PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards

Size: px
Start display at page:

Download "PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards"

Transcription

1 PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards

2 Table of Contents PCI Security Compliance in KANA Solutions...1 The Importance of Protecting Customer Data...3 A Summary of the PCI Security Standard...4 Security in KANA Response...5 Point of Entry Behind the Firewall...5 SSL Communication...6 Data Protection...6 Password Protection...7 Security in KANA Secure Messaging...7 Security in KANA Response Live...8 Data Protection...9 Data Encryption...9 Password Protection...9 Conclusion KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 2

3 The Importance of Protecting Customer Data The news about data security breaches is not good. The fallout and costs from such events as the 2007 TJX Companies i data breach are being assessed in the millions of dollars. However, this most notorious breach is only the tip of the iceberg. The Privacy Rights Clearinghouse counts the approximate number of records that have been compromised due to security breaches at nearly 250,000,000 since Businesses and organizations in every industry from retailers to banks, brokerages, medical groups, pharmaceutical manufacturers, schools, media companies, and government agencies all have been victims of hackers and data thieves. U.S. financial institutions that issue credit cards incurred a record $1.24 billion of losses from fraud in 2006, up 9.3% from In Data Leaks, Culprits are Often Mom and Pop Wall Street Journal, Sept. 22, 2007 As consumers continue to increase their use of the Internet for many types of transactions, the level of compromised customer data and identity theft continues to grow exponentially. The Internet Crime Complaint Center (IC3) received more than 200,000 complaints of crimes perpetrated over the Web during This amounts to almost $240 million in reported losses a $40 million increase from complaints referred to law enforcement in ii According to the Nilson Report, an organization that follows the payment card industry, the cost to card issuers to cover fraud committed by cybercriminals has more than tripled over the past decade to $5.6 billion worldwide in iii To respond to these growing threats, the major credit card companies, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, founded the Payment Card Industry (PCI) Security Council ( One of the major functions of the Council has been to create and manage the PCI Data Security Standard (PCI DSS). The PCI standard is updated every two years by the Council, which maintains PCI and two other security standards. The organization has more than 520 members, including such major multi-channel retailers ranked in the top 500 Internet retailers as Staples, OfficeMax, QVC, Best Buy, Wal-Mart, J.C. Penney, Williams-Sonoma, and Barnes & Noble. iv Complying with the PCI DSS has become essential for many businesses because it provides a strong foundation on which to build data protection measures that help companies proactively protect sensitive customer data. Compliance is mandated by the payment card brands for all entities that transmit, process, or store payment card data. Companies 2011 KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 3

4 "Being PCI compliant is a smart business decision, as far as securing Web property and Intellectual property With data being stored virtually, in accessible areas, PCI standards are set up to help businesses with better practices." Pcicomplianceguide.org will be penalized if they do not comply with the PCI DSS. For many companies, there is an urgent need to meet the standard as the deadlines for validating compliance with the PCI DSS have already passed. For customer support organizations, security breaches pose a real threat as companies expand the use of lower-cost online channels for customer interactions. Credit card numbers, personal identification numbers, account IDs, Social Security Numbers, and other forms of private data used to complete transactions and purchases are being shared in s, chat sessions, and on the Web. As a result, meeting the PCI standard is important for service organizations in order to protect customer data from malicious attack by outsiders or employees of the company. KANA has helped many businesses meet security requirements for online channels through its solutions for multi-channel customer service. In this paper, we will examine how capabilities built into KANA applications, including KANA Response, KANA Secure Messaging, and KANA Response Live, can help organizations comply with the PCI standards. A Summary of the PCI Security Standard The PCI DSS is a multi-faceted standard for companies that accept and store personal credit card information. Based on ISO 17799, the internationally recognized standard for information security practices, the PCI DSS includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. To be PCI certified, a business must adhere to the published PCI data security standard specifications as follows: 2011 KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 4

5 "The rule of thumb is this: If you house credit card information, in whatever form, if you house the information in your server then you are basically responsible for complying with PCI DSS." Kahlid Kark, Forrester Research Security in KANA Response continues to be one of the fastest growing online communication channels given its simplicity and convenience. However, it is also one of the most non-secure communication channels. Despite the fact that companies have encouraged customers not to use for communicating sensitive information, credit card numbers, account IDs, and other private data are still transmitted via . KANA has established a reputation for helping companies efficiently manage high volumes of with KANA Response. To help them protect sensitive data that may be contained in s, KANA has built multiple layers of communication and data security capabilities into KANA Response, all of which meet or exceed portions of the PCI DSS standard. Point of Entry Behind the Firewall The point of entry is via the company s POP3 or IMap server, which resides behind a firewall KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 5

6 SSL Communication Secure Socket Layer (SSL) communication is supported between all nodes in the KANA Response network v including: Application server and client Application server and database server Application server and SMTP server Application server and KANA Classify server Application server and reports server From the forms handler to SMTP server Adapter framework KANA uses SSL communication between KANA Response and clients, the SMTP server, and the database. Data Protection KANA Response helps to protect customer data in several ways: All data within the KANA Response database can be encrypted using the KANA Response license key, including attachments. vi The administrator can choose to encrypt all KANA Response data in the database, or select specific fields, such as encrypting only account numbers, but not a customer s name and address. vii KANA Response uses the AES-128 encryption standard. Rather than choosing an algorithm from a particular vendor, each of which varies, KANA has chosen to use the AES-128 standard. The U.S. National Security Administration has announced that AES is secure enough to protect classified information up to the Top Secret level, which is the highest security level. Pattern matching and number stripping can be executed against the content. For example, 16-digit credit card numbers can be recognized and masked before they are stored in the KANA Response database. This ensures the credit card information is not stored and is not available to any KANA Response user, helping to prevent malicious use KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 6

7 KANA Response supports secure protocols between the application server and any external Web services. Password Protection KANA Response also protects passwords used by agents, supervisors, and application administrators. User and database passwords are encrypted to help prevent unauthorized access. Role-based logins, such as agent, supervisor, and administrator, manage access to data appropriately. In addition, custom role definition is available to fine-tune the level of data access for each user. Password security features include setting expiration dates and password length, requiring user names and passwords to be different, enforcing alphanumeric restrictions, prohibiting use of old passwords, retry lockout and invalid logon lockout. Passwords maintained in configuration files are encrypted with a mechanism for changing them. Password encryption algorithms use the JAVA cryptography standard and comply to the AES-128 encryption standard. Security in KANA Secure Messaging For companies that need to further safeguard communications between customers and service representatives, KANA Secure Messaging offers a solution that combines KANA Response functionality with secure Web portals. KANA Secure Messaging does not include any sensitive data in messages sent to non-secure mailboxes like Microsoft Outlook, which eliminates the need for cumbersome schemes to encrypt and decrypt content. Instead, an message includes a hyperlink to a secure portal where the recipient must authenticate before accessing the protected information. As a result, there is no exposure of sensitive data while it is in transit, helping companies maintain information privacy while reaping the benefits of lower-cost . KANA Secure Messaging provides the following security measures: A Secure Online Access Protocol (SOAP) is used between KANA Response and the secure Web portal in order to exchange data. Any s sent in over the SOAP channel are automatically flagged as secure, and replies will be sent out over the secure channel. For s coming in over a non-secure SMTP/POP channel, rules can scan message content to determine the need for confidentiality. Once an is classified as confidential, Secure Messaging can route it via the SOAP channel instead of over nonsecure SMTP/POP. Rules can be established for a wide range of criteria, such as a particular message title, text word, or alphanumeric pattern. In summary, KANA Response and KANA Secure Messaging help to comply with specific PCI DSS specifications as follows: 2011 KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 7

8 Security in KANA Response Live As live chat becomes increasingly popular, many companies want to leverage this channel to increase sales, forestall shopping cart abandonment, and offer an immediate-response channel for service. KANA Response Live offers a rich set of capabilities for conducting interactive online conversations. To help ensure that these live interactions remain private, KANA Response Live includes the following security measures KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 8

9 Data Protection Using rules, sensitive data in text message can be masked so that it is invisible to the agent. Restrictions can be added to prevent agents from viewing information that the customer is entering during co-browsing sessions. KANA Response Live can be configured to prevent agents from entering certain form information (such as an account ID number) or submitting customer forms. While all of these restricted fields and any data in them are visible to the customer, it is masked from agents. Data Encryption KANA Response Live transcripts are encrypted during transmission and in storage: Chat transcripts are encrypted in the database in the same way s are managed by KANA Response. Chat transcripts for authenticated customers, which become part of the universal customer history, are encrypted in the KANA Response Live database. During transmission, communication between the chat agent and a customer outside the firewall is secured using SSL with 128-bit encryption and externally validated certificates from a recognized certificate authority. For session security, KANA Response Live assigns a unique session management key to each text chat session. This session token is comprised of 50 random alphanumeric characters, providing approximately 170-bit encryption. Each time a text chat message is sent or co-browse event occurs the users in the session are compared to the management key. If a mismatch occurs, then the associated user is ejected from the system. This helps to eliminate an entry point into the corporate network for hackers. Password Protection KANA Response Live includes the same password protection and role functions as KANA Response. (Please see page 7) In summary, KANA Response Live helps companies comply with specific PCI DSS specifications as follows: 2011 KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 9

10 Conclusion The PCI DSS standard offers companies an effective path to securely process, store, and transmit sensitive data. With the security capabilities built into KANA solutions, companies can materially improve their PCI DSS compliance during customer service communications. KANA Response, KANA Secure Messaging, and KANA Response Live all incorporate measures that meet many PCI DSS requirements, helping companies effectively protect their customers information during transmission and in storage KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 10

11 Disclaimer Ultimately, responsibility for PCI compliance remains with the Customer. Complete PCI DSS compliance can only be certified by Customer s PCI DSS Qualified Security Auditor. KANA does not claim, represent or otherwise imply that its products are PCI DSS certified. While all information contained in this paper is believed to be correct at the time of publication, no warranty is made regarding compliance and all information is provided as a convenience to Customer. To learn more about how the KANA suite of multi-channel solutions can help you create customers for life, call Copyright 2011 KANA Software, Inc. KANA and the KANA logo are registered trademarks of KANA. Other company, product and service names may be service marks of their respective owners. 840 W California Avenue, Suite 100 Sunnyvale, CA T F Contact us at Linkedin: Facebook: All Rights Reserved i The TJX Companies, Inc. parent of Marshalls, T.J. Maxx and other retail chains, admitted that hackers compromised some 46 million customer credit card numbers. The incident set off a flurry of lawsuits by customers and banks who contend TJX should be responsible for its shoddy security, as well as a separate investigations by the FTC and 37 state attorneys general. MasterCard has stated that TJX was not compliant when its database was breached, and Eduardo Perez, vice president of payment system risk at Visa USA, says he has "never seen an entity compromised that is PCI compliant." TJX has admitted in FTC filings that it has spent some $20 million already to address costs related to the breach. ii 2007 Internet Crime Report iii As reported in the Wall Street Journal, September 16, 2008 iv The Internet Retailer Top 500 Guide, Internet Retailer, October 7, 2008 v Within the KANA Response interface, SSL communication is on by default, but can be turned off by a system administrator. As SSL may incur some performance impact, the choice to turn SSL on or off will depend on the type of data contained within s. If s do not contain sensitive data, it may be preferable not to use SSL vi Existing KANA Response customers will need to upgrade to KANA Response 10.4 and obtain a new license key. An encryption utility is available to encrypt all data in an existing KANA Response database. vii Once encryption is turned on, administrators cannot selectively choose to encrypt one type of or turn encryption on and off at will. All s will be encrypted according to the chosen options. Choosing to encrypt s should be considered carefully. While encryption can be turned off, it will require considerable effort to return to an unencrypted state KANA Software, Inc. 840 W California Ave, Ste 100, Sunnyvale CA PAGE 11

Compliance Management

Compliance Management Compliance Management Merchant Guide 2012 Stay Clear Of Fraud Are You Concerned About Data Security Risks? Security is a duty. Companies should remember that they are being trusted by consumers with their

More information

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY Page 1 of 6 Summary The Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements for enhancing payment account

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

PCI Wireless Compliance with AirTight WIPS

PCI Wireless Compliance with AirTight WIPS A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Introduction Although [use

More information

Preventing. Payment Card Fraud. Is your business protected?

Preventing. Payment Card Fraud. Is your business protected? BY TROY HAWES Preventing Payment Card Fraud Is your business protected? AT A GLANCE + The theft of credit card payment data by hackers is not limited to large corporations. + Many smaller companies fall

More information

SecurityMetrics Introduction to PCI Compliance

SecurityMetrics Introduction to PCI Compliance SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

Whitepaper. PCI Compliance: Protect Your Business from Data Breach Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

Payment Card Industry Data Security Standards.

Payment Card Industry Data Security Standards. Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Barracuda Web Site Firewall Ensures PCI DSS Compliance Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online

More information

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

Whitepaper. PCI Compliance: Protect Your Business from Data Breach Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your

More information

11/24/2014. PCI Compliance: Major Changes in e-quantum/quantum Net

11/24/2014. PCI Compliance: Major Changes in e-quantum/quantum Net PCI Compliance: Major Changes in e-quantum/quantum Net 1 Credit Card Fraud By some estimates, credit card fraud will cost legitimates businesses hundreds of billions of dollars world wide this year. If

More information

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program

Visa Account Information Security Tool Kit. Welcome to the Visa Account Information Security Program Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

PCI DSS COMPLIANCE DATA

PCI DSS COMPLIANCE DATA PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level. Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

John B. Dickson, CISSP October 11, 2007

John B. Dickson, CISSP October 11, 2007 PCI Compliance for Your Organization PCI Compliance for Your Organization John B. Dickson, CISSP October 11, 2007 Learning objectives for today s session Overview of PCI who, what, why Overview of PCI

More information

PCI Compliance. Top 10 Questions & Answers

PCI Compliance. Top 10 Questions & Answers PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements

More information

Introduction to PCI DSS

Introduction to PCI DSS Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?

More information

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to: What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International

More information

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)

More information

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074

More information

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines? Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

PAI Secure Program Guide

PAI Secure Program Guide PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you

More information

SecurityMetrics. PCI Starter Kit

SecurityMetrics. PCI Starter Kit SecurityMetrics PCI Starter Kit Orbis Payment Services, Inc. 42 Digital Drive, Suite 1 Novato, CA 94949 USA Dear Merchant, Thank you for your interest in Orbis Payment Services as your merchant service

More information

PCI Compliance and the Data Security Standards. A x i a. For more information visit www.axiapayments.com/pci. Your partner in payment services

PCI Compliance and the Data Security Standards. A x i a. For more information visit www.axiapayments.com/pci. Your partner in payment services PCI Compliance and the Data Security Standards Introduction The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of

More information

Becoming PCI Compliant

Becoming PCI Compliant Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants WHITE PAPER Five PCI Security Deficiencies of Restaurants Five PCI Security Deficiencies of Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus - Chief

More information

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft

More information

Implementation Guide

Implementation Guide Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein

More information

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

PCI DSS: An Evolving Standard

PCI DSS: An Evolving Standard White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security

More information

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011 CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 5/25/2011 Updated: May 25, 2011 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...

More information

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN PCI Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information

More information

PCI Compliance: Protection Against Data Breaches

PCI Compliance: Protection Against Data Breaches Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)

More information

PCI Compliance Top 10 Questions and Answers

PCI Compliance Top 10 Questions and Answers Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs

More information

Merchant guide to PCI DSS

Merchant guide to PCI DSS Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW David Kittle Chief Information Officer Chris Ditmarsch Network & Security Administrator Smoker Friendly International / The Cigarette Store Corp

More information

Five PCI Security Deficiencies of Retail Merchants and Restaurants

Five PCI Security Deficiencies of Retail Merchants and Restaurants Whitepaper January 2010 Five PCI Security Deficiencies of Retail Merchants and Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations by Brad Cyprus, SSCP - Senior Security Architect,

More information

Overview of Banking Application Security and PCI DSS Compliance for Banking Applications

Overview of Banking Application Security and PCI DSS Compliance for Banking Applications Overview of Banking Application Security and PCI DSS Compliance for Banking Applications Thought Paper www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process

More information

White paper. Why Encrypt? Securing email without compromising communications

White paper. Why Encrypt? Securing email without compromising communications White paper Why Encrypt? Securing email without compromising communications Why Encrypt? There s an old saying that a ship is safe in the harbour, but that s not what ships are for. The same can be said

More information

And Take a Step on the IG Career Path

And Take a Step on the IG Career Path How to Develop a PCI Compliance Program And Take a Step on the IG Career Path Andrew Altepeter Any organization that processes customer payment cards must comply with the Payment Card Industry s Data Security

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

Three significant risks of FTP use and how to overcome them

Three significant risks of FTP use and how to overcome them Three significant risks of FTP use and how to overcome them Management, security and automation Contents: 1 Make sure your file transfer infrastructure keeps pace with your business strategy 1 The nature

More information

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.

More information

How Reflection Software Facilitates PCI DSS Compliance

How Reflection Software Facilitates PCI DSS Compliance Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013 05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of

More information

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

PCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS: Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal

More information

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m. Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

PCI Data Security Standards

PCI Data Security Standards PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)

More information

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software has met the latest credit card processing requirements with its release of Version 7.4 due to the

More information

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare

More information

Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review

Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Prepared for: Coalfire Systems, Inc. March 2, 2012 Table of Contents EXECUTIVE SUMMARY... 3 DETAILED PROJECT OVERVIEW...

More information

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Matthew T. Davis SecureState, LLC mdavis@securestate.com SecureState Founded in 2001, Based on Cleveland Specialized

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

Security Best Practices

Security Best Practices White Paper Security Best Practices Maintaining tight security, including using both standard and advanced fraud detection and prevention tools, is crucial to maintaining a successful business. No merchant

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

A Rackspace White Paper Spring 2010

A Rackspace White Paper Spring 2010 Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

Data Security: Recent Events, Trends and Best Practices

Data Security: Recent Events, Trends and Best Practices EXPLORE OUR WORLD Data Security: Recent Events, Trends and Best Practices Presented to: IAOP, London By: Tony Lucas EMEA Head of Compliance, Sitel Date: 8 th October 2008 Data Security Challenges for the

More information

How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements

How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements DataSunrise, Inc. https://www.datasunrise.com Note: the latest copy of this document is available at https://www.datasunrise.com/documentation/resources/

More information

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE CHEAT SHEET: PCI DSS 3.1 COMPLIANCE WHAT IS PCI DSS? Payment Card Industry Data Security Standard Information security standard for organizations that handle data for debit, credit, prepaid, e-purse, ATM,

More information

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants Appendix 2 PCI DSS Payment Card Industry Data Security Standard Merchant compliance guidelines for level 4 merchants CONTENTS 1. What is PCI DSS? 2. Why become compliant? 3. What are the requirements?

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers

More information

CREDIT CARD PROCESSING POLICY AND PROCEDURES

CREDIT CARD PROCESSING POLICY AND PROCEDURES CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.

More information

Evolution from FTP to Secure File Transfer

Evolution from FTP to Secure File Transfer IPSWITCH FILE TRANSFER WHITE PAPER Evolution from FTP to Secure File Transfer www.ipswitchft.com Do you know where your organization s confidential and sensitive files were transferred today? Are you sure

More information

HIPAA: The Role of PatientTrak in Supporting Compliance

HIPAA: The Role of PatientTrak in Supporting Compliance HIPAA: The Role of PatientTrak in Supporting Compliance The purpose of this document is to describe the methods by which PatientTrak addresses the requirements of the HIPAA Security Rule, as pertaining

More information

Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: March 2011. Information Supplement: Protecting Telephone-based Payment Card Data

Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: March 2011. Information Supplement: Protecting Telephone-based Payment Card Data Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: March 2011 Information Supplement: Protecting Telephone-based Payment Card Data Table of Contents Executive Summary 3 Clarification of

More information

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance

More information

MEETING PCI COMPLIANCE WITH SONICWALL GLOBAL MANAGEMENT SYSTEM

MEETING PCI COMPLIANCE WITH SONICWALL GLOBAL MANAGEMENT SYSTEM MEETING PCI COMPLIANCE WITH SONICWALL GLOBAL MANAGEMENT SYSTEM PCI DSS 1.1 compliance requirements demand a new level of administration and oversight for merchants, banks and service providers to maintain

More information

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly

More information

BANKING SECURITY and COMPLIANCE

BANKING SECURITY and COMPLIANCE BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions

More information

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600 Credit Cards and Oracle: How to Comply with PCI DSS Stephen Kost Integrigy Corporation Session #600 Background Speaker Stephen Kost CTO and Founder 16 years working with Oracle 12 years focused on Oracle

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data Printer Security Challenges Executive Summary Security breaches can damage both your operations

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

Achieving PCI Compliance for Your Site in Acquia Cloud

Achieving PCI Compliance for Your Site in Acquia Cloud Achieving PCI Compliance for Your Site in Acquia Cloud Introduction PCI Compliance applies to any organization that stores, transmits, or transacts credit card data. PCI Compliance is important; failure

More information

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services / BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE By Melbourne IT Enterprise Services CHECKLIST: PCI/ISO COMPLIANCE If your business handles credit card transactions then you ve probably heard of the Payment

More information

AISA Sydney 15 th April 2009

AISA Sydney 15 th April 2009 AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks

More information