DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program

1.Integrity Easy PCI Program 2.About Trustwave 3.PCI Basics 4.The Risk of Non-Compliance 5.Using TrustKeeper PCI Manager AGENDA

Who We Are WHO IS TRUSTWAVE? Company facts and figures ESTABLISHED TRUSTED GLOBAL GROWING INNOVATING 1995 BY OVER 2.5 MILLION BUSINESSES NOW OVER 1,200 EMPLOYEES CUSTOMERS IN 96 COUNTIRES OVER 50 PATENTS & COUNTING Global Threat Database feeds technologies and services with threat intelligence Selected by more enterprises for compliance – chosen more often than the next 10 service providers combined Industry’s most holistic portfolio of security technologies delivered through TrustKeeper®

PCI BASICS The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements designed to protect cardholder data It is applied to all merchants, systems, networks and applications that process, store, and/or transmit card numbers PCI DSS Defined

PCI BASICS Cardholder data is any personally identifiable data associated with a cardholder, including: –Primary Account Number –Expiry Date –Name All merchants accepting debit/credit cards must comply with the PCI DSS at all times. PCI DSS Defined

PCI DSS Self-Assessment Questionnaire (SAQ) –A questionnaire designed to assist organizations in self-evaluating their IT and payment processing environment Vulnerability Scanning –Helps secure your business by identifying weaknesses in your network and applications Qualified Security Assessor (QSA) –Certified to validate that a company is compliant with the PCI DSS Approved Scanning Vendor (ASV) –Certified to perform vulnerability scanning Key Terms

THE RISK OF NON-COMPLIANCE Large corporations that have been breached make the news daily What doesn’t make the news is that small merchants are at the greatest risk of a data breach Trustwave found that 90% of merchants that have data stolen are small businesses

PCI DSS COMPLIANCE Fundamental Best Security Practices –Avoid fraud –Helps to understand own system better –Clarifies where data is stored Upholds Brand Name –Adds value to name –Increases consumer confidence Non-compliant, compromised business could expect: –Damage to their brand/reputation –Investigation costs –Remediation costs –Fines and fees Sound Business Practice

Integrity Data Breach Protection Data Breach Coverage is a new and unique indemnification program designed specifically to meet the expenses resulting from a suspected or actual breach of credit card data. Audit Costs – Employee Theft, Fraud, Stolen Computers, Hacked Networks, etc. Why do I need Data Breach Coverage? If you suffer a suspected or actual data breach, you could incur thousands upon thousands of dollars of unexpected costs in the form of audit expenses, card monitoring and replacement expenses, and fines. These costs could significantly affect revenue... and even jeopardize the existence of your business. This inexpensive program reduces your monetary exposure when a presumed or actual data compromise occurs, thus providing peace of mind! $100,000 in Protection for Your Merchant

Other Data Breach FAQ’s 85% of Data Breaches happen in small, level 4 merchant locations. No deductible on the $100,000 Insurance Policy Even if you are compliant, a data breach can still happen! Claims are processed quickly, within 30 days. You will have an insurance company working to reduce the fees. How big a problem is this?

GETTING STARTED WITH TRUSTKEEPER PCI MANAGER

USING TRUSTKEEPER PCI MANAGER

REGISTRATION – THREE EASY STEPS Step 1: Enter merchant information

REGISTRATION – THREE EASY STEPS Step 2: How does your business accept credit cards?

REGISTRATION – THREE EASY STEPS Step 3: Create User Account and Register

SAQ OR PCI WIZARD? Simplify completion by selecting the Step-By-Step Wizard

USING THE PCI WIZARD

PCI WIZARD (INET-PA)

PCI WIZARD Click the “?” icon for help

PCI WIZARD Click the “i” icon to learn why it’s important

PCI WIZARD Answer a question wrong...

PCI WIZARD A task is added to the To Do List

SCAN SETUP Add a scan location

SCAN SETUP E-commerce website or physical location?

SCAN SETUP Enter information about the scan location

CERTIFICATE OF COMPLIANCE

TRUSTED COMMERCE SEAL

SECURITY POLICY ADVISOR Sample security policies and supporting documents

SECURITY AWARENESS EDUCATION Select training based on different industries and employee roles

RESOURCES PCI Security Standards Council: – VISA CISP: – MasterCard SDP: – Discover DISC – American Express –

QUESTIONS? Integrity Easy PCI Starting Page: – –Have your Merchant ID handy Customer Support – Trustwave –(877) We’re here to help!

THANK YOU