Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006.

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
PCI DSS for Retail Industry
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Accepting Credit Cards and PCI Compliance
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Visa Cemea Account Information Security (AIS) Programme
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Around the World, Around the Corner WorldPay for Small Business.
Why Comply with PCI Security Standards?
Northern KY University Merchant Training
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Travillon Consultants
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Central Michigan University Payroll and Travel Services 3.
MasterCard Site Data Protection Program Program Alignment.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
PCI requirements in business language What can happen with the cardholder data?
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Smart Payment Processing ™ Recur} Happen again. Persist. Return. Come back. Reappear. Come again.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
Langara College PCI Awareness Training
VeriShield Protect Revolutionary technology that simplifies PCI DSS compliance with no system upgrades Now available on V x Solutions!
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.
Credit Card Compliance
Making card acceptance work for you
The Payment Processing System
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Internet Payment.
Session 11 Other Assurance Services
Making card acceptance work for you
Making a Holiday Special For All The Right Reasons
The Payment Processing System
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Data Compliance.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
What is BankMobile? A process to select how to receive student refunds and student payroll payments It is fast, secure, and convenient. Go to:
Presented by: Jeff Soukup
Presentation transcript:

Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006

Presentation Identifier.2 Information Classification as Needed Visa EuropeBasel25 April 2006 Agenda Account Information Security Programme and the Payment Card Industry (PCI) Data Security Standards PCI DSS - Protecting your business Plans for 2006

Presentation Identifier.3 Information Classification as Needed Visa EuropeBasel25 April 2006 Account Information Security Programme -The Payment Card Industry Data Security Standards (PCI DSS) were developed jointly by Visa and MasterCard and are endorsed by Amex, JCB, Discovery, Diners Work is under way to promote the establishment of PCICo, an independent industry body that will act as custodian of the PCI DSS Visa promotes the implementation of the PCI DSS through its Account Information Security Programme (AIS) AIS is part of a wider Visa strategy to make the card industry more secure

Presentation Identifier.4 Information Classification as Needed Visa EuropeBasel25 April 2006 Account Information Security (AIS) alongside other Visa security products POS Environment Online e-commBack office, systems Chip & PIN Verified by VisaAIS

Presentation Identifier.5 Information Classification as Needed Visa EuropeBasel25 April 2006 Why do we need PCI DSS? 40M credit cards hacked Breach at third party payment processor affects 22 million Visa cards and 14 million MasterCards. June 20, 2005: 5:04 PM EDT Jeanne Sahadi, CNN/Money senior writer

Presentation Identifier.6 Information Classification as Needed Visa EuropeBasel25 April 2006 Why do we need PCI DSS? From The Times, Saturday April : The Times contacted 14 customers whose details had been passed to it by a US company that monitors […] chat rooms. They were astonished when a reporter read out their credit card numbers. The names had been taken from unidentified British servers. By ringing the individuals on each list and checking which purchases they had made on the day the details were stolen, The Times was led to two reputable companies — one a supplier of travel goods based in Amesbury, Wiltshire, with a database of more than 20,000 customers, the other a computer sales company in Sheffield. Neither company was aware that its systems had been targeted. [Jonathan Richards, ‘Revealed: how credit cards are plundered on the net’, The Times, Saturday April ]

Presentation Identifier.7 Information Classification as Needed Visa EuropeBasel25 April 2006 Key role of beyond facilitator of payments? External pressure on Visa to protect personal financial information Q28: Aside from Visa being a facilitator of purchases or a processor of transactions, when you think of Visa and the role you expect it to play in society, which one of the following best describes your expectations of what Visa should be – educator on financial issues, protector of personal financial information, contributor to economic growth, or something else? If you have a different expectation for Visa, please let me know. Base: Total Respondents, n=2044 Top mentions Protector of personal financial information Contributor to economic growth Educator on financial issues Something else Other Don’t know

Presentation Identifier.8 Information Classification as Needed Visa EuropeBasel25 April 2006 In addition: Data Security is a major concern for customers worldwide Natural disasters (drought, earthquakes, floods, fires, hurricanes) *Loss of trust in governments/businesses/ institutions Spread of disease, or health epidemics Having a credit card, debit card, or some type of payment card lost or stolen Losing your primary source of income (such as your job) Terrorism in the world or in your country Protecting the environment Having your personal or financial info lost or stolen Base: All respondents, except (*) not asked in China Top 3 Box (Rated 8-10)

Presentation Identifier.9 Information Classification as Needed Visa EuropeBasel25 April 2006 Recent Visa Europe experience -Remarkable increase in compromises in Europe, regardless of acceptance channels Full track two data being targeted -Processors and IPSPs remotely targeted -Increase in compromises at non e-commerce Merchants -E-commerce still a target Fraud migrating to card not present sector because of increased security in face to face (EMV chip)

Presentation Identifier.10 Information Classification as Needed Visa EuropeBasel25 April 2006 Benefits of compliance with PCI DSS Ensures protection of the brands and reputation of all parties Visa Acquiring banks Merchants Service providers Helps gaining and maintains consumer confidence in payment systems Secures customers Makes them come back

Presentation Identifier.11 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance with PCI DSS - Systems benefit More aware of how your business works Provides you with greater awareness of security measures and preventative options available Helps you identify and address weaknesses in your security Systems

Presentation Identifier.12 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance with PCI DSS - Financial Benefits Financial Avoid cost of reaction to cybercrime suspension from trading consultancy fees police involvement law suits Avoid cost of fraud Protects you from card schemes post-compromise penalties

Presentation Identifier.13 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance with PCI DSS - Reputational Benefits Reputation Brand damage alone may put a company out of business! No compromises – no unwanted media attention

Presentation Identifier.14 Information Classification as Needed Visa EuropeBasel25 April 2006 If an organisation is certified compliant with PCI DSS.. -A compromise is less likely to happen. -If it happens it may be: Smaller –reduced fraud cost easier and cheaper to contain –Less investment needed to bring the organisation into compliance –Faster to bring the organisation into compliance - If the forensics investigation confirms that the organisation was still PCI compliant at the time of compromise Visa will not levy compromise fees

Presentation Identifier.15 Information Classification as Needed Visa EuropeBasel25 April 2006 Sensitive Information Card number Expiry date Full Track 2 (for face to face transactions) CVV2 (for Card not Present transactions) Track 2 and CVV2 should never be stored after authorisation -NOT storing any of the above removes the need for PCI DSS validation -If the information is stored, it has to be stored securely (encrypted)

Presentation Identifier.16 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance Validation Requirements - Merchants Level 1 - Merchants with 6,000,000+ transactions a year- all acceptance channels Level 2&3 - E-commerce Merchants with 6,000,000 to 20,000 transactions a year Level 4 – all other Merchants Mandated Annual onsite audit, and Quarterly network scan The audit can be done by a qualified auditor or by Merchant’s internal audit team, but has to assess compliance with the PCI Standards Mandated Annual PCI Self-assessment questionnaire, and Quarterly network scan Recommended annual PCI Self- assessment questionnaire and annual network scan

Presentation Identifier.17 Information Classification as Needed Visa EuropeBasel25 April 2006 Merchants – next steps for 2006 ALL Merchants should be compliant with PCI DSS already Regardless of Merchant size Data security should be ongoing work -Difference is only in type of validation required -Validation may be recommended for some categories, but compliance is mandated to be part of the Visa system -All Merchants should make provisions to ensure than any third party they contract with is compliant

Presentation Identifier.18 Information Classification as Needed Visa EuropeBasel25 April 2006 Visa – Recent and next steps -Finished re-accreditation of Qualified Security Assessors  -Producing more awareness raising and support materials  -AIS as contractual requirement for all new merchant agreements -New set of penalties for Acquirers with non-compliant Merchants If a Merchant commits to starting the work, they will be allowed reasonable time to work towards compliance -Lowering the Level 1 threshold to include more non e-commerce Merchants

Presentation Identifier.19 Information Classification as Needed Visa EuropeBasel25 April 2006 Conclusion We are flexible, want to help you get started PCI DSS adds value to your brand and consumers PCI DSS protects your revenues Based on ISO/BSS, tailoring these standards to cards industry

Presentation Identifier.20 Information Classification as Needed Visa EuropeBasel25 April 2006 Visa OnLine Visa Europe website AIS Programme Manager: Lara Fiorani Tel: Where to find information on PCI DSS

Visa Europe Confidential Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.