DRAFT. Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security. Presented by
|
|
- Edmund Carpenter
- 8 years ago
- Views:
Transcription
1 DRAFT Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security Presented by The American Bankers Association National Bank Card Fraud Task Force in an effort to give consumers better protection and comfort while using the payment system. November 2010
2 Decision Item 1 LIABILITY SHIFT IN ACCOUNT DATA COMPROMISED CASES Business Owners: Impact Anticipated Implementation Date Proposal Background Benefit Security and Risk Management Financial accountability has been the linchpin that holds all competing entities together in the payment industry. When one side does not uphold their agreement, the end result can be a shift in the delicate balance resulting in increased liability where it did not belong. This is the impact that recent cases of account data compromises have caused as a result of merchant mismanagement and negligence. As a result, literally millions of dollars in fraud losses have come to bear on unsuspecting consumer cardholders and Issuers. To be determined In cases of confirmed account data compromises not only would Issuers re-coup monitoring costs and re-issuance costs but they also could charge back any fraud losses directly related to the merchant compromise. A separate chargeback reason code would be established for these charge-backs. As the number of account data compromises increase, Issuers clearly are feeling the negative financial effects of these cases and subsequently the consumer. Large numbers of accounts could easily cost an Issuer thousands of dollars per compromise in actual fraud losses. Today those losses are the responsibility of the Issuer even though they were the direct result of Merchant negligence. While holding Acquirers responsible for the actions of their Merchants has long been an established principle of the payment industry, these examples are the one exception to their rule. The consequences of this have lead to merchant complacency as they realize they have limited liability should a compromise occur. This puts the consumer data security at risk. If we held them totally accountable for ALL fraud losses they caused, Merchants would have a greater incentive to ensure their systems were totally secure. Fraud losses will only decrease if all parties, Merchants, Acquirers and Issuers, do their utmost to limit risk. Financial incentives or penalties have long been the catalyst for change. If
3 Merchants/Acquirers are fully accountable for all losses they cause this will lead to behavioral changes which will ultimately lead to lower losses. This will benefit the entire Bankcard community and most importantly, consumers, the unsuspecting victim. Recommendation Pending Action To hold Merchants liable for all fraud losses that are caused as a direct result of an account data compromise. A separate chargeback reason code would be established for Issuers to use in these cases. Both the MasterCard International Security Committee and Visa Risk Advisory Committee are asked to evaluate this proposal and approve it at their next meetings.
4 Decision Item 2 COMMUNICATION REGARDING ALERT NOTIFICATION Business Owners: Impact Anticipated Implementation Date Proposal Background Security and Risk Management Many small and medium sized Issuers do not receive timely notification regarding security breaches thus impacting their ability to protect their customer. Smaller institutions (affiliates) sponsored by another financial institution may never be officially notified of the problem. Better communication between MasterCard and Visa and ALL Issuing Members, regardless of size or sponsoring status, would lead to better consumer notification and information, quicker blocking of potential fraud accounts and less fraud losses. To be determined To allow the direct notification concurrently of all MasterCard and Visa and Issuers principal members, affiliate and agent banks, including processors in instances where an account has been compromised. Immediately upon notification of a security breach, MasterCard through MasterCard Alerts and Visa through CAMS will electronically notify all Issuers of the card numbers that have been affected. The notification will include a Universal Compromise Reference Number (UNICORN) developed by the card brands to indentify each incident. As soon as the source and location of a security breach is determined, that information should be communicated to all affected banks and financial institutions via the UNICORN, so they can protect their customers and themselves. Information must include, but not limited to actual information that was possibly compromised along with the card number (i.e., expiration date, name, address, etc.) With this information, during the process of contacting victimized consumers, banks will be able to properly explain to them how their cards were compromised and what information is at risk. This method of communicating to all Issuers will not supersede the other mechanisms and procedures in place for all other operating procedures. Specifically, these procedures are authorizations, charge-backs, settlement, etc. and they will continue under existing communications lines to Processors, Issuers or Affiliates.
5 Benefit Recommendation Pending Action This simple, but powerful, rule change will enable all MasterCard Members and Visa members, irrespective of status, the ability to provide immediate customer attention on accounts that have been compromised and reduce their risk. Issuers can be proactive in providing positive public relations and customer information instead of reacting and having customers hear about compromised accounts though the news media. These mediums negatively portray banks efforts to safeguard account information and put banks on the defensive. Being informed immediately from MasterCard and Visa would counter and eliminate these negative influences. Both the MasterCard International Security Committee and Visa Risk Advisory Committee are asked to evaluate this proposal and approve it at their next meetings. Mandate that banks receive notification directly from MasterCard or Visa regarding compromised accounts.
6 Decision Item 3 MERCHANT SOFTWARE SYSTEM CERTIFICATION Business Owners: Impact Implementation Date Proposal Background Benefit Recommendation Pending Action Merchant Services The payment systems are losing millions of dollars on a yearly basis due to neglect and poorly designed merchant software systems. MasterCard and Visa s inability to have any control over this vital segment has created a risk to members that needs to be addressed. To be determined All merchant software vendors must register with MasterCard and Visa that they are compliant with minimum standards as set forth by each association. Failure to do so would lead to de-certification and publication of the vendor name and software system in an operation and financial bulletin to all members. In certain instances merchants have purchased software inventory systems that manage multiple tasks including payments, inventory control and billing. To their surprise this software also captures full magnetic stripe data and stores that data. Other examples include third party vendors that provide payment services that are also capturing the data. Neither ignorance of their own system capabilities, or shortcomings, nor that of any third party they contract with should absolve the merchant from liability. All merchants must be certified as PCI compliant as soon as possible. Only by holding merchants financially accountable for all actions that originate with them will they have a vested interest in helping solve this growing risk. By ensuring each vendor and merchant software provider meets stringent standards the threat of penalties will be lessened and the industry will be able to mitigate losses and keep them to a minimum. MasterCard and Visa will establish minimum data requirements and standards for all merchant software systems. After a short grace period each Acquirer must certify, through an audit, they meet these minimum standards. Both the MasterCard International Security Committee and Visa Risk Advisory Committee are asked to evaluate this proposal and approve it at their next meetings.
7 Decision Item 4 COMMUNICATION TO BANKS ON THE SEVERITY OF SECURITY BREACH AND DISCLOSING NAME OF THE MERCHANT Business Owners: Impact Anticipated Implementation Date Proposal Background Benefit Security and Risk Management Security breaches of merchant databases concerning consumer cardholder data have become far too common. Issuers receive so many notices from MasterCard and Visa that security and fraud staffs can sometimes become complacent due to the regularity of these notices. The impact of not understanding the severity of these breaches and not knowing the merchant name can cost members millions of dollars. To be determined MasterCard and Visa must set up a system to more accurately portray the severity of breaches in compromised account data cases. In addition, the Merchant name must be disclosed. The system and definitions must be clearly communicated to all members. This can be accomplished with a non-disclosure agreement. The burden has rested on the Issuing Banks to make a determination, with limited information at best, regarding the actions to be taken regarding account data compromises. A wrong decision, to monitor accounts rather than block and re-issue, could cost Issuers millions of dollars in future losses and place an unfair burden on the consumer. The opposite decision, to block and reissue all affected accounts, could cost the Issuer thousands of dollars in card issuance costs and communication costs to their cardholders. At times these actions provide no tangible benefit. After some cardholders have had their cards re-issued two or three times, these cardholders have lost their trust in the payment systems and no longer use their plastic. Issuers must be informed of the severity of a breach to prevent these all too often occurrences. This problem is compounded by the myriad of state data security statutes that have recently been enacted in response to this problem. Keeping consumers happy is paramount to a successful issuing program. Informed decision making due to better and more
8 complete information from both MasterCard and Visa regarding the security of account data compromise would go a long way in keeping consumers satisfied and their personal information safe. Recommendation Pending Action MasterCard and Visa must set up a system to more accurately describe the severity of a security breach at a merchant and also disclose the merchant name. Both the MasterCard International Security Committee and Visa Risk Advisory Committee are asked to evaluate this proposal and approve it at their next meetings.
9 Decision Item 5 CHANGE IN METHODOLOGY FOR SECURITY BREACHES Business Owners: Impact Anticipated Implementation Date Proposal Background Security and Risk Management Issuers are unfairly bearing the brunt of costs associated with Merchant/Acquirer security breaches. The pre-compliance process devised to allow banks an opportunity to seek reimbursement for expenses related to a security breach they are not responsible for seems to be designed to make it highly unlikely that any financial institution will ever recover any expenses. The process needs to be streamlined for Issuers to seek recovery of costs associated with security breaches for card replacement. As Issuers receive fairer reimbursement, Merchants/Acquirers will be forced to protect customer data or risk extreme financial penalties or liabilities. To be determined To shorten the time frame where Issuers receive reimbursement for monitoring accounts and card losses from compromised accounts. In addition Issuers need to be granted more time to file compromised account data cases, partly because the administrative effort has become more complex. The number of known security incidents has grown from a relatively few cases in 2000 to over 260 million records by one account in 2009, and increases every year. In almost all cases the Merchant/Processor/Acquirer stored cardholder data and this has been acknowledged to be in violation of MasterCard and Visa rules. Despite the massive negative publicity and harm to the consumer these cases have generated, the storage of cardholder data continues, and MasterCard and Visa have been powerless to stop it. As with all business decisions the only true remedy is a financial one. The cost of storing cardholder data must be increased dramatically to ensure all relevant parties cease this practice immediately. Issuers must be given better, more complete and timely information on merchant name, city and state and details of how the data was compromised. This will enable Issuers to respond more proactively with their cardholder, the media and their shareholders and give them an opportunity to better protect their accounts. The time frame must also be extended for Issuers to file a claim and a timetable must be established where by Issuers will be reimbursed. Today a great many months go by before an
10 Issuer is paid and the whole process may take one to two years. In the mean time the Issuer is out these funds and is bankrolling the merchant during this period. Benefit Recommendation Pending Action The current process for reimbursement is long, cumbersome and costly for Issuers. Changing and expediting the reimbursement period, while also providing Issuers additional time to prepare claim submission would lower operational and administration costs and therefore increase profits. Merchants/Acquirers would be held more accountable financially for their actions. To provide a 90 day time frame for Issuers to be reimbursed after claim submission and a 90 period after the security bulletin for a claim to be filed. The committees are asked to evaluate and pass the proposed new rules on changes in methodology.
11 Decision Item 6 SECURE CODE AND VERIFIED BY VISA Business Owners: Impact Implementation Date: Proposal Background Benefits Security and Risk Management The internet is still considered unsafe by many cardholders who constantly are reminded via media (television, newspapers and radio) of identity theft and merchant data base compromises. Consumers are quickly losing confidence in the ability of the payment system to protect their account information and the impact of this is enormous. To be determined All MasterCard and Visa E-Commerce merchants must register that they have complied with all requirements for Secure Code or Verified by Visa. Numerous major vendors/merchants have publicly admitted to withholding the full extent of the number of compromised accounts that have occurred to their databases. This has lead to consumer outrage and congressional hearings on this subject. Merchants can no longer be trusted to protect cardholder data by themselves. The only proper way to achieve full compliance is to mandate that merchants must register and comply with these programs. If they do not, Acquirers must either be forced to terminate their merchant relationship and no longer let them accept MasterCard and Visa Cards and present them into settlement or accept a $25,000 fine per month. (This is the same penalty that Issuers face). While E-Commerce transactions show a steady increase, the number of consumers that will embrace purchasing via non face to face methods will not reach its potential without better security measures. MasterCard, Visa, Acquirers, and Issuers have spent great sums of money on Secure Code and Verified by Visa but have seen relatively few merchants avail themselves of this optional service. While making their programs mandatory will surely decrease the number of merchants accepting credit and debit cards, it will make the merchants left more secure. This will result in greater profitability for Merchants, Acquirers, Issuers, MasterCard and Visa and renewed commitment by consumers to use their debit cards.
12 Recommendation Pending Action Effective as soon as possible, all merchants must register for either Secure Code or Verified by Visa or face a $25,000 fine per month or be terminated. Both the MasterCard International Security Committee and Visa Risk Advisory Committee are asked to evaluate this proposal and approve it at their next meetings.
Sales Rep Frequently Asked Questions
V 02.21.13 Sales Rep Frequently Asked Questions OMEGA Processing Data Protection Program February 2013 - Updated In response to a national rise in data breaches and system compromises, OMEGA Processing
More informationVISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)
VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationSWEDBANK AS TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING Valid from 01.12.2014
SWEDBANK AS TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING Valid from 01.12.2014 1. TERMS AND DEFINITIONS 1.1 Account is a current account of the Merchant specified in the Agreement. 1.2 Agreement is
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards
More informationFIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL
FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL Before the Subcommittee on Financial Institutions and Consumer
More informationCard Network Update Chip (EMV) Acceptance in the United States At-A-Glance
Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More informationPrepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.
Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on
More informationCERTIFICATION OF ENROLLMENT ENGROSSED SECOND SUBSTITUTE HOUSE BILL 1149. Chapter 151, Laws of 2010. 61st Legislature 2010 Regular Session
CERTIFICATION OF ENROLLMENT ENGROSSED SECOND SUBSTITUTE HOUSE BILL 1149 Chapter 151, Laws of 2010 61st Legislature 2010 Regular Session FINANCIAL INFORMATION--SECURITY BREACHES--CREDIT AND DEBIT CARDS
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationA Glossary of Key Terms for the Vendor to Surcharge to Make Card Payments a Price Competitive Payment Channel By: Scott Blakeley, Esq.
A Glossary of Key Terms for the Vendor to Surcharge to Make Card Payments a Price Competitive Payment Channel By: Scott Blakeley, Esq. & Brad Boe Abstract Customers have payment channel choices, whether
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationGRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationD. DFA: Mississippi Department of Finance and Administration.
MISSISSIPPI DEPARTMENT OF FINANCE AND ADMINISTRATION ADMINISTRATIVE RULE PAYMENTS BY CREDIT CARD, CHARGE CARD, DEBIT CARDS OR OTHER FORMS OF ELECTRONIC PAYMENT OF AMOUNTS OWED TO STATE AGENCIES The Department
More informationHow To Control Credit Card And Debit Card Payments In Wisconsin
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
More informationTERMS AND CONDITIONS OF PAYMENT CARD ACQUIRING SERVICES AGREEMENT Valid from 16.02.2015
TERMS AND CONDITIONS OF PAYMENT CARD ACQUIRING SERVICES AGREEMENT Valid from 16.02.2015 1. DEFINITIONS 1.1 Settlement Day a day on which the Bank is open for general banking operations. Generally, the
More informationPayment Card Industry Update and Cyber Risk Management
Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, 2015 2014 ARTHUR
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationFailure to follow the following procedures may subject the state to significant losses, including:
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
More informationPCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants
Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?
More informationTarget Breach Impact Survey
Target Breach Impact Survey July 2014 Prepared by Benchmarking & Survey Research. Table of Contents Page Survey Methodology 3 Profile of Survey Participants 4 Impact of Target Breach 5 16 Reimbursement
More informationWorldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)
Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationEMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com
EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed
More informationMay 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association
Statement for the Record On behalf of the American Bankers Association Consumer Bankers Association Credit Union National Association Independent Community Bankers of America National Association of Federal
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationWestpac Merchant. A guide to meeting the new Payment Card Industry Security Standards
Westpac Merchant A guide to meeting the new Payment Card Industry Security Standards Contents Introduction 01 What is PCIDSS? 02 Why does it concern you? 02 What benefits will you receive from PCIDSS?
More informationTarget Data Breach Survey of Illinois Banks. Executive Summary
Target Data Breach Survey of Illinois Banks Executive Summary February 2014 www.ilbanker.com Target Data Breach Survey of Illinois Banks Executive Summary In December of 2013, just days before the holidays,
More informationSage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know
I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit and debit
More informationStatement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the
Statement of Carlos Minetti Discover Financial Services Before the Subcommittee on Oversight and Investigations of the Committee on Financial Services United States House of Representatives July 21, 2005
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationPOLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationPCI Compliance : What does this mean for the Australian Market Place? Nov 2007
Sense of Security Pty Ltd (ABN 14 098 237 908) 306, 66 King St Sydney NSW 2000 Australia Tel: +61 (0)2 9290 4444 Fax: +61 (0)2 9290 4455 info@senseofsecurity.com.au PCI Compliance : What does this mean
More informationPayment Card Industry Compliance Overview
January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260
More informationPCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
More informationVisa global Compromised Account
Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers
More informationPCI: It Never Ends. Why?
PCI: It Never Ends. Why? How to stay prepared? Shekar Swamy American Technology Corporation St. Louis, MO January 13, 2011 PCI compliance basics It s all about Data Security 12 major areas of compliance
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationWhat are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:
What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International
More informationBottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.
Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security
More informationYour Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation
Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationSolutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson
Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the
More informationWHITE PAPER. PCI Compliance: Are UK Businesses Ready?
WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationSage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know
Sage 100 ERP I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationYour Compliance Classification Level and What it Means
General Information What are the Payment Card Industry (PCI) Data Security Standards? The PCI Data Security Standards represents a common set of industry tools and measurements to help ensure the safe
More informationWASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS
WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS I. Introduction, Background and Purpose This Merchant Account Agreement (the Merchant Agreement or Agreement ) is entered
More informationMerchant Gateway Services Agreement
Merchant Gateway Services Agreement This Merchant Gateway Services Agreement ( Agreement ) is made as of, 20 ( Effective Date ), by and between American POS Alliance, LLC ( Reseller ) and the merchant
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 7 Proposed Policy Number and Title: 457 PCI DSS Compliance Existing Policy Number and Title: Not applicable Approval Process* X Regular Temporary Emergency Expedited X New New New Revision Revision
More informationActorcard Prepaid Visa Card Terms & Conditions
Actorcard Prepaid Visa Card Terms & Conditions These Terms & Conditions apply to your Actorcard prepaid Visa debit card. Please read them carefully. In these Terms & Conditions: "Account" means the prepaid
More informationThe Dark Side of a Payment Card Breach
The Dark Side of a Payment Card Breach Road Map Introduction The Rules of the Game Pitfalls & Strategies Takeaways Q&A The Rules of the Game What is the Game? Payment Card Industry Data Security Standard
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This
More informationMAINE DATA BREACH STUDY Pursuant to Resolve 2007, Chapter 152
MAINE DATA BREACH STUDY Pursuant to Resolve 2007, Chapter 152 PREPARED BY THE STAFF OF THE MAINE BUREAU OF FINANCIAL INSTITUTIONS November 24, 2008 John Elias Baldacci Governor Anne L. Head Commissioner
More informationAnd Take a Step on the IG Career Path
How to Develop a PCI Compliance Program And Take a Step on the IG Career Path Andrew Altepeter Any organization that processes customer payment cards must comply with the Payment Card Industry s Data Security
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationMERCHANT SERVICES, LEASING AND OPERATING AGREEMENT. ( Blackboard ). In this Agreement, the words; BbOne Card means a stored-value account
MERCHANT SERVICES, LEASING AND OPERATING AGREEMENT This Agreement is between the Business set forth on the first page ( Business ) and Blackboard Inc., having offices at 650 Massachusetts Ave, N.W., 6th
More informationCAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments
CAL POLY POMONA FOUNDATION Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 PURPOSE The purpose of this policy is to establish business processes and procedures for accepting payment
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationA8.700 TREASURY. This directive applies to all campuses of the University of Hawai i.
Prepared by Treasury Office. This amends A8.710 dated July 2001. A8.710 April 2005 A8.700 TREASURY P 1 of 5 A8.710 Credit Card Program 1. Purpose To provide uniform procedures for the processing of credit
More informationDear Valued Merchant,
Dear Valued Merchant, Welcome to Central Payment thank you for becoming our client. We are committed to providing our merchants with outstanding customer service and superior products. It is our company
More informationCredit Card Acceptance & Chargeback Prevention
Credit Card Acceptance & Chargeback Prevention Tips for Travel Agents July 2010 About this Guidebook... 3 Credit Card Acceptance... 4 Fraud Prevention Tips... 7 Credit Card Chargebacks Tips...11 Payment
More informationPAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW
PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp
More informationSecurityMetrics Introduction to PCI Compliance
SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples
More informationPayment Card Industry Data Security Standard
Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card
More informationRecurring Payments Best Practices Guide
Recurring Payments Best Practices Guide Table of Contents DEFINITIONS... 3 RECURRING TRANSACTION... 3 INSTALLMENT TRANSACTIONS... 3 RECURRING PAYMENT INDICATOR... 4 CARDHOLDER BENEFITS & BEST PRACTICES...
More informationPROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN
PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) WARNING: Your company may be in noncompliance with the Payment Card Industry Data Security Standard (PCI DSS), placing it at risk of brand damage,
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationPowering e-commerce Globally. What Can I Do to Minimize E-Commerce Chargebacks?
Powering e-commerce Globally What Can I Do to Minimize E-Commerce Chargebacks? Chargebacks are not going away. And now there are new rules. Selling products and services online and using credit cards for
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationWhat is EMV? What is different?
U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More information. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.
Credit Card Procedures and Policies Texas A&M Health Science Center offers university departments the convenience of accepting credit cards in payment for goods and services provided. All University departments
More informationAppendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
More informationI. Definitions. DFA: Mississippi Department of Finance and Administration.
FINAL RULE MISSISSIPPI DEPARTMENT OF FINANCE AND ADMINISTRATION ADMINISTRATIVE RULE PAYMENTS BY CREDIT CARD, CHARGE CARD, DEBIT CARDS OR OTHER FORMS OF ELECTRONIC PAYMENT OF AMOUNTS OWED TO STATE AGENCIES
More informationStatement for the Record
Statement for the Record of the AMERICAN BANKERS ASSOCIATION Committee on Small Business U.S. House of Representatives For the hearing Electronic Payments Tax Reporting: Another Tax Burden for Small Businesses
More informationDevelopments in Merchant Acquiring
September 2008 Developments in Merchant Acquiring by Terri Bradford, Payments System Research Specialist, and Christian Hung, Research Associate II hen thinking about the participants involved in card-payment
More informationWISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009
WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 Current Laws: It is unlawful to intentionally use or attempt
More informationPCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001
PCI Compliance Just the Facts Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 Agenda Regulatory Landscape Scary Bedtime Stories What went wrong? PCI Compliance Process o What
More informationSECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures
Page 1 SECTION 509: Payment Card and Electronic Funds Transfer (EFT) Procedures SOURCE: NDSU President NDSU VP for Finance and Administration NDSU VP for Information Technology It is the University s responsibility
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationBall State University Credit/Debit Card Handling Policy and Procedures
Ball State University Credit/Debit Card Handling Policy and Procedures I. Background Ball State University accepts payments in various forms including cash, checks and electronic fund transfers. University
More information