Data Compliance.

Slides:

Advertisements

Similar presentations

How Compliance Fits Sandra Dolson Wholesale Compliance Manager SLF Canada.

Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

Navigating the New SAQs (Helping the 99% validate PCI compliance)

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

This refresher course will:

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Accepting Credit Cards and PCI Compliance

Property of CampusGuard Compliance With The PCI DSS.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Credit Card Changes that Impact You! Changes to Accounts Receivable, Cash Receipts and Student Billing 7.77 Wanda Mahon & Bucky Wall Corporate Readiness.

Mercury Payment Systems Dan Osby Director, Technical Services Technical Lead, Incident Response

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.

MasterCard Site Data Protection Program Program Alignment.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.

DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.

PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

GRC - Governance, Risk MANAGEMENT, and Compliance

North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

e-Learning Module Credit/Debit Payment Card Acceptance and Security

1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

Connecticut Interactive (CI) Customer Database Billing System (CDB)

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Jon Bonham, CISA, QSA Director, ERC

Credit Cards at Fermilab Irwin Gaines Computer Security Awareness Day 9-Nov-2010.

UCONN PAYMENT STORE OFFICE OF THE BURSAR. WHAT IS A UCONN PAYMENT STORE? A new payment option for smaller departments to accept credit card payments online.

PCI COMPLIANCE & A/R AUTOMATION 101 Nodus Technologies, Inc.

Credit Card Compliance

MARTA’s Road to PCI Compliance

Payment Card Industry (PCI) Rules and Standards

Michael Wright • Chief Security Officer • Tech Lock

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March,

PCI-DSS Security Awareness

PCI Compliance Service

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

Internet Payment.

Session 11 Other Assurance Services

UGA Extension Credit Card Processing Training

Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions

Payment Card Industry Data Security Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

PCI Compliance : Whys and wherefores

PCI DSS Erin Carrick.

Rld pci compliance project

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

MARTA’s Road to PCI Compliance

Disability Services Agencies Briefing On HIPAA

Compliance….GlobalSearch……WHAT?!?!

Utility Payment Conference

Payment Card Industry Data Security Standards (PCI-DSS) Training

Presentation transcript:

Data Compliance

Agenda Introduction Define PCI/PII Why should I care? Regulations Penalties Customer How does this impact me? Office personnel Remote personnel What should I do? Understanding your responsibility Reporting an incident Questions www.invisiblefence.com

Introduction Joe Myers Business Applications Manager, Radio Systems Corporation Blue, GPS CRM, Warranty Tracker Oracle InvisibleFence.COM Husband, father, musician, nerd Brief work history (~15 years of software-related exp) SCADA Engineer at Knoxville Utilities Board Software Development at Pilot Travel Centers and Skillsoft Compliance Learning Database Development and Maintenance at Radio Systems Corporation www.invisiblefence.com

PCI Defined Payment Card Institute Data Security Standard (PCI DSS) is a set of requirements when you accept credit card payments. This is regulated and enforced by the banking institutions. Failure to comply can result in your business not being able to accept credit cards. 769 participating council members All major credit cards and the supported banking institutions www.invisiblefence.com

PCI Defined PCI Compliance Level 1 Over 6 million Visa and/or MasterCard transactions processed per year (Annual Report of Compliance – Auditor) PCI Compliance Level 2 1 million to 6 million Visa and/or MasterCard transactions processed per year (Self Assessment + Attestation of Compliance) PCI Compliance Level 3 20,000 to 1 million Visa and/or MasterCard e-commerce transactions processed per year (Self Assessment) PCI Compliance Level 4 (most distributors and dealers) Less than 20,000 Visa and/or MasterCard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year (Self Assessment) www.invisiblefence.com

PCI Defined PCI Security Standards PCI Quick Reference https://www.pcisecuritystandards.org/ PCI Quick Reference https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf www.invisiblefence.com

Why Should I Care? Love Thy Customer One mistake could impact ALL distributors & dealers Reduction in sales Failure to comply can result in: Fines ($100 - $1000 per effected customer) Raises you to highest PCI Level, immediately Quarterly bank audit Inability to take cards www.invisiblefence.com

How Does This Impact Me? Office Personnel Field Personnel Card Data Environment Systems Phones/E-Mail Field Personnel Contracts www.invisiblefence.com

Protect from this.. www.invisiblefence.com

And even this… www.invisiblefence.com

What Should I Do? Understanding your responsibilities Card Data Environment (CDE) Policy Reporting Reporting an incident Who What When www.invisiblefence.com

What Should I Do? Card Data Environment Be aware of others around you when taking payments Over the phone? Don’t repeat back the whole credit card info with others around. DO NOT write the info down, if you HAVE to, shred it when done DO NOT send credit card information in email! www.invisiblefence.com

What Should I Do? Policy Document the DONTs and make sure your team knows the rules and abides by them. http://shop.pcipolicyportal.com/ www.invisiblefence.com

What Should I Do? CRM – you are covered. Radio Systems Corporation handles the system compliance E-Fence – Attestation of Compliance (AOC) Cloud Version Use something else? It’s your responsibility to ensure compliance Secure hardware, software Get AOCs if applicable Documentation User education Yearly reporting to your bank www.invisiblefence.com

What Should I Do? Reporting Depending on your level of PCI, most will self-assess Most will use the SAQ C-VT, SAQ C or SAQ D for Merchant forms https://www.pcisecuritystandards.org/document_library?category=saqs#results SAQ = Self Assessment Quesetionaire www.invisiblefence.com

Reporting an Incident Call your merchant provider / bank Depending on the situation, call local law enforcement www.invisiblefence.com

Wrap Up Questions? www.invisiblefence.com

Thanks www.invisiblefence.com