Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
CyberSource Strengths
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Advantages of having integrated ePayments and eCommerce By Fauwaz Hussain Nodus Technologies.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Around the World, Around the Corner WorldPay for Small Business.
Why Comply with PCI Security Standards?
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
The future shape of business is being redefined through outsourcing.
MasterCard Site Data Protection Program Program Alignment.
Solutions to Improve Cash Flow What Business Owners Need to Know Kimberly Bonzelaar Senior Vice President, Merchant Services Nicole Epp, CTP Senior Vice.
Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
PART THREE E-commerce in Action Norton University E-commerce in Action.
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Getnationwide.com Let’s Talk about EMV Danielle Rourke.
Configuration GRC & Oracle Configuration Controls Governor May 2009 Oracle GRC Strategy – Barry Greenhut.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Biometrics Applications - III October 26, 2005.
Unit 9: Electronic Fraud Professor Thomas Genovese.
Fraud and Risk in the Electronic Payment Space Michelle Marshall-Thompson VP, Fraud/Risk Officer FirstMerit Merchant Bankcard.
Comments on the Report of the Gambling Review Commission 9 November 2011 By Pierre Coetzee Payments Association Of South Africa 1 Staying relevant, aligning.
Can you spot the honest customer… …from the fraudster? Presentation by: Alex Bowes, Corporate Sales Manager, 192.com Business Services.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Moderator: Pascal Burg, Director, Edgar Dunn and Company Panelist: Roy Vella, Director, Merchant Services, PayPal, Inc. George Eubank, Director, CheckFree.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
Langara College PCI Awareness Training
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
VeriShield Protect Revolutionary technology that simplifies PCI DSS compliance with no system upgrades Now available on V x Solutions!
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
How to Manage Risk. This is the process involves the process for any application from a: Individual Cardholder Company or Corporate cards Merchants Any.
Managing Risk and Growing Sales 24 th March 2016 Chris Lomax, Senior Director, EMEA Solutions Management.
2016 FRAUD.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Fraud Prevention Solutions Make it secure, keep it simple!
Consider cards over cash
Consider cards over cash
Own Your Identity.
UNDERSTANDING THE COST OF A CHARGEBACK The entire merchant industry has been suffering in terms of revenue due to fraud. According to annual study, the.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Consider cards over cash
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Own Your Identity.
Mastercard® Threat scan
Vendor Management The Risks to Your Business
New Jersey Gasoline C-Store Automotive Association
Mastercard® Threat scan
Increasing approval rates in the digital world
Presentation transcript:

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta, Vice Manager, United Airlines Herman Mensink, EVP, Prism Group, EMEA Paul Buelens, Fraud Manager, MasterCard International, Risk & Security Services, ESAMEA

Risk Management Through PCI Compliance March 2006 Peter Warner EVP, Business Development

Hacking Is Fast Becoming The “Crime Of The Century”

Hacking Yes they do - but organised criminals do it for profit ! A single database compromise in a payment card processor or a major on-line retailer can reap millions of card details Which the criminals can use to commit payment card fraud Hackers do it for Fun!

The Cost? Aside from the fraud losses which on average are $1,000 per card account The payment card schemes impose substantial penalties on the compromised company to compensate the card issuers for replacing the card ($25 per card) or monitoring the account activity more closely ($5 per account) For example if 1 million accounts are compromised of which only 1,000 or 0.1% are used fraudulently the organisation responsible will face costs of –$1,000,000 in fraud losses –Up to $25,000,000 in penalties And suffer the consequential reputational risk

Ready for Export 99% of all known Account Data Compromise events were on US institutions Of these 68% were at Merchant Service Providers (MSP’s) And 32% were at Merchants Unnecessary & insecure data storage must be eliminated in order to minimise the risk

The Real Cost of e-commerce Fraud for Airlines Lost revenue: Lost ticket sales to fraud Rejecting, insulting and losing genuine airline customers Lost repeat ticket sales to competitors Rejecting third party bookings as risk prone Turning away cross border transactions from high risk destinations Seats blocked to good customers by fraudsters testing cards (Alicante) Increased fraud: Chargebacks, surcharges and fines Increased Costs: Cost of sale (postage, ticket sales time) High manual review costs to minimise fraud

Warning Many hacks are not reported Many more are not detected And internal fraud is often involved

Top 5 Reasons for Compromise 1.Ineffective patch management 2.No security scanning 3.Weak network level security 4.SQL injection 5.Lack of real-time security monitoring ……………………………………………………………………. Security professionals use scans to find vulnerabilities Hackers also scan systems to find vulnerabilities and exploit them using well-known and widely available tools

2005 known hacks Source: Cybertrust

PCI Compliance – Some Observations ReD were already BS 7799 compliant when PCI programme was started. –Basic infra-structure was already in place –Saved a considerable amount of documentation work (e.g. process definition etc.) HOWEVER, PCI Compliance took longer than we originally planned due to: –Production Network Reconfiguration –Installation of an Intrusion Detection System –Implementation of a full Network Monitoring system –Number of planned maintenance windows required to accomplish this (our customers commented on this). Need to select a Quality Audit Partner –Need access to a dedicated resource –Make sure that resource is available throughout the audit process

PCI Compliance – The Trickle Down Theory Need to assess the impact on your Supply Chain –Vendors have been slow to recognise the importance of PCI Compliance –Vendors have been slow to modify their products and services to be PCI Compliant –Examples: Off-Site Tape Storage and liability Database Encryption Communications Need to assess the impact on your Customers –PCI Compliance message has not gone out to everyone

PCI Compliance – In Summary PCI Compliance is expensive but necessary –Smaller Payment Service Providers may be forced out of business –Benefit to out-sourcing Payment Service Processing Staying PCI Compliant requires strict adherence to change management processes

The Impact of Account Data Compromise Counterfeits cards and fraud Significant chargeback risk Penalties, fines, losses Negative media coverage Loss of reputation Re-issuance and monitoring of cards Loss of consumer confidence Threat of new legislation

Thank you March 2006 Peter Warner EVP, Business Development

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.