npc npc NPC PCI Program Protecting Your Business from Card Data Breaches



Similar documents
npc npc NPC PCI Program Protecting Your Business from Card Data Breaches

Why Is Compliance with PCI DSS Important?

PCI Compliance. Top 10 Questions & Answers

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Frequently Asked Questions

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

PCI Compliance Top 10 Questions and Answers

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PAI Secure Program Guide

Sales Rep Frequently Asked Questions

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

UCSB Credit Card Processing and PCI Compliance

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

FAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees

SecurityMetrics Introduction to PCI Compliance

PCI DSS Gap Analysis Briefing

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Project Title slide Project: PCI. Are You At Risk?

Annual Trustwave PCI Self Assessment Questionnaire (SAQ) Educational Presentation. Understanding the Merchants Responsibilities for PCI Compliance

Standards for Business Processes, Paper and Electronic Processing

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

PCI Data Security Standards

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

PCI DSS Compliance Information Pack for Merchants

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

2015 PCI DSS Meeting. OSU Business Affairs Projects, Improvement, and Technology (PIT) Robin Whitlock

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

PCI Compliance 3.1. About Us

SecurityMetrics. PCI Starter Kit

PCI Compliance Overview

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

COMPLETING PCI CERTIFICATION IN TRUSTKEEPER PCI MANAGER

How To Protect Visa Account Information

Trustkeeper PCI Compliance Guide for Merchants

PCI Security Compliance

Payment Card Industry Data Security Standard (PCI DSS) Compliance Guide for Merchants

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

University Policy Accepting Credit Cards to Conduct University Business

PCI DSS v3.0 SAQ Eligibility

Two Approaches to PCI-DSS Compliance

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Payment Card Industry Data Security Standards.

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

Credit Card Processing, Point of Sale, ecommerce

PCI Compliance: How to ensure customer cardholder data is handled with care

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

PCI Compliance Just the Facts. Rick Dakin President ext. 7001

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Accepting Payment Cards and ecommerce Payments

Payment Card Industry - Achieving PCI Compliance Steps Steps

Westpac Merchant. A guide to meeting the new Payment Card Industry Security Standards

An article on PCI Compliance for the Not-For-Profit Sector

Dartmouth College Merchant Credit Card Policy for Processors

PCI Compliance for Healthcare

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

The Comprehensive, Yet Concise Guide to Credit Card Processing

PCI DSS. CollectorSolutions, Incorporated

UW Platteville Credit Card Handling Policy

And Take a Step on the IG Career Path

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

How To Protect Your Business From A Hacker Attack

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

American Express Data Security Operating Policy United States

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

PCI DSS COMPLIANCE DATA

Technical breakout session

How to complete the Secure Internet Site Declaration (SISD) form

Transcription:

npc A Vantiv Company npc A Vantiv Company NPC PCI Program Protecting Your Business from Card Data Breaches For more information about the NPC PCI Program, please contact our dedicated PCI Specialty Team by email at pcicompliance@npc.net, or by phone at 877.479.6649 npcdata.net Copyright 2013 NPC, A Vantiv Company. All rights reserved. NPPCIBRO0001

Data Breaches Are Costly What is the PCI Data Security Standard? The Payment Card Industry Data Security Standard (PCI DSS) is an evolving framework designed to protect cardholder data. This multifaceted security standard outlines the minimum requirements that must be in place for security management, policies, procedures, network architecture, software design and other critical protective measures. Who Must Comply? If you process, store or transmit cardholder data, you must comply with all aspects of the standard at all times. If you don t comply, you could lose your ability to accept credit cards. We can help. Using the PCI Data Security Standard as the framework, NPC has developed the NPC PCI Program as your roadmap to protection and PCI DSS validation. Not only must you comply with the PCI DSS, but you are ultimately responsible for damages or liability that may result from a data security breach or noncompliance with PCI DSS. Merchants who suffer security breaches and/or an account data compromise may be subject to the following costs: Forensic investigation Fines from the card associations Operational and fraud loss expenses incurred by card issuing banks Litigation Brand and Reputation Damage Government-Levied Fines

Protecting You, Your Customers, and Your Data It Could Happen To You The majority of all card data security breach cases occur at small retail locations. How? Insecure remote access Default or weak passwords/credentials Improper storage of paper receipts, and reports, and other documents containing cardholder data Improper care when handling a customer s credit card Improper storage of card information on computer systems in an unsecured fashion Improper storage of hand written credit card information Improper or nonfunctioning firewalls between a physical dial terminal and another device that may be connected to the Internet Utilizing software that is not PCI compliant and is improperly storing cardholder data in an unsecured fashion While larger businesses may have more resources than smaller businesses to deal with the repercussions of a breach, they are not immune to data theft. The challenge to protect payment card data impacts merchants both large and small, and it s constantly changing. That s why we offer unparallel guidance, backed by a dedicated PCI Specialty Team to help you be more secure and stay continually up-to-date on the latest in card data security. We ve partnered with best in class leaders in the industry, to help simplify the process so you can achieve and maintain your compliance year after year.

NPC PCI Program Full compliance with the PCI Data Security Standard is considered by many in the industry to be one of the best ways to protect your systems from unauthorized intrusion. To make it easier for you to comply with the PCI DSS, NPC has developed a comprehensive security program to help you protect your business and give you peace of mind. What do you receive in the program? Access to an online PCI certificate validation tool that allows you to complete your Self-Assessment Questionnaire (SAQ) and track: Your PCI certificate number Your certificate renewal date A Self-Assessment Questionnaire is a list of questions developed by the PCI DSS Council to mirror the PCI DSS. There are currently 5 questionnaires covering different types of merchant s processing arrangements. Additional questionnaires may be added to cover new payment solutions such as P2PE and mobile technologies. The online tool will be modified as needed to cover such scenarios. The current questionnaires are: Access to TrustKeeper remote vulnerability scanning services, provided by Trustwave, which includes the following (for PC/IP only): Monthly scanning for up to five (5) of your computer website (IP) addresses (additional fees apply if you have more than 5 IPs) Online scan support and remediation guidance Access to MyNPCData, which allows you to: Evaluate daily, weekly, and monthly batch summaries and detail Research transactional detail Track return history Access retrievals and chargeback information Look up payment deposit history on a daily or monthly basis Review up to two years of prior statements Waiver Benefit* If you have successfully validated your compliance with the PCI DSS through the NPC PCI Program, in the event of a verified card data security breach, NPC will waive up to $50,000 of your liabilities to NPC for: SAQ A SAQ B SAQ C-VT SAQ C SA Q D For card-not-present (e-commerce or mail/ telephone-order) merchants, all cardholder data functions outsourced. This does not apply to face-to-face merchants. Imprint-only merchants with no electronic cardholder data storage, or standalone, dial out terminal merchants with no electronic cardholder data storage. Merchants using only web-based virtual terminals without an integrated magstripe reader, no electronic cardholder data storage. Merchants with payment application systems or terminals connected to the Internet, no electronic cardholder data storage. Mercha nts who proces s credit card transactions electronically and DO STORE card holder information electronically at their merchant locations. Or those merchants that do no meet the eligibility criteria for one of the four sho rteneded questionnaires abo bove ve. Costs associated with mandatory Card Brand audits conducted if a breach occurs Fines assessed as a result of Card Brand audit findings following a breach Costs associated with credit card replacement for compromised card numbers Additional Valuable Benefits: You may utilize a cardholder data security policy template that can be used as a guide for the creation of a policy that fits the specific needs of your location s card processing environment A validation certificate you can use to notify all of your customers that you take the security of their credit card information seriously * Without the Waiver Benefit, you will remain liable for all costs and fines related to a verified suspected or confirmed card data breach! See the Terms and Conditions of the merchant agreement for important information and limitations on the waiver.

It s Easy To Complete PCI Validation Online Go to npcdata.net. Select the box labeled New Registration. The new screen will provide a message that states NPC Password Change. Under the box, the screen states You have successfully changed your password Click the NPC logo to continue. Select the box that says Click here to complete the questionnaire online. Sign-in Information: MID = Merchant Identification Number: this number can be found on your monthly processing statement labeled Merchant NBR. Also, merchants who use terminals purchased through Vantiv can find the MID on your terminal sticker located on the side of the terminal. Tax ID/SSN = Merchant s 9 digit tax identification number for the business. No tax identification number? Enter in the 9 digit social security number of the signer on the account. Billing ZIP = (First Time Use Only) The postal zip code for the business. Hit the Enter key to submit your registration. The system will prompt you to change your password. Old Password = 9-digit Tax Identification number or 9 digit Social Security Number that was used to sign into the online system. New Password = You will create a new password. The password should be minimum of 8 characters. Include at least one letter and one number. New Password Confirmation = Retype the newly created password for confirmation. Hit the Enter key to submit the password change. Select the box that says Begin Data Security Compliance at the bottom of the page. This is the education page of the survey and the first of five steps in validating your compliance with the PCI DSS.

FACTA and Other Applicable Laws In addition to complying with PCI DSS, you are also required to comply with all local, state and federal laws that apply to your business. One such law is the Fair and Accurate Credit Transactions Act (FACTA) regarding the protection of cardholder data. FACTA is a federal law that states no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of sale or transaction. U.S.C. 1681(c)(g). In addition, the Card Brand rules require that all merchants truncate all but the last four digits of the cardholder number, and also mask the expiration date on the merchants copies of the electronically printed receipts. It is every merchant s responsibility to understand and comply with FACTA, and, in general, to protect each customer s cardholder information. In addition, your business may be subject to other state laws that impact the information you may print on receipts. It is a good business practice to check the laws of your state to determine if you are compliant. You should evaluate your obligations under FACTA and other applicable state laws and review your receipts to determine if the receipts are compliant. You should also ensure that your security policy not only complies with the requirements of the PCI DSS, but also with FACTA and other applicable laws.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information