Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Slides:

Advertisements

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

The Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Property of CampusGuard Compliance With The PCI DSS.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Jeff Williams Information Security Officer CSU, Sacramento

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Why Comply with PCI Security Standards?

Introduction to PCI DSS

Northern KY University Merchant Training

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standards (DSS) Fundamentals

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

Central Michigan University Payroll and Travel Services 3.

The ABC’s of PCI DSS Eric Beschinski Relationship Manager Utility Payment Conference Kay Limbaugh Specialist, Electronic Bills & Payments &

Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,

EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.

PCI requirements in business language What can happen with the cardholder data?

Brian Cloud August 06, Overall Digital Security  What is Digital Security  Murphy’s Law Since 2005, over 263M records breeched (privacyreports.com)

Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.

DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA

Introduction to Payment Card Industry Data Security Standard

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,

VeriShield Protect Revolutionary technology that simplifies PCI DSS compliance with no system upgrades Now available on V x Solutions!

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

PCI-DSS Security Awareness

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

Regulatory Compliance

Internet Payment.

Session 11 Other Assurance Services

Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions

Payment Card Industry Data Security Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

PCI DSS Erin Carrick.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Utility Payment Conference

Presented by: Jeff Soukup

Presentation transcript:

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009

Presentation Overview Why Should I Care? Safety in “Numbers” PCI – What is This? PCI “Digital Dozen” – Does it Make a Difference? Legislation – Uncle Sam and Friends are Here to Help Future Steps I’ve Been Breached, What Happens Next?

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Why Should I Care? Do you have insurance for identifiable business risks? Is it challenging to attract new and retain existing customers? Are credit or debit cards are meaningful percentage of your payment tender types? Do you want to focus your resources on growing your business or possibly seeking out your customers to notify them that they payment card information has been compromised? Do you believe negative events at your company can impact your brand?

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Safety in Numbers? Not so much … 2004 – BJ’s Wholesale 2005 – Designer Shoe Warehouse (DSW) 2007 – TJ Maxx, OfficeMax, Dave & Busters, – Hannaford Brothers Grocery Dec 2007 to March 2008 – 4 million cards 1,800 fraudulent charges made – 21 civil claims 2009 – Heartland Payment Systems Fall 2008 to January to date $12.5 million in fines.

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards According to a report released August 17, 2009 by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute's 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident.reportcost

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards PCI – What is This? Collaborative based approach by major card brands: Visa, MasterCard, Discover, Amex, JCB to address card industry data security on a proactive and unified approach.

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards PCI “Digital Dozen” – Does it Make a Difference? Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across public networks

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to data by business need to know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Regularly Monitor and Test Networks 10.Track and monitor all access to network resources and cardholder data. 11.Regularly test security systems and processes. Maintain an Information Security Policy 12. Maintain a policy that addresses information security.

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards To become compliant what does a company need to do? 1.Complete a Self Assessment Questionnaire (SAQ) 2.Complete a network vulnerability scan if you have a external connection. 3.On site PCI audit if you are a large card transacting merchant.

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Does PCI - the Digital Dozen make a difference? Merchant awareness : Merchant action: Post breach forensic findings:

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Legislation – Uncle Sam and Friends are Here to Help You Legislation 2008 and prior legislation

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Likely Future Industry Steps Credit card processors will really expect compliance Solutions for non-access storage End to end encryption

SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards I’ve Been Breached, What Do I Do? 1. Immediately contain and limit the exposure. Prevent further loss of data by conducting a thorough investigation of the suspected or confirmed compromise of information. Preserve evidence and help facilitate the investigation. 2. Alert all necessary parties immediately. : –Your internal information security group and incident response team. –Your merchant bank. –Your local office of the United States Secret Service. 3. Provide all compromised payment card accounts to your merchant bank within 10 business days. The payment brands will distribute the compromised account numbers to Issuers and ensure the confidentiality of entity and non-public information

Contact information: Brian Ridder Senior Vice President First National Merchant Solutions