Payment Card Industry Update and Cyber Risk Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Payment Card Industry Update and Cyber Risk Management"

Transcription

1 Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

2 Agenda October 22, 2015 Industry Rules Investigatory Phase What Happens After? Advanced Security Cyber Risk Management Prevention Breach Preparation Insurance and Data Breach Advisory 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

3 Payment Card Industry Update and Cyber Risk Management October 22, 2015 Craig A. Hoffman, Blog:

4 PCI Stakeholders

5 Stages of a PCI Breach Discovery Engage PFI Calls with the acquirer/processor & card networks (proactive alerts) Preliminary PFIreport Issuance of CAMS/SAFE alerts Final PFIreport Remediation & revalidation of PCI DSS Fines GCAR & ADCR process (fraud & reissuance costs) Appeal

6 10/21/2015

7 August 2014 PCI Security Council Best Practices for Maintaining PCI DSS Compliance 0 IN TEN YEARS Of all the companies investigated by our forensics team over the last 10 years following a breach, not one was found to have been fully PCI DSS compliant at the time of the breach. Verizon 2015 PCI Compliance Report

8 PCI Fines & Penalties Fines for non compliance with PCI DSS Case management fee Fines for non cooperation Liquidated damages Assessments to recover from the acquirer and reimburse issuers: Operating expenses (heightened monitoring and card reissuance) Incremental counterfeit fraud losses

9 10/21/2015

10 Catastrophic Liability Cap based on 2 5% of prior year Visa sales Assessed 9 12 months after final PFI report submitted

11

12 Other PCI Fun Appeal Rights Acquirer Establishes Reserve Account Acquirer Takes Fines, Fee, & Assessments from Settlement Account Issuing Bank Claims

13 PCI Myths Privilege or work product protection applies to a PFI report and investigation There must be actual evidence of exfiltration for card data to be considered at risk by card networks CPPs are never wrong Merchants can always recover from their vendors Merchants aren t responsible if it was a vendor s fault

14 EMV Chip Card Technology Named after the original developers: EuroPay MasterCard Visa Smart chip technology that uses an embedded microprocessor that stores and protects cardholder data Issuers can decide to issue for authentication in two ways: Chip and PIN Chip and Signature Most significant benefit of EMV technology is prevention of counterfeit card present fraud. The chip creates dynamic authentication codes for each transaction: Dynamic values exist in the EMV and are verified by POS to ensure authenticity of the card Authenticated data changes upon each use

15 EMV Liability Shift The Stick EMV Shift is not a law or requirement October 1, 2015 Liability Shift Date If a merchant has not completed the EMV certification process through its acquirer, then the merchant will be responsible for all card present counterfeit fraud losses Liability shift applies to counterfeit fraud on magnetic stripe AND EMV cards Visa and MasterCard rules indicate application to all transactions American Express states that it transfers liability for certain types of fraudulent transactions away from the party with the most secure form of EMV technology Discover has similar language to American Express

16 What Liability Shifts? BUR 972/images/Vantiv%20EMV%20Toolkit%203page.pdf 10/21/2015

17 EMV Liability Shift The Carrot Annual PCI Revalidation Waiver If 75% of transactions are routed through EMV enabled terminals, the card networks will waive the requirement of an annual obligation to revalidate PCI DSS compliance Some conditions to this waiver apply, i.e. merchants have to submit a Technology Innovation Program (TIP) application For Visa, the conditions are: Validated PCI DSS compliance within the previous 12 months or submitted to Visa (via acquirer) a defined remediation plan for achieving compliance, based on a gap analysis Confirmed that sensitive authentication data is not stored, as defined in the PCI DSS At least 75% of the merchant s total transaction count must originate from dual interface (contact /contactless) enabled chip reading device terminals Not be involved in a breach of cardholder data. Breached merchant may qualify for TIP if they have subsequently validated PCI DSS compliance

18 EMV Liability Shift The Carrot Card Present Data Breach Safe Harbor Historically, Visa and MasterCard made assessments against a breached merchant s acquiring bank to reimburse banks that issued affected cards for costs. Incentive for EMV Visa and MasterCard will provide safe harbor from these assessments. Visa GCAR Liability Safe Harbor Applies if a merchant generates 95% of card present transactions from EMV enabled terminals 30 days before the start of a compromise event. The 95% card present threshold only applies to point of sale terminals, excludes card not present transactions and does not require a chip card or a chip on chip transaction. MasterCard ADC Liability Safe Harbor Applies if at least 95% of the Merchant s annual total transaction count was acquired via Dual Interface Hybrid POS Terminals; At least 95% of the transactions deemed by MasterCard to be within the scope of the compromise event were acquired via Dual Interface Hybrid POS Terminals; and Merchant has not been identified by MasterCard as having experienced a different compromise event during the 12 months prior to date of publication of earliest alert for the compromise event.

19 Risks That Remain After EMV Based on EMV migration data from other countries: Reduction of card present counterfeit fraud Simultaneous increase in card not present fraud Shimmers EMV technology protects against fraud occurring at the point of sale in stores. But: EMV is not a network security solution It has been projected to take up to 5 years before 90% of the cards in circulation are EMV enabled, so even companies with EMV enabled terminals will continue to have customers swiping magnetic stripe cards in their stores for years Recognizing the difficulty of securing their cardholder environment continuously, merchants continue to evaluate the benefits of future proof technology

20 Advanced Security Point-to-Point Encryption (P2PE) Tokenization 10/21/2015

21 Atlanta Chicago Cincinnati Cleveland Columbus Costa Mesa Denver Houston Los Angeles New York Orlando Philadelphia Seattle Washington, DC These materials have been prepared by Baker & Hostetler LLP for informational purposes only and are not legal advice. The information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this information without seeking professional counsel. You should consult a lawyer for individual advice regarding your own situation.

22 October 22, 2015 Cyber Risk Management Prevention Breach Preparation Insurance and Data Breach Advisory 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 1

23 Prevention ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

24 Look to Expert Advice Payment Card Industry - PCI Compliance Cyber Security Readiness Network Assessments Security Awareness Employee Training on Social Engineering Vendor Management Contract Review Regulatory Compliance - Complex Legal Environment Federal Regulations State Laws 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 3

25 Preparedness ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

26 Incident Response Planning The Importance of an Incident Response Plan Prepare and regularly train staff on internally reporting potential or actual breaches or suspicious activity. Identify key internal staff responsible for receiving such reports and notifying appropriate internal and external parties Follow cyber insurance policy requirements of Prior Approval and utilization of Panel Service Providers 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 5

27 Visualize / Prioritize your Incident Response Partners Breach Coach / Legal Advisory Forensics Notification / Call Center Monitoring Services Public Relations Litigation Defense Counsel Law Firm A Forensics A Notice & Call Center Firm A Monitoring Firm A PR Firm A Defense Firm A Law Firm B Forensics B Notice & Call Center Firm B Monitoring Firm B PR Firm B Defense Firm B Law Firm C Forensics C Notice & Call Center Firm C Defense Firm C 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 6

28 Duties in the Event of a Breach A. Incident Response Planning B. Breach Response Notification Requirements C. Cyber Insurance Coverage Initial Coverage Evaluation D. Post-Breach Litigation 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 7

29 Risk Management ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE ARTHUR J GALLAGHER & CO. OCTOBER 22, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

30 Risk Management Insurance and Data Breach Advisory Risk Manager Tools help manage cyber risk more effectively Incident Response Roadmap spells out the steps to take in the event of a breach (Breach Coach) Experts Directory features qualified third-party providers of breach-related services Best Practices (articles, white papers & webinars) Proprietary Benchmarking Coverage Gap Analysis Policy Design and Best in Class Terms 2013 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 9

31 Craig A. Hoffman, Esq Adam Cottini Thank You Adam Cottini Managing Director, Cyber Liability Practice Arthur J. Gallagher & Co BSD17\26685A 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

Retail Roundtable: Payment System Cyber Attacks Preparing, Protecting, and Responding. June 11, 2014

Retail Roundtable: Payment System Cyber Attacks Preparing, Protecting, and Responding. June 11, 2014 Retail Roundtable: Payment System Cyber Attacks Preparing, Protecting, and Responding June 11, 2014 Panel Members Craig Hoffman Partner T: 513.929.3491 C: 513.227.3286 cahoffman@bakerlaw.com www.dataprivacymonitor.com

More information

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face

More information

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

The Dark Side of a Payment Card Breach

The Dark Side of a Payment Card Breach The Dark Side of a Payment Card Breach Road Map Introduction The Rules of the Game Pitfalls & Strategies Takeaways Q&A The Rules of the Game What is the Game? Payment Card Industry Data Security Standard

More information

Visa global Compromised Account

Visa global Compromised Account Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers

More information

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card

More information

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc. Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance

More information

What Merchants Need to Know About EMV

What Merchants Need to Know About EMV Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the

More information

American Express Data Security Operating Policy United States

American Express Data Security Operating Policy United States American Express Data Security Operating Policy United States As a leader in consumer protection, American Express has a long-standing commitment to protect Cardmember Information, ensuring that it is

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

Credit Card Processing, Point of Sale, ecommerce

Credit Card Processing, Point of Sale, ecommerce Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

Data Security Basics for Small Merchants

Data Security Basics for Small Merchants Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

Merchant Processing. Trends and Truths. Roger Raney TransFirst Regional Sales Manager rraney@transfirst.com 941.704.5858

Merchant Processing. Trends and Truths. Roger Raney TransFirst Regional Sales Manager rraney@transfirst.com 941.704.5858 Merchant Processing Trends and Truths Karen Miles US Rice Producers Association Financial Director karen@usriceproducers.com 713.974.7423 Roger Raney TransFirst Regional Sales Manager rraney@transfirst.com

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

EMV and Restaurants What you need to know! November 19, 2014

EMV and Restaurants What you need to know! November 19, 2014 EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards

More information

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

CPIM Academy. Cash 257 Merchant Services and Revenue Collection CPIM Academy Cash 257 Merchant Services and Revenue Collection 2015 Objectives Feel prepared to discuss/understand basics of merchant processing Understand Service Fees Difference between credit and debit

More information

The Anthem Breach: What Employers Need to Know. February 11, 2015

The Anthem Breach: What Employers Need to Know. February 11, 2015 The Anthem Breach: What Employers Need to Know February 11, 2015 Who We Are Privacy and Data Protection Team Named Practice Group of the Year by Law360 Chambers USA 2014 Nationally-Ranked Privacy and Data

More information

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

Fall Conference November 19 21, 2013 Merchant Card Processing Overview Fall Conference November 19 21, 2013 Merchant Card Processing Overview Agenda Industry Definition Process Flows Processing Costs Chargeback's Payment Card Industry (PCI) Guidelines for Convenience Fees

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Cash 257 Merchant Services and Revenue Collection

Cash 257 Merchant Services and Revenue Collection CPIM Academy Cash 257 Merchant Services and Revenue Collection 2015 Objectives Feel prepared to discuss/understand basics of merchant processing Understand Service Fees Difference between credit and debit

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate. MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

DRAFT. Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security. Presented by

DRAFT. Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security. Presented by DRAFT Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security Presented by The American Bankers Association National Bank Card Fraud Task Force in an effort to give consumers

More information

PCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001

PCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 PCI Compliance Just the Facts Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 Agenda Regulatory Landscape Scary Bedtime Stories What went wrong? PCI Compliance Process o What

More information

Risk Mitigation in Travel. New Trends to Reduce Fraud and Increase Revenue

Risk Mitigation in Travel. New Trends to Reduce Fraud and Increase Revenue Risk Mitigation in Travel New Trends to Reduce Fraud and Increase Revenue wherever people pay What We Are Going to Discuss Today 3D Secure: Turning a conversion killer into a revenue creator. Transaction

More information

Effectively Managing Data Breaches

Effectively Managing Data Breaches Effectively Managing Data Breaches May 27, 2015 Stoddard Lambertson Cyber Intelligence and Investigations Justina Jow Cyber Intelligence and Investigations Disclaimer The information or recommendations

More information

Preparing for EMV chip card acceptance

Preparing for EMV chip card acceptance Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

EMV EMV TABLE OF CONTENTS

EMV EMV TABLE OF CONTENTS 2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.

More information

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

Secure Payments Framework Workgroup

Secure Payments Framework Workgroup Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration

More information

Accepting Payment Cards and ecommerce Payments

Accepting Payment Cards and ecommerce Payments Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont

More information

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions GALLAGHER CYBER LIABILITY PRACTICE Cyber Risk Exposures and Solutions Cyber Risk Exposures and Solutions Arthur J. Gallagher & Co. s Cyber Liability Practice has the expertise and the desire to deliver

More information

EMV : Frequently Asked Questions for Merchants

EMV : Frequently Asked Questions for Merchants EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

5 ways to increase front desk revenue

5 ways to increase front desk revenue 5 ways to increase front desk revenue As an independent practice physician, you care about two things when it comes to your practice: patient care and the financial health of your practices. Many physicians

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?

More information

Plotting a Course for EMV Compliance

Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently

More information

PCI Risks and Compliance Considerations

PCI Risks and Compliance Considerations PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction

More information

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment

More information

Before You Swipe: Best Practices in Accepting Credit, Debit and Pre-Paid. Paid Card Payments

Before You Swipe: Best Practices in Accepting Credit, Debit and Pre-Paid. Paid Card Payments Before You Swipe: Best Practices in Accepting Credit, Debit and Pre-Paid Paid Card Payments Sean Christy, Sutherland Robyn Miller, Pro Bono Partnership of Atlanta March 22, 2012 Mission of Pro Bono Partnership

More information

UNIVERSITY CONTROLLER S OFFICE

UNIVERSITY CONTROLLER S OFFICE UNIVERSITY CONTROLLER S OFFICE Payment Card Industry (PCI) Security Standards Training Guide (updated for 3.1 requirements) February 2016 Disclaimer: The information in this guide is current as of the

More information

Your Compliance Classification Level and What it Means

Your Compliance Classification Level and What it Means General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe

More information

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2 Network Updates Summer 2013 We are committed to working closely with you on achieving your business goals. As a part of this commitment, we carefully monitor Network changes and summarize them for your

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch QUICK REFERENCE GUIDE FUTURE PROOF TERMINAL Review this Quick Reference Guide to learn how to run a sale, settle your batch and troubleshoot terminal responses. INDUSTRY Retail and Restaurant APPLICATION

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

Introductions 1 min 4

Introductions 1 min 4 1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes

More information

EMV: Preparing for the shift

EMV: Preparing for the shift EMV: Preparing for the shift The impending shift in liability for card-present fraud is driving a transition to EMV, which comes replete with new retail IT requirements and consumer-facing changes to the

More information

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards

More information

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed

More information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc. PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by

Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by Universal Transaction one or Gateway more of (UTG ), the 4Go, following and i4go U.S. are covered Pat. by Nos.: one or more 7770789, of

More information

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

What You Need to Know About PCI SSC. 2014 Guiding open standards for global payment card security

What You Need to Know About PCI SSC. 2014 Guiding open standards for global payment card security What You Need to Know About PCI SSC 2014 About the PCI Council Founded in 2006 - Guiding open standards for payment card security Development Management Education Awareness Expanding Global Representation

More information

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for

More information

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards

More information

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

EMV's Role in reducing Payment Risks: a Multi-Layered Approach EMV's Role in reducing Payment Risks: a Multi-Layered Approach April 24, 2013 Agenda EMV Rationale Why is this worth the effort? Guides how we implement it EMV Vulnerability at the POS EMV Impact on CNP

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

Appendix 1 Payment Card Industry Data Security Standards Program

Appendix 1 Payment Card Industry Data Security Standards Program Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?

More information

Payment Security teleconference

Payment Security teleconference Payment Security teleconference PCI DSS Compliance Validation Options 27 th March 2014 Michael Christodoulides and Louise Hunt All information correct at time of presentation Introduction Barclaycard has

More information

NEWS BULLETIN 2015-16

NEWS BULLETIN 2015-16 NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager

More information

PCI: It Never Ends. Why?

PCI: It Never Ends. Why? PCI: It Never Ends. Why? How to stay prepared? Shekar Swamy American Technology Corporation St. Louis, MO January 13, 2011 PCI compliance basics It s all about Data Security 12 major areas of compliance

More information

Preparing for the Change to EMV and New Fraud and Security Risks: What U.S. Merchants Need to Know

Preparing for the Change to EMV and New Fraud and Security Risks: What U.S. Merchants Need to Know Preparing for the Change to EMV and New Fraud and Security Risks: What U.S. Merchants Need to Know Introduction Recent large-scale data breaches and growing rates of credit card fraud have some U.S. merchants

More information

Prevention Is Better Than Cure EMV and PCI

Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

New Challenges in Card Optimization: Security, Payments, Receivables

New Challenges in Card Optimization: Security, Payments, Receivables New Challenges in Card Optimization: Security, Payments, Receivables Presented By Paul LaRock, Principal paul_larock@treasurystrategies.com 312-628-6955 Steve Wiley, Principal steve_wiley@treasurystrategies.com

More information

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS SETUP GUIDE High Speed Secure Credit Card Processing Thank you for your purchase of Hamilton products! In this handy guide, you will discover: WHAT IS INCLUDED ADDITIONAL REQUIREMENTS HOW IT WORKS SETUP

More information

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS: Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal

More information

The Canadian Migration to EMV. Prepared By:

The Canadian Migration to EMV. Prepared By: The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced

More information

WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office

WISCONSIN ACCOUNTING MANUAL Department of Administration State Controller s Office BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent

More information

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software has met the latest credit card processing requirements with its release of Version 7.4 due to the

More information

University Policy Accepting and Handling Payment Cards to Conduct University Business

University Policy Accepting and Handling Payment Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy

More information

Security & Compliance, Sikich LLP

Security & Compliance, Sikich LLP Mark Shelhart, CFI, CISSP, QSA Security & Compliance, Sikich LLP 1. Credit card breaches 2. Disgruntled IT, bad leaver 3. Personal records breach 4. Vendor network connections (and contracts) 5. Everything

More information

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration

More information