It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe



Similar documents
Project Title slide Project: PCI. Are You At Risk?

Josiah Wilkinson Internal Security Assessor. Nationwide

PCI Compliance Top 10 Questions and Answers

Payment Card Industry Data Security Standards.

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

PCI Compliance. Top 10 Questions & Answers

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI Requirements Coverage Summary Table

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

PCI COMPLIANCE GUIDE For Merchants and Service Members

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

Property of CampusGuard. Compliance With The PCI DSS

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI DSS Presentation University of Cincinnati

How To Protect Your Business From A Hacker Attack

Two Approaches to PCI-DSS Compliance

Achieving Compliance with the PCI Data Security Standard

PCI v2.0 Compliance for Wireless LAN

Becoming PCI Compliant

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Card Industry - Achieving PCI Compliance Steps Steps

PCI DATA SECURITY STANDARD OVERVIEW

PCI Security Compliance

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

An article on PCI Compliance for the Not-For-Profit Sector

PCI Standards: A Banking Perspective

Policies and Procedures

Presented By: Bryan Miller CCIE, CISSP

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

How To Protect Your Data From Being Stolen

PCI Compliance: Protection Against Data Breaches

Frequently Asked Questions

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

PCI Requirements Coverage Summary Table

PCI: The Dark Side. May 2012 Roanoke, VA

SecurityMetrics Introduction to PCI Compliance

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

PCI Data Security Standards

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

PCI Compliance Training

PAI Secure Program Guide

La règlementation VisaCard, MasterCard PCI-DSS

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

PCI DSS. Payment Card Industry Data Security Standard.

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

Payment Card Industry Compliance

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

How To Protect Your Credit Card Information From Being Stolen

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Third-Party Access and Management Policy

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008

Payment Card Industry Self-Assessment Questionnaire

Merchant guide to PCI DSS

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

University of Sunderland Business Assurance PCI Security Policy

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Franchise Data Compromise Trends and Cardholder. December, 2010

Why Is Compliance with PCI DSS Important?

Payment Card Industry Data Security Standard

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

PCI DSS. CollectorSolutions, Incorporated

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Achieving PCI Compliance Using F5 Products

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Case Study: Fast Food Security Breach (Multiple Locations)

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Transcription:

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions

Who is VendorSafe? Founded in 1989 in Houston, Texas 22+ years of security experience Design and provide secure networks for merchants Preparing networks for future payment, mobility, and cloud trends Our networks have never been breached. Transformation in 2007 Managed firewall architecture Provide security first PCI compliance will follow PCI DSS security experts Patented installation process Network Detecting Firewall 3

The Importance of PCI 12 Requirement Sections of PCI: 286 Questions - SAQ D 1. Install and Maintain a Firewall Configuration To Protect Cardholder Data 2. Do Not Use Vendor-Supplied Defaults For System Passwords 3. Protect Stored Cardholder Data 4. Encrypt Transmission of Cardholder Data Across Open, Public Networks 5. Use and Regularly Update Anti-Virus Software 6. Develop and Maintain Secure Systems and Applications 7. Restrict Access to Data on a Need-To-Know Basis 8. Assign a Unique ID to Each Person With Computer Access 9. Restrict Physical Access to Cardholder Data 10.Track and Monitor Access to network Resources and Data 11.Regularly Test Security Systems and Processes 12.Maintain a Policy That Addresses Information Security VendorSafe automatically answers more than 220 of the 286 PCI questions!

What Did That Last Slide Really Mean? 1. Build and maintain a secure network 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy

Managing the Elements PCI Compliance is more than POS

Did You Read The Fine Print? 7 Data Security and Privacy You agree to post and maintain on all your Web Sites both your consumer data policy (which must comply with all Payment Brand Rules, Regulations, and Guidelines) and your method of transaction security. You may not retain or store CW2/CVC2 data or PIN data subsequent to the authorization. You must comply with all Security Standards published by the Payment Brands and the PCISSC including, but not limited to, Visa s Customer Information Security Program ( CISP ), MasterCard s Security Data Program ( MDSP ) and the Payment Card Industry Data Security Standard ( PCIDSS ). Pursuant to the Security Standards, you must, among other things: (i) install and maintain a working network firewall to protect data accessible via the internet; (ii) keep security patches up to date; (iii) encrypt stored data and data sent over open networks; (iv) use and update antivirus software; (v) restrict access to employees who are on a need to know basis; (vi) assign a unique ID to each person with computer access to data; (vii) not use vendor-supplied defaults for system passwords and other security parameters; (viii) track access to data by unique ID; (ix) regularly test security systems and processes; (x) maintain a policy that addresses information security for employees and contractors; (xi) restrict physical access to Customer information; (xii) when outsourcing administration of information assets, networks, or data you must retain legal control of proprietary information and use limited need to know access to such assets, networks or data; and (xiii) reference the protection of Customer Information and compliance with the Security Standards in contracts with other service providers. You must notify Paymentech of any third party vendor with access to Customer Information, and you are responsible for ensuring that all third party vendors are compliant with the Security Standards, to the extent applicable. The Security Standards may require that you engage an approved third party vendor to conduct quarterly perimeter scans and/or security reviews can be accessed through Visa and Mastercard websites at www.visa.com and www.mastercard.com Merchants have already agreed to be PCI Compliant! Proprietary and Confidential

It Won t Happen to Me! Hackers Shift Attacks to Small Firms Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better." Joe Angelastri, owner of City Newsstand (2 locations) in the Chicago area, is out $22,000 because cyber criminals attacked his store s payment system. Article WSJ 7-21-2011 8

Services Unique to VendorSafe Network Detecting Firewall Patented VendorSafe service using a Juniper SSG5 with integrated Wi-Fi and dial back-up Internal Vulnerability Scans (IVS) ** Effortless system that checks for local vulnerabilities. Wireless Access Point Detection (WAPD) ** Quarterly service that detects wireless signals broadcasting in the vicinity of our firewall. Rogue Device Manager (RDM) Be alerted if an unauthorized device is added to the network ZERO Breaches! For 23 years VendorSafe has protected our customers from hackers $100K TrustVault Guarantee Not insurance but a guarantee backed by VendorSafe & Lloyds of London ** No additional hardware or software required.

Services Unique to VendorSafe SAQuick - Our SAQ Portal Easiest process in the industry to complete the 280+ Self-Assessment Questionnaire (SAQ) questions. Many of the answers are pre-filled after our security solution is installed. Penetration Testing Guide How-to-guide to utilize the VST scans & security practices to complete a penetration test. Simplified Web Content Filtering Secure web blocking and white listing. IPDataBlocker Ability to keep internal data from getting to the internet, and specialized DNS blocking (makes merchants invisible to hackers outside of North America) Forced Configuration Manager Ability to programmatically check for antivirus on remote user systems, part of our twofactor authentication system LANScribe File integrity & system logging & monitoring w/ one year storage available via browser

Compliance Is All About The Proof VendorSafe includes the tools to manage and validate a merchant s compliance Hospitality Technology Expo 2011 Firewall Juniper SSG firewall with intrusion detection voted Best in Class enterprise network firewall by Gartner Group firewall, router, switch, wireless, and modem SAQ Portal Our SAQuick is the easiest and fastest way to fill out an SAQ. Many of the answers are pre-filled after our security solution is installed. Approved External Scanning Vendor (ASV) Compliant Scans Quarterly External Vulnerability ASV Scans as dictated by the standard are automatically scheduled and stored for retrieval. Reports available at the touch of a button. Internal Vulnerability Scans (IVS) IVS scans a defined list of IP addresses that correspond to servers, file sharing systems, and other devices to identify any vulnerabilities based on current threats.

VST Value Proposition Heavy-lifting components of PCI - DSS High-end firewall w/ secure network segments Provides policy-based, secure remote access Two-factor authentication via text or email Logging and storage firewall, remote access System logs and file integrity monitoring (LANScribe) (SAQ D) Quarterly scans external (via 403 Labs), internal, & wireless Managed service, monitoring, & alerts - 24x7x365 12

VST Value Proposition PCI compliance reporting services via a web portal SAQuick populates 220 of 286 SAQ D questions On-line access to compliance status Real-time report generator to print SAQ and scan reports Documentation and Training Location policy and procedure templates provided Communication & contract templates for 3rd party vendors Checklist templates for compliance binders Access to general online security training video 13

Security With A $100K Guarantee Covers direct breach expenses Forensic audit Fines / penalties Card replacement fees Fraudulent credit card charges Zero Breaches Since 1989! Hospitality Technology Expo 2011

Contact Information Daryl Airhart, Director National Accounts 713-929-0208 Questions dairhart@vendorsafe.com and Pete Riesenfeld, Inside Account Manager Answers 713-929-0221 priesenfeld@vendorsafe.com ZERO Breaches! We protect your network PERIOD.

Contact Information Leo Lynch 713-929-0240 (office) 410-215-2763 (mobile) llynch@vendorsafe.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information