IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper"

Transcription

1 IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

2 A data breach has the potential to cost retailers millions in lost customers and sales. In this paper we discuss a number of possible threats to your customers data as well as some simple measures that can be employed to help better secure your customers payment details. The introduction of Payment Card Industry Data Security Standards (PCI-DSS) ten years ago has made a significant contribution to protecting customers and e-commerce retailers alike from increasingly sophisticated criminals determined to steal personal information 1. E-commerce sites remain the primary target for data breaches, accounting for 48 per cent of incidents investigated annually 2. Why? Because payment information is the kind of data that criminals can most profitably sell and convert into cash 3. The rapid growth in e-commerce and m-commerce has created additional risks for retailers. In a bid to understand shopping behaviour and anticipate customers needs, it has become more important for retailers to analyse data. This can result in sensitive personal details about customers and their payment cards being stored and used in more places within an organisation and possibly also shared with partners in the supply chain. In this short white paper, we take a look at three business risks affecting e-commerce retailers in today s data-rich environment and consider some techniques that could help form an essential part of an effective data security strategy. 2 3

3 GROWING BUSINESS RISKS Millions 1. GROWING FINANCIAL RISK OF A DATA BREACH Worryingly, the number of companies suffering from data breaches has increased in recent years 4 despite record levels of PCI-DSS compliance 5. Even large, high profile retailers have fallen victim to malicious attacks, which have grown in complexity and sophistication in recent years. Such data breaches can result in the loss of millions of customer payment card details, passwords and other personal information. The average loss from a data breach for companies in Germany, the US and UK now stands at US$4.8 million ( 3.67 million), US$5.4 million and US$3.1 million ( 2.04 million) respectively 6. The proportion of the total cost resulting from a loss of business ranges from 36 per cent in Germany to 56 per cent in the US with the remaining costs spanning the need to investigate and respond to each data breach 7. Total average cost of UK data breaches: : DATA, DATA EVERYWHERE Successful multi-channel retailers rely on data analytics to generate customer insights, which can enable them to deliver a more personalised and relevant customer experience. However, the analysis of customer transactions and behaviour can make it both more costly and difficult to secure payment data as it moves around a retail business. Data held by a retailer within its own servers, business systems and applications (known as at rest ) is often at greater risk of being breached than data related to the payment system itself ( in transit ) 9. The growing number of applications using this data, whether at rest or in transit, can include customer relationship management, ERP, customer loyalty, data warehouse analysis, one-click purchasing and repeat or recurring payments. To be payment data compliant, all of this data, even if it is encrypted, must be included in annual audits wherever it resides. As more data moves within and outside a business (in particular data which may be shared with supply chain partners), the process of tracking and securing this data can become unsustainable. This can lead to greater effort, resources and time being spent every year in order to stay PCI- DSS compliant. 3: NEW TECHNOLOGY THREATS WITHIN THE BUSINESS According to the Verizon Data Breach Investigations Report, over the past three years 67 per cent of retail and hospitality breaches involve some form of malware and 76 per cent involve hacking 10. However, data breaches arising from human error, system glitches or business process failures can be just as common. For example, data being left unsecured on a lost laptop, or data being ed to an employee s home which is generally less secure than an individual s work environment. The latest version of the PCI-DSS guidelines, which came into effect on 1 January 2014, includes new provisions for the growing levels of mobile transactions, the increased use of cloud computing and virtualisation, employees using their own devices at work and the potential rise of malware on Linux platforms (the operating system frequently used by today s webservers) 11. These recent developments in retail technology and computing can make it more challenging to secure payment data or monitor and track the flow of data around a business. In some cases, a data breach is not noticed for weeks, months or even years at a time 12 and the longer it takes to discover a breach, the greater the likelihood of increased damage and cost to the firm and its customers. 4 5

4 HELP IS AT HAND The increased complexity of PCI- DSS compliance may lead many retailers to consider alternative ways to secure their payment data and reduce the annual burden of PCI-DSS compliance. Two methods in particular are recognised as valuable and effective ways to achieve this goal. TOKENISATION: PROTECTING YOUR STORED DATA This technology addresses cardholder data at rest by replacing the primary account number and other sensitive data with alternative identifiers (or tokens). Once completed properly, this means that valuable payment card information is rendered worthless to any fraudster. The use of tokenisation can enable many systems that handle customer data to be eliminated from the scope of PCI-DSS compliance, saving time, effort and scarce resources. However, the chosen tokenisation approach must be compatible with your existing payment applications, business systems and processes, enabling the data to be accessible and beneficial to your business. Card brands such as Visa, MasterCard and American Express are committed to tokenisation as a way of stemming the rising tide of costly data breaches while nearly half of e-tailers recently surveyed by Chase Paymentech 13 recognised that tokenisation is useful in PCI-DSS compliance. HOSTED PAYMENT PAGE: PROTECTING YOUR ACCEPTANCE DATA While tokenisation generally occurs after authorisation, it does not address issues of security and compliance at the initial acceptance stage. One effective solution at the initial acceptance process is the use of a hosted payment page that can take the form of either a separate webpage or an individual order form that is hosted on a secure site. Customers enter their confidential payment data directly into this secure environment and the transaction proceeds as usual. Because the payment data is neither received nor stored by the merchants, this solution can help address PCI-DSS compliance requirements. In our survey, 65 per cent of retailers recognised that hosted payment pages were useful to PCI-DSS compliance, yet only 39 per cent of them already use a third-party hosted payment page 14. WHICH SOLUTION IS RIGHT FOR MY BUSINESS? Since business environments and system architecture vary greatly, it is advisable to discuss with your acquirer which solution will work best for you to compliment your business model. Is your tokenisation process compatible with your data analysis? Ensure that the structure of your tokenisation system enables you to continue to track multiple uses of a particular customer or card as part of any big data initiatives. Is the architecture of the tokenisation system scalable? Your level of PCI compliance depends on the volume of transactions. As your company grows, this may impact on the architecture design of your solution. What information will the token contain? Some systems enable a complete customer profile to be included within the token so that the customer name, address, address, AVS country code, amount, order description and order ID, as well as the cards expiration date and other payment information, are securely available for data analysis. Will tokens need to be single-use (one-time tokens) or multi-use? If you want to track the behaviour of individual customers, you may need to use the same token every time the card is used especially if you have extensive customer relationship management or loyalty programme applications. Will your chosen hosted payment page share a consistent brand with the rest of your e-commerce site? The latest hosted payment solutions use dynamic designs that are automatically updated to ensure a single and seamless customer experience. Can you customise or personalise your hosted payment page? Ensure that you are able to change the functions within the hosted payment page to reflect the rest of your site, such as first name or the card brands you offer. Does your payment provider enable you to automatically update expired cards? Such functionality enables customers to complete their checkout by updating current account numbers and expiry dates that have changed without having to contact your customer. TO LEARN MORE ABOUT HOW YOU CAN KEEP UP WITH YOUR MULTI-CHANNEL CUSTOMERS, PLEASE CONTACT: UK or visit: 6 7

5 FOR FURTHER INFORMATION ABOUT PCI-DSS COMPLIANCE AND DATA SECURITY, VISIT: PCI Security Standards Council: Data Security Standard - Requirements and Security Assessment Procedures Version 3.0 (November 2013) Visa: Best Practices for Tokenization Version (July 2010) PCI Security Standards Council: Information Supplement - PCI DSS Tokenization Guidelines (August 2011) Mastercard Press Release: MasterCard, Visa and American Express Propose New Global Standard to Make Online and Mobile Shopping Simpler and Safer (October 1, 2013) EMVCo: EMV Payment Tokenisation Specification Technical Framework (March 2014) PCI Security Standards Council: Information Supplement: PCI DSS Cloud Computing Guidlines (February 2013) Chase Paymentech, the global payment processing and merchant acquiring business of JPMorgan Chase & Co. (NYSE: JPM), is a leading provider of payment, fraud and data security, capable of authorising transactions in more than 130 currencies. Chase Paymentech provides payment expertise that helps sustain and power longterm growth. We also offer advice on how to mitigate against the risk of data theft and minimise your PCI-DSS obligations with security solutions that will protect your customers account details. In 2013, Chase Paymentech processed 35.6 billion transactions with a value of $750.1 billion. References Chase Paymentech Europe Limited, trading as Chase Paymentech, is a subsidiary of JPMorgan Chase Bank, N.A. and is regulated by the Central Bank of Ireland. Registered Office: EastPoint Plaza, Second Floor, EastPoint Business Park, Dublin 3, Ireland. Registered in Ireland with the CRO under. No Directors: Shane Fitzpatrick, Kevin Moran, Daniel Charron (US). The information herein or any document attached hereto does not take into account individual client circumstances, objectives or needs and is not intended as a recommendation of a particular product or strategy to particular clients and any recipient of downloadable document shall make its own independent decision. This downloadable document and the information provided herein may not be copied, published, or used, in whole or in part, for any purpose other than expressly authorised by Chase Paymentech Europe Limited. 2014, Chase Paymentech Europe Limited. All rights reserved. 1 Verizon 2014 PCI Compliance Report 2 Trustwave: 2013 Global Security Report (2013) figure 3 3 Verizon 2014 PCI Compliance Report Page 6 4 Ponemon Institute: 2013 Cost of Data Breach Study: Global Analysis (May 2013) 5 Verizon 2014 PCI Compliance Report 6 Ponemon Institute: 2013 Cost of Data Breach Study: Global Analysis (May 2013) figure 3 7 Ponemon Institute: 2013 Cost of Data Breach Study: Global Analysis (May 2013) figures Ponemon Institute: 2013 Cost of Data Breach Study: United Kingdom (May 2013) figure 2 9 Verizon: 2014 PCI Compliance Report page Verizon: Research Report Threat Landscape Retail, Accommodation and Food Services (2013) 11 Verizon 2014 PCI Compliance Report Page Verizon: 2013 Data Breach Investigations Report (2013) figure 5 66% of breaches took months or even years to discover 13 Dynamic Markets: CNP Payment Challenges in 2014 (March 2014) 14 Dynamic Markets: CNP Payment Challenges in 2014 (March 2014)

FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper

FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper In the UK, Europe s largest online market, consumers continue to embrace m-commerce at an astonishing speed with an estimated

More information

A CHASE PAYMENTECH WHITEPAPER. Building customer loyalty in a multi-channel world Creating an optimised approach for e-tailers

A CHASE PAYMENTECH WHITEPAPER. Building customer loyalty in a multi-channel world Creating an optimised approach for e-tailers A CHASE PAYMENTECH WHITEPAPER Building customer loyalty in a multi-channel world Creating an optimised approach for e-tailers Table Of Contents Changing shopping habits... 3 The multi-channel journey...

More information

A chase paymentech Whitepaper. Are You Getting The Best From Your Payments Solution?

A chase paymentech Whitepaper. Are You Getting The Best From Your Payments Solution? Are You Getting The Best From Your Payments Solution? Table Of Contents What are the hidden costs of e-commerce?... 3 Cart and sales conversion improving revenue streams... 4 The cost of compliance the

More information

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud A CHASE PAYMENTECH WHITE PAPER Expanding internationally: Strategies to combat online fraud Fraud impacts nearly eight in every ten international online retailers 1. It hampers prospects for growth, restricts

More information

A CHASE PAYMENTECH WHITE PAPER. Uncovering Five Myths About M-Commerce

A CHASE PAYMENTECH WHITE PAPER. Uncovering Five Myths About M-Commerce A CHASE PAYMENTECH WHITE PAPER Uncovering Five Myths About M-Commerce If there is a single subject that dominates online retailing right now, it is m-commerce and it is not hard to see why. Sales of smartphones

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

TRANSAXpay Online Safer ecommerce & MOTO Payments FIS RETAIL PAYMENTS

TRANSAXpay Online Safer ecommerce & MOTO Payments FIS RETAIL PAYMENTS TRANSAXpay Online Safer ecommerce & MOTO Payments FIS RETAIL PAYMENTS TRANSAXpay Online Safer ecommerce & MOTO Payments FIS RETAIL PAYMENTS Card Not Present (CNP) payment transactions have the potential

More information

OXY GEN GROUP. pay. payment solutions

OXY GEN GROUP. pay. payment solutions OXY GEN GROUP pay payment solutions hello. As UK CEO, I m delighted to welcome you to Oxygen8. We ve been at the forefront of multi-channel solutions since 2000. Headquartered in Birmingham, UK, we have

More information

White Paper: Are there Payment Threats Lurking in Your Hospital?

White Paper: Are there Payment Threats Lurking in Your Hospital? White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep

More information

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

CyberSource Payments & Security ONE POINT OF CONTACT CAN HELP YOU HIT YOUR

CyberSource Payments & Security ONE POINT OF CONTACT CAN HELP YOU HIT YOUR ONE POINT OF CONTACT CAN HELP YOU HIT YOUR MOST AMBITIOUS TARGETS Payments & Security PROCESS PAYMENTS AND SECURE PAYMENT DATA GLOBALLY WITH ONE CONNECTION To prepare for the omni-commerce world effectively,

More information

PAYWARE MERCHANT MANAGED SERVICE

PAYWARE MERCHANT MANAGED SERVICE PAYWARE MERCHANT MANAGED SERVICE PAYware MerchanT Managed Service We focus on payments, so you can drive sales Whether you re selling goods or services, managing your own internal high volume payments

More information

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to

More information

Online Shopping Trends

Online Shopping Trends Online Shopping Trends Jo Lawrence - Senior Relationship Manager, DataCash a MasterCard company Raimonds Keris - E-Commerce Baltic Product Manager - Swedbank Who is DataCash? DataCash is part of the MasterCard

More information

MASTERCARD PAYMENT GATEWAY SERVICES

MASTERCARD PAYMENT GATEWAY SERVICES MASTERCARD PAYMENT GATEWAY SERVICES OVERVIEW MAKING PAYMENTS SAFE, SIMPLE & SMART What are MasterCard Payment Gateway Services? Our Solutions Making payments safe, simple & smart for your customers, for

More information

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material

More information

TOURISM INNOVATIVE PAYMENT SOLUTIONS. Efficient, flexible, worldwide and secure

TOURISM INNOVATIVE PAYMENT SOLUTIONS. Efficient, flexible, worldwide and secure TOURISM INNOVATIVE PAYMENT SOLUTIONS Efficient, flexible, worldwide and secure 2 THE FUTURE OF PAYMENT FOR THE TOURISM AND TRAVEL BUSINESS The PERFECT PARTNER Wirecard is one of the world s leading independent

More information

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com E-Commerce SOLUTIONS In this report, MONEXgroup examines various types of online payment processing and E-Commerce Solutions. The tremendous transition towards online shopping stores in Canada has opened

More information

Omnichannel Payments

Omnichannel Payments Omnichannel Payments The Connected Consumer The way consumers buy goods and services is changing profoundly We now exist in a truly global, connected and digital world. A world of choice that lets us purchase

More information

Verizon 2014 PCI Compliance Report

Verizon 2014 PCI Compliance Report Executive Summary Verizon 2014 PCI Compliance Report Highlights from our in-depth research into the current state of PCI Security compliance. In 2013, 64.4% of organizations failed to restrict each account

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

The PCI Security Standards Council. Bob Russo June 2011

The PCI Security Standards Council. Bob Russo June 2011 The PCI Security Standards Council Bob Russo June 2011 What are the threats to card data? How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure?

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

PCI Compliance and the Data Security Standards. A x i a. For more information visit www.axiapayments.com/pci. Your partner in payment services

PCI Compliance and the Data Security Standards. A x i a. For more information visit www.axiapayments.com/pci. Your partner in payment services PCI Compliance and the Data Security Standards Introduction The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of

More information

2012 Payment Card Threat Report

2012 Payment Card Threat Report 2012 Payment Card Threat Report The second annual study of unencrypted payment card storage Automated Attacks and Card Data Handling In 2011, data breaches increased 42% and as such, last year was reported

More information

Drive your fraud rates down

Drive your fraud rates down Drive your fraud rates down Drive your fraud rates down To a greater or lesser extent, fraud concerns almost everyone involved in e-business. With margins tight and competition fierce, the prospect of

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

University of York Policy on the Management of Debit/ Credit Card Data

University of York Policy on the Management of Debit/ Credit Card Data University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI

More information

Payment Security Account Data Compromise (ADC)

Payment Security Account Data Compromise (ADC) Payment Security Account Data Compromise (ADC) 10 th July 2014 Michael Christodoulides & Louise Hunt All information correct at time of presentation Introductions Barclaycard has become increasingly aware

More information

Security Case Study. Experience from Europe s most mature market. Retailers choose Point for increased security

Security Case Study. Experience from Europe s most mature market. Retailers choose Point for increased security Security Case Study Retailers choose Point for increased security Experience from Europe s most mature market Meet the company with 800 security staff Security is what Point is all about With its clear

More information

safe and sound processing online card payments securely

safe and sound processing online card payments securely safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade

More information

Reach more customers. Take quicker payments. Make it all easier With just one Click.

Reach more customers. Take quicker payments. Make it all easier With just one Click. Reach more customers. Take quicker payments. Make it all easier With just one Click. By phone, online or mobile app, it doesn t matter when or where, Click allows you to reach more customers and take more

More information

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Is the PCI Data Security Standard Enough?

Is the PCI Data Security Standard Enough? Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

PCI DSS Investing wisely...

PCI DSS Investing wisely... PCI DSS Investing wisely... Hotel webinar Neira Jones Head of Payment Security Barclaycard Global Payment Acceptance 25 th July 2011 Leading the way in secure payments global payment acceptance Hotel Security

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Secure Payments Forum

Secure Payments Forum Secure Payments Forum April 2010 Welcome Nick Stacey The Royal College of Physicians Context m 700 600 500 400 300 200 Phone, Internet, Mail order Counterfeit (skimmed / cloned) Total 100 0 2005 2006 2007

More information

Your Customers Want Secure Access

Your Customers Want Secure Access FIVE REASONS WHY Cybersecurity IS VITAL to Your retail Businesses Your Customers Want Secure Access Customer loyalty is paramount to the success of your retail business. How loyal will those customers

More information

PCI Compliance: Protection Against Data Breaches

PCI Compliance: Protection Against Data Breaches Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)

More information

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER Why Cloud-Based Mobile Payments? The promise of mobile payments has captured the imagination of banks,

More information

Retail Business Technology Expo 2011

Retail Business Technology Expo 2011 Retail Business Technology Expo 2011 Press Pack Stand # 212 March 16-17, 2011 For further information please contact: Clare Cockroft PR Manager Tel: +44 (0)114 292 6416 ccockroft@tnsi.com ANNOUNCES PLANS

More information

Payment Security Solutions. Payment Tokenisation. Secure payment data storage and processing, while maintaining reliable, seamless transactions

Payment Security Solutions. Payment Tokenisation. Secure payment data storage and processing, while maintaining reliable, seamless transactions Payment Security Solutions Payment Tokenisation Secure payment data storage and processing, while maintaining reliable, seamless transactions 02 Payment Security Solutions CyberSource Payment Tokenisation:

More information

We make cards and payments work for people as a part of everyday life. We bring information to life

We make cards and payments work for people as a part of everyday life. We bring information to life We make cards and payments work for people as a part of everyday life We bring information to life 2 EVRY is a leading IT company in the Nordic region. Through advice, technology and solutions, EVRY brings

More information

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the

More information

Ogone Payment Services

Ogone Payment Services Ogone Payment Services 1 What is Ogone? A Payment Service Provider (PSP) Seamless technical gateway between shoppers, merchants and providers of payment methods in the card-not-present environment Based

More information

Retail Industry Case Study

Retail Industry Case Study Retail Industry Case Study Realex Payments Support Party Delight s Successful European Expansion THE OVERVIEW Party Delights is the UK s leading supplier of themed party and celebration accessories. The

More information

a CyberSource solution Merchant Payment Solutions

a CyberSource solution Merchant Payment Solutions a CyberSource solution Merchant Payment Solutions 1 Simplifying Payments 2 Safe and reliable payment processing is essential to your business. Authorize.Net, a leading payment gateway since 1996, provides

More information

Payment Card Industry Data Security Standards.

Payment Card Industry Data Security Standards. Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as

More information

www.trustvesta.com VESTA CORPORATION WHITEPAPER Payment Card Industry Data Security Standards (PCI DSS) and Mobile Operators: Trends and Implications

www.trustvesta.com VESTA CORPORATION WHITEPAPER Payment Card Industry Data Security Standards (PCI DSS) and Mobile Operators: Trends and Implications www.trustvesta.com VESTA CORPORATION WHITEPAPER Payment Card Industry Data Security Standards (PCI DSS) and Mobile Operators: Trends and Implications About this paper There have been numerous data breaches

More information

DATA SECURITY, FRAUD PREVENTION AND PCI COMPLIANCE. March 2015

DATA SECURITY, FRAUD PREVENTION AND PCI COMPLIANCE. March 2015 DATA SECURITY, FRAUD PREVENTION AND PCI COMPLIANCE March 2015 This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to whom it is directly

More information

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011) Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions Version 5.0 (April 2011) Contents Contents...2 Introduction...3 What are the 12 key requirements of

More information

A Whitepaper by Vesta Corporation. Payment Card Industry Data Security Standards (PCI DSS) and Mobile Operators: Trends and Implications

A Whitepaper by Vesta Corporation. Payment Card Industry Data Security Standards (PCI DSS) and Mobile Operators: Trends and Implications A Whitepaper by Vesta Corporation Payment Card Industry Data Security Standards (PCI DSS) and Mobile Operators: Trends and Implications About This Paper There have been numerous data breaches both announced

More information

Time to get off the fence?

Time to get off the fence? WHITE PAPER Thought leadership for the retail sector Time to get off the fence? Defining a cost-effective way to get and retain PCI DSS certification Author: Kevin Burns, PCI and Payments Consultant, BT

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

safe and sound Processing online card payments securely leading the way in secure payments A white paper from Barclaycard PMS??? PMS??? PMS??? PMS???

safe and sound Processing online card payments securely leading the way in secure payments A white paper from Barclaycard PMS??? PMS??? PMS??? PMS??? BCD106002BROB1 24/09/2010 17:22 Page 1 C M Y K PMS??? PMS??? PMS??? PMS??? Non-printing Colours Non-print 1 Non-print 2 JOB LOCATION: PRINERGY 3 safe and sound Processing online card payments securely

More information

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization?

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization? FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their

More information

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)

More information

Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS) Payment Card Industry Data Security Standard (PCI DSS) WARNING: Your company may be in noncompliance with the Payment Card Industry Data Security Standard (PCI DSS), placing it at risk of brand damage,

More information

MILLENNIALS EXPECTATIONS VS RETAILERS PRIORITIES BRIDGING THE OMNI-CHANNEL REALITY GAP TO DRIVE GROWTH A CHASE PAYMENTECH BLUEPRINT

MILLENNIALS EXPECTATIONS VS RETAILERS PRIORITIES BRIDGING THE OMNI-CHANNEL REALITY GAP TO DRIVE GROWTH A CHASE PAYMENTECH BLUEPRINT MILLENNIALS EXPECTATIONS VS RETAILERS PRIORITIES BRIDGING THE OMNI-CHANNEL REALITY GAP TO DRIVE GROWTH A CHASE PAYMENTECH BLUEPRINT AT A GLANCE 2015 is the Year of the socalled Millennial (18-34 year olds)

More information

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions

More information

Securing Your Customer Data Simple Steps, Tips, and Resources

Securing Your Customer Data Simple Steps, Tips, and Resources Securing Your Customer Data This document is intended to provide simple and quick information security steps for small to mid-size merchants that accept credit and/or debit cards as a form of payment for

More information

An article on PCI Compliance for the Not-For-Profit Sector

An article on PCI Compliance for the Not-For-Profit Sector Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector

More information

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments A TO Z JARGON BUSTER A ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments ATM Automated Teller Machine. Unattended,

More information

Elavon Payment Gateway Integration Guide- Remote

Elavon Payment Gateway Integration Guide- Remote Elavon Payment Gateway Integration Guide- Remote Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Elavon Payment Gateway Remote

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that

More information

End to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions

End to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions Brochure More information from http://www.researchandmarkets.com/reports/1206263/ End to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions

More information

Finance Office. Card Handling Policy

Finance Office. Card Handling Policy Finance Office Card Handling Policy Prepared by: Lyndsay Brown Issued: November 2012 1 Contents Page 1 Introduction 3 2 Responsibility 3 3 The PCI Data Security Standard 3 4 PCI DSS Requirements 4 5 Receiving/

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

Customer Card Data Security and You

Customer Card Data Security and You Customer Card Data Security and You 01 What Is Global Fortress? Global Fortress is designed as a first line defence to provide you with the resources to help you in your fight against fraudsters. It simplifies

More information

PCI Data Security Standards

PCI Data Security Standards PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013 Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of

More information

$22k. Payment Card Data Breaches: What You Need to Know About Your Risk and Liability. First Data Market Insight

$22k. Payment Card Data Breaches: What You Need to Know About Your Risk and Liability. First Data Market Insight Need to Know About Your Risk and Liability Many small merchants are surprised to learn that they can be held liable for tens of thousands of dollars in fines and other expenses when a card data breach

More information

Keep money moving. A guide to payment services from Sage Pay. www.sagepay.com

Keep money moving. A guide to payment services from Sage Pay. www.sagepay.com Keep money moving A guide to payment services from Sage Pay www.sagepay.com The lifeblood of business Making it safe and easy for your customers to pay you is essential payment channels aren t just a part

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Compliance Management

Compliance Management Compliance Management Merchant Guide 2012 Stay Clear Of Fraud Are You Concerned About Data Security Risks? Security is a duty. Companies should remember that they are being trusted by consumers with their

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

What You Need to Know About PCI SSC. 2014 Guiding open standards for global payment card security

What You Need to Know About PCI SSC. 2014 Guiding open standards for global payment card security What You Need to Know About PCI SSC 2014 About the PCI Council Founded in 2006 - Guiding open standards for payment card security Development Management Education Awareness Expanding Global Representation

More information

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA Australian Payments Clearing Association AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA 214 Australian Payments Clearing Association Limited ABN 12 55 136 519 CONTENTS OVERVIEW 1 SECTION 1 Fraud rates 4 SECTION

More information

Elavon Payment Gateway - Redirect Integration Guide

Elavon Payment Gateway - Redirect Integration Guide Elavon Payment Gateway - Redirect Integration Guide Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Elavon Payment Gateway

More information

Realex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1

Realex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1 Realex Payments Integration Guide - Ecommerce Remote Integration Version: v1.1 Document Information Document Name: Realex Payments Integration Guide Ecommerce Remote Integration Document Version: 1.1 Release

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015 U.S. House Small Business Committee On Behalf of the National Grocers Association October 6, 2015 The National Grocers Association (NGA) appreciates the opportunity to submit comments for the record to

More information

Online Payment Processing What You Need to Know. PayPal Business Guide

Online Payment Processing What You Need to Know. PayPal Business Guide Online Payment Processing What You Need to Know PayPal Business Guide PayPal Business Guide Online Payment Processing 2006 PayPal, Inc. All rights reserved. PayPal, Payflow, and the PayPal logo are registered

More information

PCI DSS Compliance. 2015 Information Pack for Merchants

PCI DSS Compliance. 2015 Information Pack for Merchants PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends

More information

PCI DSS Compliance Services January 2016

PCI DSS Compliance Services January 2016 PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction

More information

Data Security: Recent Events, Trends and Best Practices

Data Security: Recent Events, Trends and Best Practices EXPLORE OUR WORLD Data Security: Recent Events, Trends and Best Practices Presented to: IAOP, London By: Tony Lucas EMEA Head of Compliance, Sitel Date: 8 th October 2008 Data Security Challenges for the

More information

White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity

White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning

More information

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare

More information

Payment Painkillers: How to secure customer payment data in a complex world

Payment Painkillers: How to secure customer payment data in a complex world Payment Painkillers: How to secure customer payment data in a complex world A better way to secure payment data There is a more secure, affordable, manageable and sustainable way for retailers to secure

More information

Presented by: Sam Campisi, Business Relationship Manager, OECM Bruce Averill, Account Executive Sales, Chase Paymentech Kevin Brock, National Sales

Presented by: Sam Campisi, Business Relationship Manager, OECM Bruce Averill, Account Executive Sales, Chase Paymentech Kevin Brock, National Sales Presented by: Sam Campisi, Business Relationship Manager, OECM Bruce Averill, Account Executive Sales, Chase Paymentech Kevin Brock, National Sales Director Sales, Chase Paymentech Today you will learn

More information

Merchant guide to PCI DSS

Merchant guide to PCI DSS Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does

More information