Presented by Bob Wesolowski James R. Rennert, CFRE President Dir. of Mission Advancement Caring Habits, Inc. Sisters of St. Joseph Briarcliff Manor, NY.

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
PCI DSS for Retail Industry
UCSB Credit Card Processing and PCI Compliance
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Why Comply with PCI Security Standards?
Northern KY University Merchant Training
Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
MasterCard Site Data Protection Program Program Alignment.
PCI DSS Managed Service Solution October 18, 2011.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
PCI requirements in business language What can happen with the cardholder data?
Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
Payment Card PCI DSS Compliance SAQ-A Training Accounts Receivable Services, Controller’s Office 7/1/2012.
EMV – The New Landscape 21 Days & 12 Hours
Smart Payment Processing ™ Recur} Happen again. Persist. Return. Come back. Reappear. Come again.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
Company Profile. MerchantPro Express (MPX)  MerchantPro Express (MPX) is a credit card payments processing company, powered by industry leader First.
Langara College PCI Awareness Training
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Jon Bonham, CISA, QSA Director, ERC
Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Payment Card Industry (PCI) Rules and Standards
Performing Risk Analysis and Testing: Outsource or In-house
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Internet Payment.
UGA Extension Credit Card Processing Training
Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Utility Payment Conference
Presented by: Jeff Soukup
Presentation transcript:

Presented by Bob Wesolowski James R. Rennert, CFRE President Dir. of Mission Advancement Caring Habits, Inc. Sisters of St. Joseph Briarcliff Manor, NY Brentwood, NY When is a good deal not a good deal?

2 Figuring out credit card fees – Why are credit cards so expensive? Understanding EMV cards – Will it change the way you process payments? The PCI data security standards – Why are they so important? Sister of St. Joseph – The steps one “merchant” took to become compliant. Overview When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

3 Anatomy of a Transaction – The numbers show the sequence of events Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY CharityDonor “Platform” or “Gateway” Issuing Bank 3 rd Party Reseller Merchant Bank Merchant Bank

4 Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

5 Credit cards are an unsecured, short term loan. ▫ You receive donation proceeds in anticipation of the donor making a payment. VISA, MasterCard and Discover continue designing specialty cards that result in higher fees for merchants and cardholders. ▫ The “discount rate” is based on the cards presented by donors. ▫ The card issuers (VISA, MasterCard and Discover) charge “Interchange” fees for processing the donation. Many software providers require annual upgrades to remain PCI compliant. Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

6 Additional fees are charged for almost everything, including: ▫ Monthly, paper statements. ▫ Assorted “downgrades”. ▫ Chargebacks and reversals. ▫ Breach protection. ▫ Failure to be PCI compliant. Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

7 Two types of credit card transactions, Card Present and Card Not Present. ▫ Card Present – The cardholder presents the credit card in person.  Typically a retail transaction, e.g. a book store or a gift shop.  Typically the lowest discount rate because the threat from a stolen card is less.  Transactions must be swiped to get the lowest rate. ▫ Transactions “downgrade”, i.e. subject to higher fees if criteria are not met.  Credit cards that are manually keyed (the swipe machine can’t read the card).  Failing to use address verification or the CVV2.  Accepting corporate or other specialty cards.  Failing to settle batches at the end of each day. Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

8 ▫ Card Not Present – The cardholder is not able to present the card in person.  Typically direct mail, telemarketing or web transactions. Also includes monthly giving transactions. Often referred to as MOTO (Mail Order/Telephone Order).  Transactions can be processed through special processing software or manually keyed to a touch pad or swipe machine. ▫ Card Not Present transactions “downgrade” if strict criteria are not met.  Processing some donations without the CVV2.  Transactions processed without address verification (AVS).  Accepting corporate or other specialty cards.  Failing to settle batches at the end of each day. Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

9 Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

10 Steps you can take to reduce fees. ▫ Consolidate credit card merchant accounts. Eliminate redundant charges. ▫ Be wary of monthly minimum fees. ▫ Paper statement fees can be expensive. Go paperless. ▫ Become PCI compliant. Penalties can reach $ per month. ▫ Review credit card statements every month. Understand all charges. ▫ Use providers who offer faster funds availability. ▫ Process donations using AVS and CVV, use processing technology correctly, settle credit card batches daily. ▫ Understand ALL fees before you move. ▫ Understand termination fees. Make sure to retain rights to cardholder data. Figuring out credit card fees - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

11 EMV (Europay, MasterCard, VISA) cards were available beginning in Sometimes referred to as “Chip and PIN” or “Chip and signature” cards. Designed for ATM, point-of-sale or unattended terminal transactions. Implementation required by October 1, 2015 for POS terminals. Implementation required by October 1, 2017 for gas stations. Experience in Europe suggests that implementation shifts attackers’ focus to card-not-present transactions. Implementing EMV Cards - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

12 Understanding the effect: ▫ If you accept a stolen, “Fallback” card, the bank will bear the loss. ▫ If you accept a stolen EMV card and use an EMV reader, the bank will bear the loss. ▫ If you accept a stolen EMV card and use a “Fallback” POS reader, you bear the loss. Should you purchase a new card reader? Implementing EMV Cards - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

13 A comprehensive set of security standards for use by organizations that process, store or transmit credit card data or that build technology for these purposes. ▫ The standards identify four user groups: merchants, service providers, hardware manufacturers and software developers. ▫ Compliance is achieved by implementing policies, procedures and training. ▫ Compliance is certified through:  Scanning internet facing devices, systems and applications from MasterCard- certified products and providers;  Audits performed by VISA-certified assessors;  Self-Assessment Questionnaires (SAQ’s). What are the PCI standards - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

14 SAQ’s are based on perceived risk: ▫ Questionnaire A - Card-not-present (e-commerce or mail order/telephone order) merchants. All cardholder data functions outsourced. ▫ Questionnaire B - Imprint-only merchants or stand-alone terminal merchants with no electronic cardholder data storage. ▫ Questionnaire C - Merchants with POS systems connected to the Internet with no electronic cardholder data storage. ▫ Questionnaire D - All other merchants. What are the PCI standards - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

15 PCIS DSS is the minimum acceptable standard. Compliance with the PCI data security standards is NOT a legal requirement. However, ▫ Banks assess fines for non-compliance or a breach. ▫ A growing number of states impose substantial fines for data losses. ▫ Safe Harbor rules from VISA and MasterCard may apply if a compliant merchant suffers a data loss. ▫ You are responsible for making certain vendors are compliant. What are the PCI standards - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

16 Anticipated Changes – ▫ Banks will charge more for support and offer more services, including:  Self-assessment questionnaire preparation, network vulnerability scans, policies and procedures guidelines and templates from Trustwave, Security Metrics, Verizon, Coalfire and many others.  Annual scanning fees can vary.  Substantial penalties will be assessed for non-compliance and more “proof” will be required. What are the PCI standards - When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

17 Only 28.6% of companies were found to be fully compliant less than one year after validation. Not a single, breached company had been compliant at the time of the breach. Greater emphasis on attacking the systems of partners and then using their trusted status to attack. * Results taken from the Verizon 2015 PCI Compliance Report A Quick Look at Compliance * When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

18 27% of breached companies had effective firewalls in place. (1) 27% of the breached companies complied with hardened defenses. (2) ▫ Vendor supplied defaults and passwords. 36% were compliant in protecting stored data.(3) 36% had effective anti-virus software. (5) 16% maintaining systems and software security. (6) 9% had effective systems testing in place. (11) A Quick Look at Compliance * When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY * Results taken from the Verizon 2015 PCI Compliance Report

19 Safeguard you organization – Fines, bad press and a higher cost of doing business. Safeguard donors – Protect credit card and other personal information. Safeguard employees – Fines and termination. Safeguard yourself – Fines and termination. Why Be Compliant? When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

20 Approved vendors are listed on the PCI DSS site. Your bank may require you to use a specific vendor. Security Metrics Breach Protection up to $100,000 is $600 per year for one server. Who Can Help You? When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

21 Rep asked questions about my organization and operation. ▫ “Scope reduction” can dramatically reduce the size of the effort. They scanned my server’s I.P. address and provided a report of what needed to be change (firewall parameters, software versions, etc.) Your IT person will need to be involved to make recommended changes and to initiate the quarterly scan. You and your IT person complete the Self-Assessment Questionnaire (SAQ). Must be completed annually. How Does the Process Work? When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

22 You develop the Information Security Policy. It addresses: You Must Sign the SAQ When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY PCI DSS Standards Firewalls Malware and anti-virus protection Passwords Maintaining current software Vendor access Access control Protecting stored data Regular network testing Data encryption Maintaining an security policy

23 All staff who process credit cards must take an online training class. All staff who process credit cards must pass a test based on the training material. All who process credit cards must sign and agree to the Information Security Policy On-line Training When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

24 Use a PCI-compliant service provider. Some web developer firms may not have the ability or knowledge to make your landing page PCI compliant (coding, complex rules, access to data, etc.) It is your responsibility to ensure that vendors are PCI compliant. Ask to see your vendor’s certificate. Accepting Credit Cards Online When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

25 Appendix 1 – The PCI Data Standards When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

26 Appendix 1 (continued) When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY

27 Appendix 2 When is a good deal not a good deal? Copyright © 2015 Caring Habits, Inc., Briarcliff Manor NY and Sister of St. Joseph, Brentwood, NY Please feel free to contact us with any follow-up questions. James R. Rennert, CFRE Dir. of Mission Advancement Sisters of St. Joseph Brentwood, NY , Ext 150 Bob Wesolowski President Caring Habits, Inc. Briarcliff Manor, NY , Ext 101

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.