PCI DSS Managed Service Solution October 18, 2011.

Slides:

Advertisements

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

PCI DSS for Retail Industry

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.

Navigating the New SAQs (Helping the 99% validate PCI compliance)

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Property of CampusGuard Compliance With The PCI DSS.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Jeff Williams Information Security Officer CSU, Sacramento

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Visa Cemea Account Information Security (AIS) Programme

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Why Comply with PCI Security Standards?

Northern KY University Merchant Training

Payment Card Industry (PCI) Data Security Standard

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

The ABC’s of PCI DSS Eric Beschinski Relationship Manager Utility Payment Conference Kay Limbaugh Specialist, Electronic Bills & Payments &

Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

PCI requirements in business language What can happen with the cardholder data?

Brian Cloud August 06, Overall Digital Security  What is Digital Security  Murphy’s Law Since 2005, over 263M records breeched (privacyreports.com)

DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.

PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

PCI Compliance Technical Overview. RM PCI Calendar Dec 2005: Began PCI 15.1 development Feb 2006: Initial PCI Audit Sept 2006: Official 15.1 PCI Release.

Module 14: Configuring Server Security Compliance

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Wireless Intrusion Prevention System

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

MARTA’s Road to PCI Compliance

Payment Card Industry Data Security Standards

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

PCI-DSS Security Awareness

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Internet Payment.

Breaches by Merchant Type

Session 11 Other Assurance Services

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

PCI Compliance : Whys and wherefores

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

MARTA’s Road to PCI Compliance

Utility Payment Conference

Presented by: Jeff Soukup

Presentation transcript:

PCI DSS Managed Service Solution October 18, 2011

Who is Vendor Safe? Founded in 1989 in Houston, Texas:  20 Plus Years of Security Experience  Internet Security  Network Security  Data Security Transformation in 2007:  Managed Firewall Architecture  Provide Security First – PCI Compliance Will Follow  PCI DSS Security Experts 2

“Many Franchise owners and IT Managers underestimate the high risk of credit card fraud and the consequences that follow.” Why Care about PCI Compliance The Problem: 3

PCI - Terms PA - DSS ( Payment Application) PCI- DSS ( Data Security) SAQ -( Self Assessment Questionnaire) Scans - External, Internal, Wireless ASV - Authorized Scanning Vendor QSA – Qualified Security Assessor Compliance vs. Validation

I Signed What? ! Merchants have already agreed to be PCI Compliant ! 5

It Won’t Happen to Me! 6 Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better." Hackers Shift Attacks to Small Firms Joe Angelastri, owner of City News stand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system. Article – Wall Street Journal

Breach - Ugly Facts Forensic Audit 6k - 10K (per location) Audit sent to Card Brands and Merchant Bank Scope of Breach Determined Fees / Fines Assessed (+ 10k cards) Remediation - Required for Lack of Security – or Additional Fines (5k) Customer Loss and Brand Damage

PCI Solution Overview PCI is More Than POS 8

PCI Solution Overview RequirementsVendor Safe Solutions Install and Maintain a FirewallVendor Safe Global Security Mesh / Security Services Change Default PasswordsVendor Safe Equipment and Remote Access is compliant Policy to assist client with LAN management Protect Stored DataVendor Safe Security Policy provided to address credit card data Encrypt Credit Card TransmissionsVendor Safe equipment can encrypt to the highest standards (wired and wireless) Updated Anti-Virus SoftwareOptional Vendor Safe Managed Anti-Virus Service or POS Reseller provided Develop Secure ApplicationsVendor Safe does NOT Provide Payment Software (PA-DSS Certified Versions) Restrict Access to DataVendor Safe Hierarchical remote access VPN architecture Vendor Safe Customer policies and procedure templates Assign a unique ID for usersVendor Safe two factor remote access (different account for each user) Vendor Safe Customer policies and procedure templates Restrict Physical AccessVendor Safe Training material (Web Videos / Policy and Procedure Templates) Track and Monitor Data AccessVendor Safe Workstation Logging client available Lanscribe™ Regularly Test VulnerabilitiesVendor Safe Internal and External Vulnerability scanning services Vendor Safe Penetration Testing Guide Maintain Policy and ProceduresVendor Safe Template Provided and maintained by customer Vendor Safe available for professional services if needed 9

10 VST Value Proposition Heavy Lifting Components of PCI - DSS –High End Firewall, Secure Network Segments required (In Scope) Devices for PCI DSS –Provides Secure Remote Access, Policy Based –2 Factor Authentication, SMS or –Logging and Storage – Firewall, Remote Access –Managed Service, Updates, and 24x7 Monitoring –System Logs and File Integrity Monitoring (LAN Scribe) –Internal Scan –Wireless Detection Scan

Platinum Package Global Security Mesh™  $100,000 TrustVault™ Certificate  Managed Juniper Firewall with VPN  Implementation, Set-up, and Configuration  Gateway Session Logging Logs Stored Online for 1 Year  Secure Remote Access with Two Factor Authentication SMS / OTP Validation Forced Configuration Manager™  Ensures Secure Communications  Enforces Antivirus policies 11

Platinum Package Cont’d Global Security Mesh™  Network Segmentation to meet PCI Standards  IPS / IDS  Web Filtering / Content Management  24 x 7 x 365 Event Logging, Monitoring, and Support  Centralized Firewall Configuration Management  Firewall Security Policy Template Updates  Ongoing Firewall Change Control and Policy Updates Includes Technological Changes to PCI-DSS Standard  Next Business Day Hardware Replacement 12

Platinum Package  Package Geared towards SAQ D Attestation Level Merchants  Automated security policies that reflect the more complicated requirements of the environment  LANScribe™ - Workstation Logging and File Integrity Monitoring (Up to 6 Workstations) 13

Beyond PCI™ Security Beyond PCI Security Services Rogue Device Manager™ Identifies unknown devices plugged into network “Block” Mechanism Built into System IP Data Blocker™ Centrally managed system to prevent unauthorized data transmission to unknown IP addresses for an organization 14

TrustVault ™ Certificate The Vendor Safe Guarantee:  Covers up to $100,000 in Direct Expenses Relating to a Data Breach including: Mandatory Security Audit Card Replacement Fees Fines and Penalties, ex. VISA  Covers Electronic Data Breach at Every Franchisee Location 15

PCI Solution Validation Web Portal Services:  Self Assessment Questionnaire  SAQuick™ Questionnaire  On-Line Access to Compliance Status  Quarterly Vulnerability Scanning  Schedule scans automatically  Print out vulnerability reports  ASV on record 403-Labs  Report Generator  Real-time Report Generator  Print SAQ and Scan reports PCI Compliance Reporting Services 16

Questions David Bones