2011 Network Security Compliance for PIN and Management Training and Exam Presented by Darlene Kargel, CPA.CITP, CTGA Delap LLP Darlene is a wonderful & brillant leader. Her knowledge of the industry is amazing. I learned far more than I thought I would. Her delivery skills of information in a classroom setting is awesome! A rip-roaring ride through the complexities of PIN security and management by the penultimate professional of payment security industry. If I don t pass the test it won t be the teacher s fault. This course has been approved by NYCE Payments Network, LLC, PULSE, and Star Network for auditors to complete the ANSI X9/TR-39-2009 Compliance Review.
About the Instructor Delap LLP: Darlene Kargel is a CPA and auditor for Delap with over 30 years of accounting and computer application experience. Ms. Kargel has performed Network Security Compliance Reviews since 1992 for ATM and POS transactions. Clients include banks, processors, merchant processors, and key injection facilities in the USA and internationally. Ms. Kargel is vice chairperson of the ANSI X9F6 Working Group and a US Expert to ISO TC68 SC2 WG13. Other Services: Network required ANSI TR-39 (formerly TG-3) Compliance Reviews Visa and MasterCard PIN Security Reviews Sponsoring Banks ISO Due Diligence Reviews Core Class The group-live 4-day training course is designed to provide both internal and external auditors with the necessary tools to complete the NYCE Payments Network, LLC, PULSE, and Star Network for auditors to complete the ANSI X9/TR-39-2009 Compliance Review. 4-Day Core Class (CPE 32 credits) Level Basic: no prerequisites or additional preparation required. 4-Day Course Contents Day One: Processor and Auditor Responsibilities Compliance Review Objectives Network Respondent Forms Symmetric Management Introduction Names and Hierarchy Cryptogram Notation Diagram of PIN Transaction Flow PIN Translation Characteristics of TRSMs Group Project Day Two: Cardholder Authentication Methods PIN Block Formats Exclusive-or Introduction to Symmetric Life Cycle, including: Check Values Single-Length vs. Double-Length s Single DES vs. Triple DES Approved Methodologies Asymmetric s for Distributing Symmetric s High Level Group Project Day Three: Review and Obtain an Understanding of Each Control Objective in the New ANS X9/TR-39 (formerly TG-3) current version, Section 4 Techniques for Measuring Compliance Group Project continued next page
Day Four: Compliance Review Field Work Activities General Management Documentation Reporting the Findings Migration to AKB Refresher Classes After attending the 4-day Core Class, a refresher class is required every 24 months. We offer 3 group-live refresher classes described below: 2-Day Symmetric Review and Updates (CPE 16 credits) Level Intermediate: prerequisites 4-day Core Class, no additional preparation required. Updates on relevant ANSI standards and network operating rules Review and obtain an understanding of each control objective in the ANSI X9/TR-39 (formerly TG-3) current version, Section 4. Group projects: Analysis of reports / application to TR-39 Section 4 Analysis of various work papers / application to TR-39 Section 4 2-Day Remote Class (CPE 16 credits) Level Intermediate: prerequisites 4-day Core Class, no additional preparation required. Day One: Concepts of Public Infrastructure (PKI) Remote symmetric key distribution using asymmetric methods described in ANSI X9.24, part 2 for: ATM key loading POS key loading HSM key loading Proxy Host solutions Day Two: Obtain an understanding of each control objective in the ANSI TR-39 (formerly TG-3) current version, Section 5 1-Day Chip and PIN Cards/ E2E Standard (End-To-End Encryption) Class (CPE 8 credits) Level Advanced: prerequisites 2-day Remote class, no additional preparation required. Chip Card Technology Concepts of contact chip cards for ATM and POS Discussion of the chip and PIN cards specifications documents PIN and sensitive data security management Online and offline PIN transactions E2E (End-To-End Encryption) Concepts of encrypting sensitive data for transport and storage Update on the new draft ANSI Standard X9.119 Sensitive data security management Exam A passing grade is required for all auditors performing a TR-39 (formerly TG-3) review at the processor level, for PULSE and STAR participants only. Auditors receiving a passing grade will also receive the CTGA designation. Examination criteria and relevant information will be provided through each network s normal communication methods. Exam time allowance is four hours. Delap will offer three opportunities in 2011 to sit for the exam. Once you have passed the exam, there is no need to retake it, but you will need to take a refresher class every 24 months. Note: Please allow the network 4-6 weeks to provide exam results. The contents of the 4-day Core course and the Refresher courses meet the training requirements of NYCE Payments Network, LLC, PULSE, and Star Network Security Compliance Reviews, and is approved for 32 hours, 16 hours, and 8 hours of CPE credits respectively.
Course Locations & Dates Dates Location Course Type May 2-5 Dallas, TX 4-Day Core Class May 6 Dallas, TX Exam (½ Day 8:00-Noon) May 9-10 Dallas, TX 2-Day Symmetric May 11-12 Dallas, TX 2-Day Asymmetric May 13 Dallas, TX 1-Day Chip and PIN Cards/E2E July 11-14 July 15 July 18-19 July 20-21 July 22 4-Day Core Class Exam (½ Day 8:00-noon) 2-Day Symmetric 2-Day Asymmetric 1-Day Chip and PIN Cards/E2E September 12-15 Portland, OR 4-Day Core Class September 16 Portland, OR Exam (½ Day 8:00-noon) September 19-20 Portland, OR 2-Day Symmetric Registration Please fax your registration to (503) 697-4196. Online registration form for faxing is at www.delapcpa.com/ services/tr-39/tr-39_pdf.pdf. For more information call Delap LLP (Sheryl Malm or Jeanette Smith) at (888) 697-1040 (8 a.m. 5 p.m. Pacific time). 4-day course fee $1,525 2-day Symmetric course fee $910 2-day Remote course fee $910 1-Day Chip and PIN Cards/E2E course fee $455 Exam fee $425 Class hours all day: 8:00 a.m. 4:30 p.m. Continental breakfast starts all days: 7:30 a.m. Fee includes classroom materials, continental breakfast, lunch and afternoon break refreshments. Registration will be confirmed upon receipt of payment. Payment can be made by: 1) sending a check, or 2) Visa, MasterCard, American Express, or Discover Cancellation and Substitution Policy Registrations may be cancelled up to 14 days prior to class by paying a $100 cancellation fee. Cancellations within 14 days will not be refunded; however, substitutions will be accepted. Schedule Changes Delap may occasionally find it necessary to reschedule or cancel sessions and will give registrants advance notice of such changes. Delap will not be responsible for penalties incurred as a result of discount airfare purchases. For details on Cancellation/Refunds and Schedule Changes policy, please see our website at www.delapcpa.com/services/cancellation.html; or contact Ms. Jeanette Smith at (888) 697-1040. September 21-22 Portland, OR 2-Day Asymmetric September 23 Portland, OR 1-Day Chip and PIN Cards/E2E
Portland Embassy Suites Portland 319 SW Pine Street Portland, OR 97204 Reservations: (800) 643-7892 Preferred room rate: $149 For room amenities, internet connections, maps, parking, local attractions or any additional information that you may require regarding your hotel site, log on to: Hilton hilton.com Accommodations Delap has reserved blocks of rooms and preferred rates in the hotels where training classes are being held. Preferred rates will be honored up to 30 days prior to the course. Please call the hotels directly and be sure to mention Delap LLP to ensure your preferred rate. Hotel Directory Dallas/Rockwall Hilton 2055 Summer Lee Drive Rockwall, TX 75032 Reservations: (214) 771-3700 Preferred room rate: $149 Orlando Hilton in the Walt Disney World Resort 1751 Hotel Plaza Blvd. Lake Buena Vista, FL 32830 Reservations: (800) 782-4414 Preferred room rate: July $119
78 YEARS Delap LLP 1933-2011 Delap LLP is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN, 37219-2417. Web site: www.nasba.org Registration Form Use this form to register by fax. Or use our convenient on-line form, which can be downloaded at: www.delapcpa.com/services/tr-39/tr-39_pdf.pdf Name Company Address City, State, Zip Phone Fax email 4-Day $1525 2-Day Symmetric $910 2-Day Remote $910 1-Day Chip and PIN/E2E $455 Exam $425 Class Date Location Exam Date Location Payment Method Check enclosed (Delap LLP) Charge to my: VISA MasterCard Discover American Express Account # V-Code Expiration Date Signature Card-owner s Name Card-owner s Billing Address FAX this form to (503) 697-4196. If paying by check, mail a copy of this form and your check to: Delap LLP 4500 SW Kruse Way, Suite 200 Lake Oswego, OR 97035 For more information, call Sheryl Malm or Jeanette Smith at (888) 697-1040 (Pacific time) email: smalm@delapcpa.com, jsmith@delapcpa.com or Fax: (503) 697-4196, or visit our Web site at http://www.delapcpa.com