Payment Card Industry Update and Cyber Risk Management
|
|
- George Mitchell
- 7 years ago
- Views:
Transcription
1 Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
2 Agenda October 22, 2015 Industry Rules Investigatory Phase What Happens After? Advanced Security Cyber Risk Management Prevention Breach Preparation Insurance and Data Breach Advisory 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
3 Payment Card Industry Update and Cyber Risk Management October 22, 2015 Craig A. Hoffman, Blog:
4 PCI Stakeholders
5 Stages of a PCI Breach Discovery Engage PFI Calls with the acquirer/processor & card networks (proactive alerts) Preliminary PFIreport Issuance of CAMS/SAFE alerts Final PFIreport Remediation & revalidation of PCI DSS Fines GCAR & ADCR process (fraud & reissuance costs) Appeal
6 10/21/2015
7 August 2014 PCI Security Council Best Practices for Maintaining PCI DSS Compliance 0 IN TEN YEARS Of all the companies investigated by our forensics team over the last 10 years following a breach, not one was found to have been fully PCI DSS compliant at the time of the breach. Verizon 2015 PCI Compliance Report
8 PCI Fines & Penalties Fines for non compliance with PCI DSS Case management fee Fines for non cooperation Liquidated damages Assessments to recover from the acquirer and reimburse issuers: Operating expenses (heightened monitoring and card reissuance) Incremental counterfeit fraud losses
9 10/21/2015
10 Catastrophic Liability Cap based on 2 5% of prior year Visa sales Assessed 9 12 months after final PFI report submitted
11
12 Other PCI Fun Appeal Rights Acquirer Establishes Reserve Account Acquirer Takes Fines, Fee, & Assessments from Settlement Account Issuing Bank Claims
13 PCI Myths Privilege or work product protection applies to a PFI report and investigation There must be actual evidence of exfiltration for card data to be considered at risk by card networks CPPs are never wrong Merchants can always recover from their vendors Merchants aren t responsible if it was a vendor s fault
14 EMV Chip Card Technology Named after the original developers: EuroPay MasterCard Visa Smart chip technology that uses an embedded microprocessor that stores and protects cardholder data Issuers can decide to issue for authentication in two ways: Chip and PIN Chip and Signature Most significant benefit of EMV technology is prevention of counterfeit card present fraud. The chip creates dynamic authentication codes for each transaction: Dynamic values exist in the EMV and are verified by POS to ensure authenticity of the card Authenticated data changes upon each use
15 EMV Liability Shift The Stick EMV Shift is not a law or requirement October 1, 2015 Liability Shift Date If a merchant has not completed the EMV certification process through its acquirer, then the merchant will be responsible for all card present counterfeit fraud losses Liability shift applies to counterfeit fraud on magnetic stripe AND EMV cards Visa and MasterCard rules indicate application to all transactions American Express states that it transfers liability for certain types of fraudulent transactions away from the party with the most secure form of EMV technology Discover has similar language to American Express
16 What Liability Shifts? BUR 972/images/Vantiv%20EMV%20Toolkit%203page.pdf 10/21/2015
17 EMV Liability Shift The Carrot Annual PCI Revalidation Waiver If 75% of transactions are routed through EMV enabled terminals, the card networks will waive the requirement of an annual obligation to revalidate PCI DSS compliance Some conditions to this waiver apply, i.e. merchants have to submit a Technology Innovation Program (TIP) application For Visa, the conditions are: Validated PCI DSS compliance within the previous 12 months or submitted to Visa (via acquirer) a defined remediation plan for achieving compliance, based on a gap analysis Confirmed that sensitive authentication data is not stored, as defined in the PCI DSS At least 75% of the merchant s total transaction count must originate from dual interface (contact /contactless) enabled chip reading device terminals Not be involved in a breach of cardholder data. Breached merchant may qualify for TIP if they have subsequently validated PCI DSS compliance
18 EMV Liability Shift The Carrot Card Present Data Breach Safe Harbor Historically, Visa and MasterCard made assessments against a breached merchant s acquiring bank to reimburse banks that issued affected cards for costs. Incentive for EMV Visa and MasterCard will provide safe harbor from these assessments. Visa GCAR Liability Safe Harbor Applies if a merchant generates 95% of card present transactions from EMV enabled terminals 30 days before the start of a compromise event. The 95% card present threshold only applies to point of sale terminals, excludes card not present transactions and does not require a chip card or a chip on chip transaction. MasterCard ADC Liability Safe Harbor Applies if at least 95% of the Merchant s annual total transaction count was acquired via Dual Interface Hybrid POS Terminals; At least 95% of the transactions deemed by MasterCard to be within the scope of the compromise event were acquired via Dual Interface Hybrid POS Terminals; and Merchant has not been identified by MasterCard as having experienced a different compromise event during the 12 months prior to date of publication of earliest alert for the compromise event.
19 Risks That Remain After EMV Based on EMV migration data from other countries: Reduction of card present counterfeit fraud Simultaneous increase in card not present fraud Shimmers EMV technology protects against fraud occurring at the point of sale in stores. But: EMV is not a network security solution It has been projected to take up to 5 years before 90% of the cards in circulation are EMV enabled, so even companies with EMV enabled terminals will continue to have customers swiping magnetic stripe cards in their stores for years Recognizing the difficulty of securing their cardholder environment continuously, merchants continue to evaluate the benefits of future proof technology
20 Advanced Security Point-to-Point Encryption (P2PE) Tokenization 10/21/2015
21 Atlanta Chicago Cincinnati Cleveland Columbus Costa Mesa Denver Houston Los Angeles New York Orlando Philadelphia Seattle Washington, DC These materials have been prepared by Baker & Hostetler LLP for informational purposes only and are not legal advice. The information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this information without seeking professional counsel. You should consult a lawyer for individual advice regarding your own situation.
22 October 22, 2015 Cyber Risk Management Prevention Breach Preparation Insurance and Data Breach Advisory 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 1
23 Prevention ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
24 Look to Expert Advice Payment Card Industry - PCI Compliance Cyber Security Readiness Network Assessments Security Awareness Employee Training on Social Engineering Vendor Management Contract Review Regulatory Compliance - Complex Legal Environment Federal Regulations State Laws 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 3
25 Preparedness ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
26 Incident Response Planning The Importance of an Incident Response Plan Prepare and regularly train staff on internally reporting potential or actual breaches or suspicious activity. Identify key internal staff responsible for receiving such reports and notifying appropriate internal and external parties Follow cyber insurance policy requirements of Prior Approval and utilization of Panel Service Providers 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 5
27 Visualize / Prioritize your Incident Response Partners Breach Coach / Legal Advisory Forensics Notification / Call Center Monitoring Services Public Relations Litigation Defense Counsel Law Firm A Forensics A Notice & Call Center Firm A Monitoring Firm A PR Firm A Defense Firm A Law Firm B Forensics B Notice & Call Center Firm B Monitoring Firm B PR Firm B Defense Firm B Law Firm C Forensics C Notice & Call Center Firm C Defense Firm C 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 6
28 Duties in the Event of a Breach A. Incident Response Planning B. Breach Response Notification Requirements C. Cyber Insurance Coverage Initial Coverage Evaluation D. Post-Breach Litigation 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 7
29 Risk Management ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
30 Risk Management Insurance and Data Breach Advisory Risk Manager Tools help manage cyber risk more effectively Incident Response Roadmap spells out the steps to take in the event of a breach (Breach Coach) Experts Directory features qualified third-party providers of breach-related services Best Practices (articles, white papers & webinars) Proprietary Benchmarking Coverage Gap Analysis Policy Design and Best in Class Terms 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 9
31 Craig A. Hoffman, Esq Adam Cottini Thank You Adam Cottini Managing Director, Cyber Liability Practice Arthur J. Gallagher & Co BSD17\26685A 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
Retail Roundtable: Payment System Cyber Attacks Preparing, Protecting, and Responding. June 11, 2014
Retail Roundtable: Payment System Cyber Attacks Preparing, Protecting, and Responding June 11, 2014 Panel Members Craig Hoffman Partner T: 513.929.3491 C: 513.227.3286 cahoffman@bakerlaw.com www.dataprivacymonitor.com
More informationCard Network Update Chip (EMV) Acceptance in the United States At-A-Glance
Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face
More informationU.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon
U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationThe Dark Side of a Payment Card Breach
The Dark Side of a Payment Card Breach Road Map Introduction The Rules of the Game Pitfalls & Strategies Takeaways Q&A The Rules of the Game What is the Game? Payment Card Industry Data Security Standard
More informationVisa global Compromised Account
Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers
More informationPCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz
PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationWhat Merchants Need to Know About EMV
Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the
More informationAmerican Express Data Security Operating Policy United States
American Express Data Security Operating Policy United States As a leader in consumer protection, American Express has a long-standing commitment to protect Cardmember Information, ensuring that it is
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationCredit Card Processing, Point of Sale, ecommerce
Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationData Security Basics for Small Merchants
Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided
More informationWhat is EMV? What is different?
U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,
More informationMerchant Processing. Trends and Truths. Roger Raney TransFirst Regional Sales Manager rraney@transfirst.com 941.704.5858
Merchant Processing Trends and Truths Karen Miles US Rice Producers Association Financial Director karen@usriceproducers.com 713.974.7423 Roger Raney TransFirst Regional Sales Manager rraney@transfirst.com
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationTHE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationPCI and EMV Compliance Checkup
PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations
More informationEMV and Restaurants What you need to know! November 19, 2014
EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards
More informationCPIM Academy. Cash 257 Merchant Services and Revenue Collection
CPIM Academy Cash 257 Merchant Services and Revenue Collection 2015 Objectives Feel prepared to discuss/understand basics of merchant processing Understand Service Fees Difference between credit and debit
More informationThe Anthem Breach: What Employers Need to Know. February 11, 2015
The Anthem Breach: What Employers Need to Know February 11, 2015 Who We Are Privacy and Data Protection Team Named Practice Group of the Year by Law360 Chambers USA 2014 Nationally-Ranked Privacy and Data
More informationFall Conference November 19 21, 2013 Merchant Card Processing Overview
Fall Conference November 19 21, 2013 Merchant Card Processing Overview Agenda Industry Definition Process Flows Processing Costs Chargeback's Payment Card Industry (PCI) Guidelines for Convenience Fees
More informationEMV in Hotels Observations and Considerations
EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered
More informationCash 257 Merchant Services and Revenue Collection
CPIM Academy Cash 257 Merchant Services and Revenue Collection 2015 Objectives Feel prepared to discuss/understand basics of merchant processing Understand Service Fees Difference between credit and debit
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationVisa Recommended Practices for EMV Chip Implementation in the U.S.
CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationwelcome to liber8:payment
liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationDRAFT. Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security. Presented by
DRAFT Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security Presented by The American Bankers Association National Bank Card Fraud Task Force in an effort to give consumers
More informationPCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001
PCI Compliance Just the Facts Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 Agenda Regulatory Landscape Scary Bedtime Stories What went wrong? PCI Compliance Process o What
More informationRisk Mitigation in Travel. New Trends to Reduce Fraud and Increase Revenue
Risk Mitigation in Travel New Trends to Reduce Fraud and Increase Revenue wherever people pay What We Are Going to Discuss Today 3D Secure: Turning a conversion killer into a revenue creator. Transaction
More informationEffectively Managing Data Breaches
Effectively Managing Data Breaches May 27, 2015 Stoddard Lambertson Cyber Intelligence and Investigations Justina Jow Cyber Intelligence and Investigations Disclaimer The information or recommendations
More informationPreparing for EMV chip card acceptance
Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationPCI Security Standards Council
PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI
More informationEMV EMV TABLE OF CONTENTS
2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.
More informationHow To Protect Your Restaurant From A Data Security Breach
NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationSecure Payments Framework Workgroup
Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationGALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions
GALLAGHER CYBER LIABILITY PRACTICE Cyber Risk Exposures and Solutions Cyber Risk Exposures and Solutions Arthur J. Gallagher & Co. s Cyber Liability Practice has the expertise and the desire to deliver
More informationEMV : Frequently Asked Questions for Merchants
EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
More informationEMV Frequently Asked Questions for Merchants May, 2014
EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,
More information5 ways to increase front desk revenue
5 ways to increase front desk revenue As an independent practice physician, you care about two things when it comes to your practice: patient care and the financial health of your practices. Many physicians
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?
More informationPlotting a Course for EMV Compliance
Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently
More informationPCI Risks and Compliance Considerations
PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationBefore You Swipe: Best Practices in Accepting Credit, Debit and Pre-Paid. Paid Card Payments
Before You Swipe: Best Practices in Accepting Credit, Debit and Pre-Paid Paid Card Payments Sean Christy, Sutherland Robyn Miller, Pro Bono Partnership of Atlanta March 22, 2012 Mission of Pro Bono Partnership
More informationUNIVERSITY CONTROLLER S OFFICE
UNIVERSITY CONTROLLER S OFFICE Payment Card Industry (PCI) Security Standards Training Guide (updated for 3.1 requirements) February 2016 Disclaimer: The information in this guide is current as of the
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationDates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2
Network Updates Summer 2013 We are committed to working closely with you on achieving your business goals. As a part of this commitment, we carefully monitor Network changes and summarize them for your
More informationOpenEdge Research & Development Group April 2015
2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The
More informationFUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch
QUICK REFERENCE GUIDE FUTURE PROOF TERMINAL Review this Quick Reference Guide to learn how to run a sale, settle your batch and troubleshoot terminal responses. INDUSTRY Retail and Restaurant APPLICATION
More informationHow To Comply With The New Credit Card Chip And Pin Card Standards
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
More informationPayments Transformation - EMV comes to the US
Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent
More informationIntroductions 1 min 4
1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes
More informationEMV: Preparing for the shift
EMV: Preparing for the shift The impending shift in liability for card-present fraud is driving a transition to EMV, which comes replete with new retail IT requirements and consumer-facing changes to the
More informationYour Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation
Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards
More informationEMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com
EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed
More informationPCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.
PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationUniversal Transaction Gateway (UTG ), 4Go, and i4go are covered by
Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by Universal Transaction one or Gateway more of (UTG ), the 4Go, following and i4go U.S. are covered Pat. by Nos.: one or more 7770789, of
More informationA Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.
A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role
More informationWhat You Need to Know About PCI SSC. 2014 Guiding open standards for global payment card security
What You Need to Know About PCI SSC 2014 About the PCI Council Founded in 2006 - Guiding open standards for payment card security Development Management Education Awareness Expanding Global Representation
More informationWhat Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization
Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase
More informationCYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015
12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman
More informationPCI Security Standards Council
PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More informationHealthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016
Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare
More informationSellWise User Group. Thursday, February 19, 2015
SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User
More informationOpenEdge Research & Development Group April 2015
2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationEMV's Role in reducing Payment Risks: a Multi-Layered Approach
EMV's Role in reducing Payment Risks: a Multi-Layered Approach April 24, 2013 Agenda EMV Rationale Why is this worth the effort? Guides how we implement it EMV Vulnerability at the POS EMV Impact on CNP
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationAppendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationPCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants
Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?
More informationPayment Security teleconference
Payment Security teleconference PCI DSS Compliance Validation Options 27 th March 2014 Michael Christodoulides and Louise Hunt All information correct at time of presentation Introduction Barclaycard has
More informationNEWS BULLETIN 2015-16
NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager
More informationPCI: It Never Ends. Why?
PCI: It Never Ends. Why? How to stay prepared? Shekar Swamy American Technology Corporation St. Louis, MO January 13, 2011 PCI compliance basics It s all about Data Security 12 major areas of compliance
More informationPreparing for the Change to EMV and New Fraud and Security Risks: What U.S. Merchants Need to Know
Preparing for the Change to EMV and New Fraud and Security Risks: What U.S. Merchants Need to Know Introduction Recent large-scale data breaches and growing rates of credit card fraud have some U.S. merchants
More informationPrevention Is Better Than Cure EMV and PCI
Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,
More informationmobile payment acceptance Solutions Visa security best practices version 3.0
mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid
More informationNew Challenges in Card Optimization: Security, Payments, Receivables
New Challenges in Card Optimization: Security, Payments, Receivables Presented By Paul LaRock, Principal paul_larock@treasurystrategies.com 312-628-6955 Steve Wiley, Principal steve_wiley@treasurystrategies.com
More informationSETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS
SETUP GUIDE High Speed Secure Credit Card Processing Thank you for your purchase of Hamilton products! In this handy guide, you will discover: WHAT IS INCLUDED ADDITIONAL REQUIREMENTS HOW IT WORKS SETUP
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationThe Canadian Migration to EMV. Prepared By:
The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced
More informationHow To Control Credit Card And Debit Card Payments In Wisconsin
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
More informationVersion 7.4 & higher is Critical for all Customers Processing Credit Cards!
Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software has met the latest credit card processing requirements with its release of Version 7.4 due to the
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationSecurity & Compliance, Sikich LLP
Mark Shelhart, CFI, CISSP, QSA Security & Compliance, Sikich LLP 1. Credit card breaches 2. Disgruntled IT, bad leaver 3. Personal records breach 4. Vendor network connections (and contracts) 5. Everything
More informationPOLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
More information