skimming Scam 1 Skimming at Work 2 Safe at Home 3 Read your Statement 4 Useful
More informationtoast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard
toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible
More informationWhite Paper. Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance
White Paper Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance Executive Overview
More informationWith the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.
With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more
More informationFailure to follow the following procedures may subject the state to significant losses, including:
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
More informationTrends in Merchant Payment Acceptance
Trends in Merchant Payment Acceptance December 6, 2007 Credit approval required. Merchant accounts are issued through BB&T Bankcard Corporation, a Georgia Corporation, Member FDIC. 2007 BB&T. All rights
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationHow To Comply With The New Credit Card Chip And Pin Card Standards
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
More informationBe Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money
Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money Cards protect you and your money Electronic payment cards are one of the safest and most secure ways to purchase goods and
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationUnderstand the Business Impact of EMV Chip Cards
Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability
More informationFraud and Identity Theft. Megan Stearns, Credit Counselor
Fraud and Identity Theft Megan Stearns, Credit Counselor Agenda Fraud and identity theft statistics Fraud Identity theft Identity theft prevention Protecting your Social Security Number Online prevention
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationWhat is it? How does it occur? How potentially devastating it can be? How do we detect fraud? How can we minimize the risk of being victimized?
IDENTITY THEFT & PREVENTION Bucknell University Department of Public Safety Identity Theft Learning Objectives What is it? How pervasive is it? How does it occur? How potentially devastating it can be?
More informationData Security for the Hospitality
M&T Bank and SecurityMetrics Present: Data Security for the Hospitality Industry Featuring Lee Pierce, SecurityMetricsStrategicStrategic Accounts Dave Ellis, SecurityMetrics Forensic Investigator Doug
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE
More informationTHE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change
THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationTHE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationSecurity Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited
Security Guide for electronic transactions UniBank is a division of Teachers Mutual Bank Limited Teachers Mutual Bank Limited ABN 30 087 650 459 AFSL/Australian Credit Licence 238981 Who We Are UniBank
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationCOLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
More informationIdentifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public
Identifying Security Issues in the Retail Payment System Federal Reserve Bank Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. June 5, 2008 Agenda 1. The Data Security Landscape 2. Recent Trends
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationCREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 5/25/2011 Updated: May 25, 2011 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationIdentity Theft: Take Control of the Inevitable Reality I T A D V I S O R Y
Identity Theft: Take Control of the Inevitable Reality I T A D V I S O R Y Discussion Topics Why ID Theft is a significant problem? What is an Identity? Identity Lifecycle Why ID theft occurs? Common means
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More information8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year
Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions
More informationIDENTITY THEFT WHAT YOU NEED TO KNOW. Created by GL 04/09
IDENTITY THEFT WHAT YOU NEED TO KNOW Created by GL 04/09 Table of Contents 1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationProtect Your Personal Information. Tips and tools to help safeguard you against identity theft
Protect Your Personal Information Tips and tools to help safeguard you against identity theft Trademark of Visa International Service Association; Visa Canada Association is a licensed user. What is Identity
More informationSHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES
SHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES 2 On June 3, 2009, Plante & Moran attended the Midwest Technology Leaders (MTL) Conference, an event that brings together
More informationEmerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER
Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options
More informationDATA SECURITY: EVERYTHING YOU NEED TO KNOW
DATA SECURITY: EVERYTHING YOU NEED TO KNOW! Data Breaches: Where, What and Why! Federal and State Regulations to Protect Data! EMV Chip Technology! PIN or Signature?! Existing and Emerging Security Options!
More informationPreventing. Payment Card Fraud. Is your business protected?
BY TROY HAWES Preventing Payment Card Fraud Is your business protected? AT A GLANCE + The theft of credit card payment data by hackers is not limited to large corporations. + Many smaller companies fall
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationTo all GRSB debit and credit card customers:
To all GRSB debit and credit card customers: A data breach at the Target Corporation may have exposed 40 million credit/debit cards to potential fraudulent activity. If you made purchases in a Target store
More informationTable of Contents. 2 TouchSuite Welcome Kit
Welcome Kit Table of Contents Important Account Information... Welcome to TouchSuite Merchant Services... Help Desk Card Enclosed... Your Merchant ID (MID)... 3 3 3 3 Customer Support Numbers... 4 Card
More informationFall Conference November 19 21, 2013 Merchant Card Processing Overview
Fall Conference November 19 21, 2013 Merchant Card Processing Overview Agenda Industry Definition Process Flows Processing Costs Chargeback's Payment Card Industry (PCI) Guidelines for Convenience Fees
More informationHealthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016
Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationMasterCard Special Edition
2015 An Empower Federal Credit Union publication. MasterCard Special Edition Important details about our MasterCard conversion. Message From The President John Wakefield President/CEO Why MasterCard? For
More informationTarget Data Breach Survey of Illinois Banks. Executive Summary
Target Data Breach Survey of Illinois Banks Executive Summary February 2014 www.ilbanker.com Target Data Breach Survey of Illinois Banks Executive Summary In December of 2013, just days before the holidays,
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More informationOakland Family Services - Was Your Email Hacked?
Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting
More informationPreparing for EMV chip card acceptance
Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June
More informationPCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationProtecting Yourself from Identity Theft. Charlene L. Esaw Chief, Outreach and Student Programs Central Intelligence Agency (CIA) May 2009
Protecting Yourself from Identity Theft Charlene L. Esaw Chief, Outreach and Student Programs Central Intelligence Agency (CIA) May 2009 How Many of You...? use an ATM machine use your credit card online
More informationIdentity Theft and Online Security
Identity Theft and Online Security ACI-588788 American Century Investment Services, Inc. Goals for Presentation Identity Theft - What is it and how are we at risk? Social Media - How much online security
More informationCustomer Awareness for Security and Fraud Prevention
Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationCredit Card Processing, Point of Sale, ecommerce
Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationSecurity Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.
IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationPCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson Overview What is PCI? MCCS Compliance PCI DSS Technical Requirements MCCS Information Security Policies
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationProtecting Yourself Against Fraud and Identity Theft
Summit Branches are conveniently located in Rochester (8), Seneca Falls (1), Buffalo (2), Syracuse (5) and Cortland (2) Protecting Yourself Against Fraud and Identity Theft A presentation by The Summit
More informationProtect Your Personal Information. Tips and tools to help safeguard you against identity theft
Protect Your Personal Information Tips and tools to help safeguard you against identity theft Trademark of Visa International Service Association; Visa Canada Association is a licensed user. WHAT IS IDENTITY
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationIntroductions 1 min 4
1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes
More informationPresented By: Corporate Security Information Security Treasury Management
Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationCredit card: permits consumers to purchase items while deferring payment
General Payment Systems Cash: portable, no authentication, instant purchasing power, allows for micropayments, no transaction fee for using it, anonymous But Easily stolen, no float time, can t easily
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More information