2010 NCSA / Visa Inc. Small Business Study



Similar documents
2012 NCSA / McAfee Online Safety Survey

2012 NCSA / Symantec. National Small Business Study

2011 NATIONAL SMALL BUSINESS STUDY

PCI Data Security Standards

2011 NCSA / McAfee Internet Home Users Survey

SecurityMetrics Introduction to PCI Compliance

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

What Every Business Should Know About PCI Compliance

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

SecurityMetrics. PCI Starter Kit

Payment Card Industry Data Security Standards.

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Safe Practices for Online Banking

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

PCI Security Standards Council

Why Is Compliance with PCI DSS Important?

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

Cal Poly PCI DSS Compliance Training and Information. Information Security 1

Securing Your Customer Data Simple Steps, Tips, and Resources

Project Title slide Project: PCI. Are You At Risk?

Credit Card Processing Overview

Newtek, The Small Business Authority 855-2thesba thesba.com 855-2thesba

How To Protect Your Business From A Hacker Attack

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

PCI Compliance: Protection Against Data Breaches

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

Apple Pay. Frequently Asked Questions UK Launch

CardControl. Credit Card Processing 101. Overview. Contents

Why Data Security is Critical to Your Brand

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Thoughts on PCI DSS 3.0. September, 2014

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard

Information Technology

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

PCI DSS COMPLIANCE DATA

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

Recent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2

Five PCI Security Deficiencies of Restaurants

Data Security for the Hospitality

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Understanding PCI Compliance

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

Accounting and Administrative Manual Section 100: Accounting and Finance

How To Protect Your Credit Card Information From Being Stolen

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

Saint Louis University Merchant Card Processing Policy & Procedures

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

How To Protect Visa Account Information

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

Apple Pay. Frequently Asked Questions UK

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

Payment Card Industry Compliance

PCI Impact on the Payment Processing Industry Landscape. Presented by: Ted McKendall

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline Payment Card Industry Technical Requirements

safe and sound processing online card payments securely

Policy for Protecting Customer Data

PCI Compliance Just the Facts. Rick Dakin President ext. 7001

National Cyber Security Awareness Month Kicks Off Today with Official Launch Event, Business Summit and Release of Online Safety Survey

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

HOW TO PROTECT YOUR BUSINESS AND YOUR CUSTOMERS FROM DATA FRAUD

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Frequently Asked Questions

White Paper: Are there Payment Threats Lurking in Your Hospital?

How To Secure Your Store Data With Fortinet

PCI DSS Investing wisely...

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI DSS: An Evolving Standard

PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett

Payment Card Acceptance Administrative Policy

Cyber Self Assessment

Emory University & Emory Healthcare

PAI Secure Program Guide

How-To Guide: Cyber Security. Content Provided by

How To Comply With The Pci Ds.S.A.S

Five PCI Security Deficiencies of Restaurants

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY. 2016, Vantiv, LLC. All rights reserved.

Need to be PCI DSS compliant and reduce the risk of fraud?

AISA Sydney 15 th April 2009

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Trends in Merchant Payment Acceptance

Merchant Payment Card Processing Guidelines

PCI DSS Presentation University of Cincinnati

Questions and Answers PCI Compliance (Updated May 23, 2014)

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

Viterbo University Credit Card Processing & Data Security Procedures and Policy

Transcription:

2010 NCSA / Visa Inc. Small Business Study National Cyber Security Alliance Visa Inc. Zogby-463 November 30, 2010

Company Profiles 1. What is the size of your company in number of employees? 1-9 86% 10-25 9% 26-50 3% 51-100 2% 101-200 >1% More than 200 >1% 2. What is the size of your company in annual revenue? $0-$249,000 58% $250,000-$499,000 12% $500,000- $999,000 8% $1 million- $5 million 12% More than $5 million 3% Not Sure/Refuse 7% 3. What type of business do you own? General Survey Agriculture/Mining 3% Finance/Insurance 6% Information 5% Manufacturing 6% Real estate 7% Retail/Distribution 9% Accommodation and food service 2% Transportation 2% Utilities 1% Construction 5% Professional/Scientific/Technical Services 20% Education services 2% Healthcare services 6% Arts/Entertainment/Recreation 5% Management 22% Public administration 6% Not sure >1% Other 19% 1

4. How long has your company been in business? Less than a year 4% 1-5 years 20% 6-10 years 19% 11-15 years 15% 16-20 years 11% More than 20 years 31% Not sure >1% 5. How would you describe your small business? Brick and mortar small business 41% E-commerce small business 17% Both brick and mortar and e-commerce 16% Not sure 8% Other 19% Customer/Payment Security 6. Do you accept debit or credit cards for payment? (Specify debit, credit or both) Yes, Debit >1% Yes, Credit Cards 8% Yes, Both 25% None 66% 7. What percentage of your sales are made on debit or credit card purchases? General Survey 1% 2% 2% 2% 3% 2% 5% 8% 8% >1% 10% 10% 12% >1% 15% 4% 17% >1% 20% 7% 25% 5% 30% 5% 33% >1% 35% 1% 40% 5% 42% >1% 45% 1% 99% General 2% 100% Survey 8% 50% 6% 51% >1% 54% >1% 55% >1% 60% 5% 65% 2% 66% >1% 70% 3% 75% 2% 80% 5% 85% 1% 90% 5% 94% >1% 95% 2% 97% >1% 98% >1% 2

8. Do you use a stand-alone terminal to accept card payments or use an integrated system that connects the terminal to a computer program, a check-out system or back-end data base? A stand-alone terminal 37% An integrated system that connects the terminal to a computer program 23% A check-out system 13% A back-end data base 10% Other 17% 9. Do you store customer credit or debit card information? Yes 14% No 85% Not Sure 2% 10. Where do you store customer credit or debit card information? Electronically 55% Paper files 28% Both 26% Other 2% 11. Which of the following best describes how you collect customer credit or debit card information? In-Store System automatically collects and stores information when a customer swipes his/her card 4% In-Store System automatically collects and DOES NOT store information when a customer swipes his/her card 27% Online System automatically collects and stores information when a customer place an order 11% Online System automatically collects and DOES NOT store information when a customer place an order 28% 3

12. If your customer data, such as credit or debit card information or other personal indentifying data, were lost or compromised do you a plan in place to respond? Yes 43% No 48% Not sure 9% 13. Are you aware that all businesses that accept payment cards are required to be compliant with the Payment Card Industry Data Security Standard? Yes 46% No 44% Not sure 10% 14. Are you currently compliant with the Payment Card Industry Data Security Standard? Yes 36% No 35% Not sure 28% 15. Do you use a computer software program to handle card payments? Yes 17% No 76% Not sure 6% 16. Is the payment application you use on the list of application that have been validated against the Payment Application Data Security Standard? Yes 21% No 45% Not sure 34% 17. Who do you turn to most for information about or help with card security? Financial Institution, acquiring Bank 21% Processor or agent 16% Trade association 1% Major brands such as Visa, Mastercard, American Express, Discover, etc. 12% Other 23% Not Sure 27% 18. Do you accept PIN transaction? Yes 7% No 88% Not sure 6% 4

19. If so, are the PIN terminals you use on the list of approved PIN Entry Devices managed by the PCI Security Standards Council? Yes 69% Not sure 31% Company & Employee Security 20. What percentage of your employees uses laptops for company business? None 31% 1-25% 24% 26-50% 6% 51-75% 4% 76-100% 35% 21. Have any of your company laptops ever been lost or stolen in the last 12 months? Yes 2% No 98% Not sure >1% 22. Did the stolen or lost laptop contain sensitive customer financial or employee data? Yes 33% No 67% 23. Do you have a company-wide policy that employees are not allowed to connect company devices to unsecured wireless network? Yes 41% No 58% Not Sure 2% 24. Do you agree or disagree that you have adequate policies and procedures for keeping our data and computers systems secure? Strongly agree 44% Somewhat agree 41% Somewhat disagree 8% Strongly disagree 2% Don t know 3% 5

25. Do you agree or disagree that at least 80% of my employees are aware of company policies on data security and procedures and follow them? Strongly agree 71% Somewhat agree 18% Somewhat disagree 3% Strongly disagree 2% Don t know 3% Not sure 3% 26. Do you agree or disagree that your company has adequate, fully up-to-date software protections in place to protect against viruses and malware? Strongly agree 63% Somewhat agree 30% Somewhat disagree 3% Strongly disagree 1% Don t know 2% Not sure 1% 27. What percentage of your employees use mobile phones, smart phones, or PDAs for work purposes? 0-25% 32% 26-50% 30% 51-75% 5% 76-100% 56% 28. Have any of your employees lost a mobile phone with customer information on it in the last 12 months? Yes 3% No 96% Maybe >1% Not sure 1% 29. Can employees access company email or data through their phone? Yes 39% No 62% Maybe 3% 30. Are all your employees required to reset their computer passwords in the last six months? None 47% 1-3 hours 29% 4-6 hours 7% 7-9 hours 1% More 9% Don t Know 7% 6

31. Do you have a corporate policy for disposing of old computers and servers? Yes 56% No 42% Not sure 2% 32. How confident are you that your business is protected against data thieves? Very confident 43% Somewhat confident 49% Not at all confident 5% Not sure 3% 33. Do you feel your business is more of a target or less of a target than large businesses when it comes to threats to sensitive customer and company data? More of a target 6% Less of a target 85% Not sure 9% 34. Do you feel your business is more prepared or less prepared than large businesses when it comes to securing sensitive customer and company data? More prepared 54% Less prepared 23% Not sure 23% 35. Is employee access to sensitive data and payment systems limited to a need-to-know basis? Yes 83% No 13% Not sure 4% 36. Have you run a criminal background check on your employees who handle payment card data? Yes 36% No 55% Not sure 9% 37. Do you regularly monitor your payment system logs for inappropriate access or other signs of trouble? Yes 56% No 35% Not sure 9% 7

38. Do you agree or disagree with this statement, The high cost in time and money to fully secure the data in my business is not justified by the actual threat, which is low. Strongly agree 16% Somewhat agree 36% Somewhat disagree 19% Strongly disagree 18% Not sure 11% 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information