White Paper PCI-Validated Point-to-Point Encryption

Size: px
Start display at page:

Download "White Paper PCI-Validated Point-to-Point Encryption"

Transcription

1 White Paper PCI-Validated Point-to-Point Encryption By Christopher Kronenthal, Chief Technology Officer Contributors

2 Executive Summary Merchants are navigating a payments landscape that continues to evolve, as new technologies and new threats emerge with increasing regularity. Therefore, the Payments Card Industry (PCI) council has established a set of standards that seek to make payments more secure and easier for merchants to manage. Specifically, PCI s Point-to-Point Encryption (P2PE) standard meticulously defines the procedures that a payment solution provider must adhere to, and in doing so, enables merchants to process payments securely while keeping their network environment completely out of scope for PCI security audits. FreedomPay s P2PE solution, fully audited and validated by PCI, supports traditional and emerging payment technologies such as EMV, and offers integrations into multiple Point of Sale systems and payment processors. With the coveted PCI validation, merchants employing the FreedomPay P2PE solution may reduce their scope for PCI compliance, and can conduct their business with the confidence that no unencrypted cardholder data flows through their systems. This white paper will explore the merchant benefits of PCI-Validated P2PE, the process by which FreedomPay earned validation, and the value-added benefits of the FreedomPay Commerce Platform. Why P2PE Merchants today face an increasing number of challenges related to payments: ensuring security, maintaining compliance, managing costs, and keeping pace with an ever-changing payments technology landscape, to name just a few. Emerging standards, like the 2015 switch to EMV, and digital wallet products from Apple, Google, PayPal and even Starbucks have disrupted the payment landscape and sent merchants scrambling for solutions. $225,000+ Average cost of a PCI audit $5MM+ Average cost of a data breach Source: Ponemon Institute The stakes are high. For large merchants, a growing threat of cyber crime and malware has placed security at the top of the priority list. In today s retail environment, preventing a data breach and keeping customer data secure is a threat that cannot be ignored. By the PCI council declaring and publishing a standard against which to validate solutions, there is now a technology standard that can completely secure a merchant s payment infrastructure. With P2PE, transactions are entirely encrypted before they even enter the merchant s location, essentially removing cardholder data from the merchant s POS and network. FreedomPay s P2PE solution, which earned PCI validation in August 2014, offers merchants this unparalleled payments security and functionality, while also protecting that investment with EMV support, setting the pace for the entire payments industry. Even better, is that merchants who utilize this solution benefit from a reduced annual audit report just 19 controls versus the normal

3 Buyer Beware Any P2PE solution that does not adhere to the stated PCI requirements and has not been listed by the PCI Security Council as validated P2PE will not take the merchant s POS and supporting network infrastructure out of scope of compliance. It is incumbent on merchants to work with their QSA on vetting fact from fiction. Only PCI-Validated P2PE solutions have been thoroughly audited and evaluated, and can deliver the merchant benefits of security assurance and true scope reduction. 2

4 PCI P2PE Standards In 2012 and 2013, the PCI Security Standards Council released the PCI P2PE Standard: a set of controls that aimed to provide some clarity and definition around point-to-point encryption. There are three core principles underlying PCI-Validated solutions: Hardware to hardware encryption and decryption with a POI (point-of-interaction) device that has SRED (Secure Reading and Exchange of Data) listed as a function and is enabled. Certified to have a validated secure distribution channel. This means that the entire chain of custody of the POI devices follow strict controls regarding shipping, receiving, tamper-evident packaging and installation. P2PE Instruction Manual (PIM) that guides the merchant on POI device use, storage, return for repairs and regular PCI reporting. Any solution provider can claim to offer point-to-point encryption, but not all P2PE solutions are the same. Only solutions that have been audited and validated to conform to the rigorous scrutiny of the PCI standards can offer merchants the peace of mind and transparency that customer data is truly secured. Merchants that implement PCI-Validated P2PE solutions gain another important benefit: a reduction in the scope of their PCI assessments. Only PCI-Validated P2PE solutions are recognized to have met the requirements that enable merchants to exclude their POS and network from the scope of their cardholder data environment. Maintaining compliance with the PCI Data Security Standard (PCI DSS) is a requirement for all merchants who accept credit cards, and failure may result in an array of non-compliance penalties. The PCI Data Security Standard includes requirements and protective measures that are designed to maintain a secure network, safeguard cardholder data, and ensure the maintenance of information security policies. As stated on the PCI Security Standards Council s listing of Validated Point-to-Point Encryption (P2PE) Solutions, When correctly implemented, these P2PE solutions may simplify merchants PCI compliance programs by eliminating clear-text cardholder data from their environment and reducing the scope of PCI DSS requirements. The PCI P2PE standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary requirements for the protection of payment card data. 3

5 PCI Validation Process P2PE solutions listed on the PCI Security Standards Council website are compliant with a single, standardized set of security requirements, security assessment procedures and processes that have been validated by P2PE assessors. The P2PE standards define a common security assessment framework that is currently recognized by all participating PCI payment brands. To earn validation, P2PE solution providers have the responsibility for ensuring that their P2PE solutions satisfy all requirements of the P2PE standard. As a requirement for the P2PE solution assessment, the P2PE solution provider must provide the P2PE assessor with all required documentation, software, access to facilities and access to third-party service providers used in connection with the P2PE solution. The PCI P2PE standard encompasses close to a thousand individual controls governing encryption and decryption methodologies, software applications, device management and operations related to distribution and cryptographic key injection facilities. To summarize the onerous P2PE Assessment process, solutions must be able to account for: Encryption Device Management: Secure cryptographic devices (SCDs) provide tamper-resistance, detection, and response features to help prevent successful attacks involving penetration, monitoring, manipulation, modification, or substitution of the devices to recover protected data. Application Security: The application does not transmit or store clear-text PAN or SAD outside of the device, and only uses communications methods included in the scope of the PCI-approved POI device evaluation. Encryption Environment: The solution provider maintains inventory-control and monitoring procedures to accurately track POI devices in their possession, and provides related instructions to merchants (P2PE Instruction Manual). Decryption Environment Device Management: Documented procedures exist and are demonstrably in use to ensure the security and integrity of decryption devices placed into service, initialized, deployed, used, and decommissioned. P2PE Cryptographic Key Operations: Key management, cryptographic algorithms and cryptographickey lengths must be consistent with international and/or regional standards. Key components must be protected at all times during transmission, conveyance, or movement between locations. As the P2PE solution provider, FreedomPay has initially partnered with Ingenico Group and ScanSource to deliver all facets of the P2PE solution. Ingenico Group s best in class hardware and ScanSource s secure distribution and key injection capabilities have been fully vetted as part of the PCI P2PE assessment process. 4

6 PCI DSS Scope Reduction Employing a PCI-Validated P2PE solution offers merchants significant reductions in scope for PCI DSS compliance. Because all clear-text cardholder data is removed from the merchant s POS and network environment, that infrastructure is no longer subject to the PCI compliance documentation. The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers who are permitted by the payment brands to self-evaluate their compliance with PCI DSS. With 284 individual controls to document and maintain, and all of the associated costs, PCI DSS compliance requires that merchants make a significant investment in time and resources each year. Official PCI Validation for a P2PE solution means that merchants can significantly reduce their scope for PCI DSS validation and obtain thirdparty assurance that no cardholder data passes through their network environment in an unencrypted state Matt Getzelman, National PCI Practice Director, Coalfire Systems, Inc. For merchants employing a PCI-Validated P2PE solution, there is relief for the documentation required, as well as the underlying costs of maintaining a compliant environment. SAQ P2PE-HW is a substantially shorter compliance document, available only to merchants who process cardholder data only via approved payment terminals as part of a Council-listed P2PE solution. To be eligible for the SAQ P2PE-HW, merchants must confirm that they: Are using a PCI P2PE solution that is listed on the PCI SSC s List of Validated P2PE Solution. Do not store, process, or transmit any cardholder data on any system or electronic media (for example, on computers, portable disks, or audio recordings) outside of the payment terminal used as part of the Council-listed P2PE solution. Do not store any cardholder data in electronic format. This includes verifying that there is no legacy storage of cardholder data from other payment devices or systems. Have implemented all controls in the P2PE Instruction Manual (PIM) provided by the P2PE Solution Provider. With just 19 sections to complete, largely related to the proper maintenance and implementation of the P2PE payment terminal, the SAQ P2PE-HW removes the core elements of the merchant environment from scope: the POS, operating system and network. As an additional benefit, penetration tests and vulnerability scans are no longer required. This enables POS devices and operating systems that would otherwise fall out of compliance to remain in use because the P2PE payment terminal circumvents that infrastructure, and no cardholder data flows through legacy systems. 5

7 P2PE Payment Terminals Core to the PCI-Validated P2PE solution is the Secure Reading and Exchange of Data (SRED) module, designed to encrypt data at the Point-of-Interaction. The SRED module applies the security and cryptographic protection of PIN data to the reading of card data presented by magnetic stripe, EMV, contactless/nfc, and manual entry. In order for P2PE to be in the SRED module, the encryption key management and encryption of the cardholder data must be done in the device s security processor. This and other P2PE program aspects must be in firmware, as opposed to being in the application. The firmware is reviewed and certified as meeting the SRED requirements by a PCI approved laboratory. FreedomPay s P2PE solution leverages SREDenabled terminals from Ingencio Group that offer merchants in any industry the flexibility to roll out a variety of compliant devices. All of the Ingenico Group devices that FreedomPay provides support traditional magnetic stripe payments, and also alternative and emerging payment methodologies such as EMV and NFC. FreedomPay Payment Gateway The FreedomPay Commerce Platform functions as a secure switch that routes payment data from the point of sale system to the payment processor seamlessly with its validated P2PE solution. FreedomPay is broadly integrated with both POS systems and processors, ensuring merchants the flexibility and coverage to make changes to their POS platform and/or processing partner at any time. While already the most connected, lowest cost routing network in North America, FreedomPay is continually expanding its integration list with the goal of complete industry interconnectivity. In addition to these, the FreedomPay Commerce Platform can support gift cards, vouchers and stored value (closed-loop cashless) models that execute a declining balance from a prepaid card. 6

8 Incentives Engine As a value-added platform provider, FreedomPay offers merchants a robust incentive engine that powers discounts, promotions and loyalty programs. The FreedomPay Commerce Platform evaluates each purchase in real-time and applies discounts or points based on particular SKUs, time of day, overall spend, location, product category and more. As an example, a foodservice provider might consider offering a point for each dollar spent in the café, and triple points for higher margin items or perishable items. In a business-to-business setting, FreedomPay can also help merchants, manufacturers and banks deliver financial terms incentives on large corporate purchases. FreedomPay s Incentive Manager allows a merchant to configure any number of promotions or loyalty point programs. Customers can view offers and loyalty point accruals through a web interface and/ or mobile app, and redeem incentives in real time at the POS. The platform is designed to provide marketers with the tools to validate their promotional activity at a SKU level, gaining valuable insight into what offers, discounts and loyalty rewards are most effective, and for which customer segments. Microsoft Partnership and Global Scalability As a platform for future growth and innovation, FreedomPay was named Microsoft s global payments partner. The FreedomPay Commerce Platform was chosen to support Enterprise Retail and Banking divisions globally. FreedomPay is working across multiple continents with Microsoft s banking team to deliver added value commerce products and services to key bank customers. FreedomPay s platform integrates seamlessly with bank infrastructure and is fully supported in the Azure Microsoft cloud for global scalability. Conclusion FreedomPay has reinvented its business according to the strict standard required by PCI for point-topoint encryption. The exacting process of achieving PCI validation for P2PE has resulted in FreedomPay building an industry-leading platform that delivers merchants immediate benefits around payment security and scope reduction, as well as ongoing opportunities to innovate and add value. As the payment landscape shifts to include EMV and NFC transactions, FreedomPay is helping merchants stay ahead of the game. As North America s first fully-functional PCI-Validated P2PE platform with EMV and NFC-ready terminals, FreedomPay is setting the standard for merchants to deliver a customer experience based on security, functionality and intelligence. It is here, at the intersection of payments and data, that FreedomPay is able to deliver on its promise to merchants: We make payments smarter, simpler and more secure. 7

9 About the Author Christopher R. Kronenthal, Chief Technology Officer and Alliance Executive Chris Kronenthal is the payment industry s preeminent security expert, bringing world-class experience to the software development processes and compliance solutions of FreedomPay. He led FreedomPay s effort to build the market s first PCI-validated, fully-functional point-to-point encryption (P2PE) payment technology as part of its cloud-based FreedomPay Commerce Platform. Leveraging more than a decade of international experience in diverse industries with a strong focus on compliance and infrastructure enables Chris to advance a security-focused perspective for any company s scalable needs. Chris joined FreedomPay in 2008 and is responsible for the company s technology solutions, as well as key alliances with strategic technology partners. Chris manages security compliance; production network infrastructure; development of new and existing software products; change and quality control initiatives; and technology partner strategy. Prior to joining FreedomPay, Chris held various technology management positions at the Coriell Institute for Medical Research, the world s oldest and largest bio-repository. There he led the development of Coriell s highly specialized and security-driven bio-repository system. Chris received his Bachelor s and Master s of Science degrees in Information Technology at the Rochester Institute of Technology. About FreedomPay FreedomPay is the engine inside the world s expanding and interconnected ecosystem of commerce. We make payments smarter, simpler and more secure. The FreedomPay Commerce Platform is a multipatented solution portfolio designed to enable companies to embrace current trends and accelerate innovation. The platform seamlessly bridges the gap across in-store, web and mobile by interconnecting POS systems, transaction processors, incentive engines and other disparate systems to a cutting edge payment gateway. The FreedomPay Commerce Platform P2PE solution provides merchants complete payment data security, including EMV and NFC compliance, in accordance with the coveted certification from the PCI Security Standards Council. Contributors 8

White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer

White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure By Christopher Kronenthal, Chief Technology Officer Advanced Commerce Platform Foreword 2015 will bring incredible change and innovation

More information

rguest Pay Gateway: A Solution Review

rguest Pay Gateway: A Solution Review rguest Pay Gateway: A Solution Review TABLE OF CONTENTS Introduction...3 Why P2PE?...4 PCI P2PE Standards...4 Buyer Beware...6 PCI DSS Scope Reduction...6 P2PE Payment Terminals...7 The Payment Information

More information

White Paper Solutions For Hospitality

White Paper Solutions For Hospitality White Paper Solutions For Hospitality Foreword Addressing the complexity of a hospitality ecosystem as varied as the front desk to the parking garage, to the restaurant, the website, and the call center,

More information

Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE Complete Campus Coverage With the complexity of a college campus ecosystem as varied as the development office

More information

Payment Card Industry (PCI) Point-to-Point Encryption

Payment Card Industry (PCI) Point-to-Point Encryption Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements and : Encryption, Decryption, and Key Management within Secure Cryptographic Devices (Hardware/Hardware) Version 1.1.1 July 2013

More information

Point-to-Point Encryption (P2PE)

Point-to-Point Encryption (P2PE) Payment Card Industry (PCI) Point-to-Point Encryption (P2PE) Frequently Asked Questions for PCI Point-to- Point Encryption (P2PE) August 2012 Frequently Asked Questions (FAQs) For PCI Point-to-Point Encryption

More information

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance Emerging Technology Whitepaper Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance For Transmissions of Cardholder Data and Sensitive Authentication Data Program Guide Version

More information

Point-to-Point Encryption

Point-to-Point Encryption Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements: Encryption, Decryption, and Key Management within Secure Cryptographic Devices (Hardware/Hardware) Initial Release: Version

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry

More information

Adyen PCI DSS 3.0 Compliance Guide

Adyen PCI DSS 3.0 Compliance Guide Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants

More information

What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or

More information

Payment Card Industry (PCI) Point-to-Point Encryption

Payment Card Industry (PCI) Point-to-Point Encryption Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements and Version 2.0 June 2015 Document Changes Date Version Description 14 September 2011 1.0 April 2012 1.1 June 2014 2.0 Initial

More information

PCI PA-DSS Requirements. For hardware vendors

PCI PA-DSS Requirements. For hardware vendors PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance Hardware Payment Terminals in a Validated P2PE Solution only, No Electronic Cardholder

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS A RESELLER S GUIDE CONTENTS New Sales Opportunities : EMV Mandate Means New Business... 3 New POS Will Need Both EMV and PCI... 3 Growing Demand for NFC Transactions...

More information

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard PCI Compliance Crissy Sampier, Longwood University Edward Ko, CampusGuard Agenda Introductions PCI DSS 101 Chip Cards (EMV) Longwood s PCI DSS Journey Breach Statistics Shortcuts to PCI DSS Compliance

More information

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock PCI DSS 3.0 Overview OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock 01/16/2015 Purpose of Today s Presentation To provide an overview of PCI 3.0 based

More information

PCI DSS. CollectorSolutions, Incorporated

PCI DSS. CollectorSolutions, Incorporated PCI DSS Robert Cothran President CollectorSolutions www.collectorsolutions.com CollectorSolutions, Incorporated Founded as Florida C corporation in 1999 Approximately 235 clients in 35 states Targeted

More information

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015 PCI P2PE 2.0 What Does it Mean for Merchants and Processors? September 10, 2015 Agenda Housekeeping Presenters About Conexxus Presentation Q& A 2015 Conexxus Webinar Schedule* Month/Date Webinar Title

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 3.2 May 2016 Document Changes Date Version Description October 1, 2008 1.2 October 28,

More information

PCI DSS v3.0 SAQ Eligibility

PCI DSS v3.0 SAQ Eligibility http://www.ambersail.com Disclaimer: The information in this document is provided "as is" without warranties of any kind, either express or implied, including, without limitation, implied warranties of

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment

More information

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide

More information

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million. Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the

More information

The State of Security and Compliance for E- Commerce and Retail

The State of Security and Compliance for E- Commerce and Retail The State of Security and Compliance for E- Commerce and Retail Current state of security PCI regulations and compliance Does the data you hold require PCI compliance Security and safeguarding against

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

PCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth

PCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth PCI Compliance 2012 - The Road Ahead October 2012 Hari Shah & Parthiv Sheth What s the latest? Point-to-Point Encryption (P2PE) Program Guide Updated Solution Requirements and Testing Procedures for hardware-based

More information

PCI Compliance for Cloud Applications

PCI Compliance for Cloud Applications What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February

More information

Data Security Basics for Small Merchants

Data Security Basics for Small Merchants Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided

More information

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER Why Cloud-Based Mobile Payments? The promise of mobile payments has captured the imagination of banks,

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

VeriFone VeriShield Total Protect Technical Assessment White Paper

VeriFone VeriShield Total Protect Technical Assessment White Paper VeriFone VeriShield Total Protect Technical Assessment White Paper Prepared for: September 4 th, 2013 Dan Fritsche, CISSP, QSA (P2PE), PA-QSA (P2PE) dfritsche@coalfiresystems.com Table of Contents EXECUTIVE

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

Becoming PCI Compliant

Becoming PCI Compliant Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder

More information

PCI DSS Compliance Services January 2016

PCI DSS Compliance Services January 2016 PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction

More information

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5

More information

PCI DSS. Payment Card Industry Data Security Standard. www.tuv.com/id

PCI DSS. Payment Card Industry Data Security Standard. www.tuv.com/id PCI DSS Payment Card Industry Data Security Standard www.tuv.com/id What Is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is the common security standard of all major credit cards brands.the

More information

PCI Compliance. Top 10 Questions & Answers

PCI Compliance. Top 10 Questions & Answers PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements

More information

10 Step PCI Certification Process for Merchants and Service Providers

10 Step PCI Certification Process for Merchants and Service Providers 10 Step PCI Certification Process for Merchants and Service Providers 10 Step PCI Certification Process for Merchants and Service Providers Follow the pcipolicyportal.com 10 step PCI certification process

More information

COMPLIANCE OVERVIEW: PCI DSS. 2014 Edition. Complimentary. Preview

COMPLIANCE OVERVIEW: PCI DSS. 2014 Edition. Complimentary. Preview COMPLIANCE OVERVIEW: PCI DSS 2014 Edition Copyright 2014 insidearm.com. All rights reserved. NOTICE: This is not a free whitepaper. This report is offered for sale by insidearm.com. Purchase of this report

More information

How To Protect Visa Account Information

How To Protect Visa Account Information Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

Credit Card Processing, Point of Sale, ecommerce

Credit Card Processing, Point of Sale, ecommerce Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits

More information

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Transitions in Payments: PCI Compliance, EMV & True Transactions Security Transitions in Payments: PCI Compliance, EMV & True Transactions Security There have been more than 600 million records compromised from approximately 4,000 data breaches since 2005 and those are just

More information

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data

More information

PCI Data Security Standards

PCI Data Security Standards PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million

More information

Accelerating PCI Compliance

Accelerating PCI Compliance Accelerating PCI Compliance PCI Compliance for B2B Managed Services March 8, 2016 What s the Issue? Credit Card Data Breaches are Expensive for Everyone The Wall Street Journal OpenText Confidential. 2016

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

Payment Card Industry Standard - Symantec Services

Payment Card Industry Standard - Symantec Services Payment Card Industry Standard - Symantec Services The Payment Card Industry Data Security Standard (PCI, or PCI DSS) was developed by the PCI Security Standards Council to assure cardholders that their

More information

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.

Introduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m. Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of

More information

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors. About PSC With offices in the USA, Canada, UK and Australia, PSC is a leading PCI, PA DSS, and P2PE assessor, PCI Forensics Company and Approved Scanning Vendor. PSC is one of an elite few companies qualified

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

Revenue Security and Efficiency

Revenue Security and Efficiency Revenue Security and Efficiency Discussion with the Mid-Atlantic Oracle Applications Users Group CardConnect Solution Oracle EBS Validated Application Oracle EBS Validated Application Securing Payment

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

MPOS: RISK AND SECURITY

MPOS: RISK AND SECURITY MPOS: RISK AND SECURITY 2 Evolution of Payment Acceptance Consumers want to get the best deal with the minimum pain Sellers want to ensure they never turn down a sale and maximise consumer loyalty 3 Evolution

More information

Understanding the SAQs for PCI DSS version 3

Understanding the SAQs for PCI DSS version 3 Understanding the SAQs for PCI DSS version 3 The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers report the results of their PCI DSS

More information

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.

More information

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP 2015 CliftonLarsonAllen LLP PCI Compliance How to Meet Payment Card Industry Compliance Standards May 2015 cliftonlarsonallen.com Overview PCI DSS In the beginning Each major card brand had its own separate

More information

PCI Compliance Top 10 Questions and Answers

PCI Compliance Top 10 Questions and Answers Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document

More information

Payments simplified. 1

Payments simplified. 1 1 Payments simplified. T H E PAY M E N T I N D U S T RY A I N T W H AT I T U S E D T O B E 2 Complexity is increasing, More change in next 5, than last 50 Emerging payments / loyalty / rewards / coupons

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage

More information

Point Secure Commerce Application (SCA) 2.x PCI PA-DSS Out of Scope White Paper

Point Secure Commerce Application (SCA) 2.x PCI PA-DSS Out of Scope White Paper Point Secure Commerce Application (SCA) 2.x PCI PA-DSS Out of Scope White Paper Executive Summary Lyle Miller: CISSP, QSA PA-QSA December 3, 2013 VeriFone, Inc. (VeriFone) engaged Coalfire Systems Inc.

More information

PAYMENTS AS A SERVICE. Fully managed multi-channel card acceptance for all business environments. www.verifone.co.uk

PAYMENTS AS A SERVICE. Fully managed multi-channel card acceptance for all business environments. www.verifone.co.uk PAYMENTS AS A SERVICE Fully managed multi-channel card acceptance for all business environments www.verifone.co.uk Whether small or large, PAYware Ocius s multi-channel flexibility can transform your s

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

PCI Security as a Lifecycle: How to Plan for PCI in 2012 and Beyond

PCI Security as a Lifecycle: How to Plan for PCI in 2012 and Beyond PCI Security as a Lifecycle: How to Plan for PCI in 2012 and Beyond Bob Russo PCI SECURITY STANDARDS COUNCIL Session ID: GRC-204 Session Classification: Intermediate About the Council Open, global forum

More information

Enterprise Payments for

Enterprise Payments for Enterprise Payments for Table of Contents I. Introducing CardConnect II. III. IV. Gartner Tokenization Reporting Featuring CardConnect PCI Compliance, EMV & True Payment Security CardConnect for SAP V.

More information

Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper

Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper June 05 White Paper Author: Andrey Sazonov CISA, QSA, PA-QSA asazonov@coalfire.com Nick Trenc QSA, PA-QSA nick.trenc@coalfiresystems.com

More information

PCI Risks and Compliance Considerations

PCI Risks and Compliance Considerations PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction

More information

Payment Card Industry - Achieving PCI Compliance Steps Steps

Payment Card Industry - Achieving PCI Compliance Steps Steps CUR RITY SE Data Security Requirements for K-12 January 28, 2010 Payment Card Industry (PCI) SE CUR RITY 1 Welcome To Join The Voice Conference Dial 866-939-3921 Technical issues press 0 Q & A We ll leave

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

DATA SECURITY. Payment Card Industry (PCI) Compliance Steps for Organizations May 26, 2010. 2010 Merit Member Conference

DATA SECURITY. Payment Card Industry (PCI) Compliance Steps for Organizations May 26, 2010. 2010 Merit Member Conference 2010 Merit Member Conference Compliance Steps for Organizations May 26, 2010 Payment Card Industry (PCI) 1 Welcome 2 Welcome Q & A We ll leave time to address questions during the last 15 minutes of the

More information

PCI Compliance 3.1. About Us

PCI Compliance 3.1. About Us PCI Compliance 3.1 University of Hawaii About Us Helping organizations comply with mandates, recover from security breaches, and prevent data theft since 2000. Certified to conduct all major PCI compliance

More information

Credit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2

Credit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2 Credit Card Risks: Update on PCI Compliance Monday, May 23 2:40pm 3:55 CPE: 2 Joe Helmy, VP Emerging Verticals, MasterCard Jennifer Cooperman, MBA, CPFO, Treasurer, City of Portland, OR Tod Burton, Financial

More information

Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security

Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security www.thales-esecurity.com Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security 2 / Verizon Data Breach Report 3 / Victim Industry

More information

NCR Secure Pay FAQ Updated June 12, 2014

NCR Secure Pay FAQ Updated June 12, 2014 NCR Secure Pay FAQ Updated June 12, 2014 Contents What is NCR Secure Pay?... 1 What is the value of NCR Secure Pay?... 2 Host-based Settlement... 2 Token Replacement... 2 Point-to-Point Encryption (P2PE)...

More information

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire A Version 2.0 Attestation Of Compliance, SAQ A Instructions for Submission The merchant must

More information

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in

More information

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com Flexible and secure payment solution acceo tender retail payment solution tender-retail.acceo.com Take control of your payment transactions ACCEO Tender Retail is a specialized middleware that handles

More information

Is the PCI Data Security Standard Enough?

Is the PCI Data Security Standard Enough? Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release

More information

Technology Innovation Programme

Technology Innovation Programme FACT SHEET Technology Innovation Programme The Visa Europe Technology Innovation Programme () was designed to complement the Payment Card Industry (PCI) Data Security Standard (DSS) by reflecting the risk

More information

How Secure is Your Payment Card Data?

How Secure is Your Payment Card Data? How Secure is Your Payment Card Data? Complying with PCI DSS SLIDE 1 PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security Practice PCI Practice Leader Francis has

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Understanding the Value of Tokens

Understanding the Value of Tokens Understanding the Value of Tokens 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. Introduction Credit

More information

The Relationship Between PCI, Encryption and Tokenization: What you need to know

The Relationship Between PCI, Encryption and Tokenization: What you need to know October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,

More information

An article on PCI Compliance for the Not-For-Profit Sector

An article on PCI Compliance for the Not-For-Profit Sector Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector

More information

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013 Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of

More information

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors

More information