PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

Slides:



Advertisements
Similar presentations
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Advertisements

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
HIPAA Regulations What do you need to know?.
Springfield Technical Community College Security Awareness Training.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
© Chery F. Kendrick & Kendrick Technical Services.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Questions we will explore: What is Security? Why is it relevant? What does it cost?
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Why Comply with PCI Security Standards?
Introduction to PCI DSS
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Youngstown State University PCI Training enter or left click on mouse to advance slides.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
October The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.
1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
2015 ANNUAL TRAINING By: Denise Goff
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
HIPAA PRIVACY AND SECURITY AWARENESS.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
AUGUST 25, 2015 Cyber Insurance:
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
IDENTITY THEFT. Illegally obtaining personal information such as name, social security, drivers license, or mothers maiden name, address, bank/credit.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© Copyright 2010 Hemenway & Barnes LLP H&B
e-Learning Module Credit/Debit Payment Card Acceptance and Security
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Langara College PCI Awareness Training
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Carroll County Advisement Program FINANCIAL LITERACY *IDENTITY THEFT *MONEY MANAGEMENT.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Fall  Comply with PCI compliance policies set forth by industry  Create internal policies and procedures to protect cardholder data  Inform and.
What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.
Being there When you need us Thats our policy. Cyber Awareness – what can be done?
PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
Introduction to PCI DSS
Payment Card Industry (PCI) Rules and Standards
Cyber Insurance Risk Transfer Alternatives
Payment Card Industry (PCI) Rules and Standards
PCI-DSS Security Awareness
E&O Risk Management: Meeting the Challenge of Change
Managing a Cyber Event Steven P. Gibson President
Chapter 3: IRS and FTC Data Security Rules
Society of Risk Management Consultants Annual Conference
Cyber Issues Facing Medical Practice Managers
Red Flags Rule An Introduction County College of Morris
Cyber Trends and Market Update
Credit Card Training Updated
Premier Employee Program Version 4.0
Move this to online module slides 11-56
Colorado “Protections For Consumer Data Privacy” Law
UD PCI GUIDELINES A guide for compliance with PCI DSS and the University of Delaware Payment Card Program ALWAYS Process payments immediately using a solution.
Credit Card Training Updated
Presentation transcript:

PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

January 10, 2013 Texas Southern University's radio station KTSU gave a volunteer position to a person with a criminal history of credit card fraud. The volunteer was later arrested for allegedly using the radio station's donation drive to steal credit card information. The dishonest volunteer faces up to 300 counts of credit card fraud for attempting to use the information on donor pledge sheets.

TARGET CREDIT CARD FRAUD 70 million accounts compromised. “I don’t see how TARGET is getting out of this for under a billion, over time,” he said, adding, “$150 million in a quarter seems almost like a bargain.” The company also said it expected earnings to drop to 78 cents a share from its earlier projections of 85 cents to $1 a share, reflecting more cautious consumer spending. $3.6 billion in potential fines.

Financial Exposures to a Breach 1)Forensic Examination – cost of consultant fees 2)Notification of Third Parties – cost of mailing a formal notification to customers 3)Call Centers – cost of staffing and supplies to handle incoming calls 4)Credit or Identity Monitoring – approx. $30/account 5)Public Relations – Loss of reputation with customers, suppliers, partners and loss of future revenue 6) Legal Defense - Possible civil litigation from breached customers - 7) Regulatory Proceedings, Fines and Penalties – $50-$100 fine/account compromised 8) Comprehensive Written Information Security Program – cost of consultant fees 9) Loss of credit card privileges – approx. 70% of MSUB students use credit cards to pay some or all of their tuition

DO and DON’T Do not accept CHD from an or FAX. Do not enter into any computer CHD, all documents leave hidden files when deleted. Do not enter CHD into a third party software system for a customer. Under certain circumstances you may take credit cards over the phone. Under certain circumstances you may process CHD received via postal or express mail services. Secure your CHD storage areas when not attended. Do not store CHD long term, only Business Services will store for long term any paper media related to CHD Secure devices that capture and transmit CHD, POS and swipe card systems Inspect these devices for tampering or substitution Report any suspected tampering or fraud to the CIO, Business Services Director or the Vice Chancellor of Administration Materials must be secured in safes, file cabinets, locked rooms or storage areas with limited access to those personnel All employees with access to CHD must be trained annually.

PCI RELATED MATERIALS    tampering pdfhttp://usa.visa.com/download/merchants/alert-pos-terminal- tampering pdf  

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.