Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making a Holiday Special For All The Right Reasons

Published bySabrina Dorsey Modified over 6 years ago

Similar presentations

Presentation on theme: "Making a Holiday Special For All The Right Reasons"— Presentation transcript:

1 Making a Holiday Special For All The Right Reasons
Jeremy King International Director PCI Security Standards Council

2 PCI Security Standards Council

3 I Need a Holiday!!!! Taxi or transfer Face to face Hotel Travel Agent
On-line Flights Telephone Hire car Excursions and extras Credit card details sent to at least 6 different organisations Insurance

4 At the Airport Excess Baggage Fees Upgrades New Ticket
Changes to Ticket Changes to Itinerary Duty Free Eating and Drinking

5 On the Aircraft Buying Food and Drink Buying Duty Free
Other Products / Services Making a Phone Call Internet on Board

6 Problems Lost Luggage Damaged Luggage Delayed Flights
Cancelled Flights Unexpected Diversions

7 Join the Loyalty Fraud Prevention Association, (LFPA) Today
Buying Additional Loyalty Points Using Points and Value Join the Loyalty Fraud Prevention Association, (LFPA) Today

8 At the Hotel: Checking In
Used to be so much easier. There was our side of the counter and your side. People knew where they stood, literally.

9 Check-in 21st Century

10 Services in the Hotel

11 One Hotel or a Chain Interlinked networks means criminals gaining access to just one site, gains access to the entire global hotel network.

12 So What Does All This Mean For Security?

13 PCI is Like Running an Aircraft
It is all about Security, not just Compliance

14 Not Everything In Life Ends Up As You Originally Planned!
However 640 years later: It is a tower It is still standing People can climb the tower It contains bells The bells ring It is still leaning

15 But You Cannot Always Defend Against Every Eventuality!
But knowing the threat there can make a huge difference

16 Cloud Computing Can be great or just grey and confusing.

17 Encryption Is a great way to improve security.

18 So Where Does This All Leave Us
People Process Technology And a bit of luck

19 Why PCI? The World is Under Cyber Attack

20 How Much Data Are We Losing…
Source: Databreachindex.com

21 PCI Security Standards Council
Standards, Best Practices, Training, Certification, Educational Resources Merchant & Payment Service Provider Environments Payment Equipment Payment Software Standards for payment equipment, payment software and standards for everyone in the ecosystem who handles payment information. To maintain trust and integrity that payments are secure, we certify the equipment used throughout the payments chain. We certify people who are responsible for maintaining secure environments – internal security people and external assessors and investigators. Our standards are: Effective: A third-party report investigated major data breaches over the past ten years and found none were compliant with PCI Standards at the time of breach. The PCI Standards work. Comprehensive: The Standards cover wide variety of payment security challenges, from password complexity to proper protection of EMV chip terminals, to e-commerce, and mobile payments. Industry-tested: PCI maintains lists of independent, lab-tested applications and devices to help organizations choose technology that is and verified to protect cardholder data. Certification – Equipment, Service Providers, Assessors, Investigators Training – Assessors, Investigators

22 New: Best Practises for Securing E-commerce

23 New: Best Practises for Cloud Computing
Being Updated 2017 by Special Interest Group

24 PCI DSS Scoping and Network Segmentation Guide

25 PCI Guidance and Best Practices
Building a security awareness program Protecting against malware Skimming prevention Defending against phishing attacks Working with third parties Maintaining PCI DSS compliance Accepting payments with a mobile phone PCI DSS compliance in the cloud All of our standards, best practices, FAQs are available on the website in our document library – Free to all that are interested in learning more and being a part of the solution. Continuously Developing documents and resources. Simplify security for the Small Business marketplace Including FAQs and tips for small merchant environments The U.S. National Institute for Standards and Technology found a vulnerability in the old software, which is used by about 90 percent of ecommerce merchants. There hasn’t been a major breach resulting from the vulnerability yet. But we expect some enterprising criminal will soon. And we don’t want anyone to be the one in the papers The Council published very specific guidance on interim risk mitigation approaches, migration recommendations and alternative options for strong cryptographic protocols. Available at:

26

27

28 To Sum Up: Why PCI? You are a priority target
Doing nothing is not an option PCI Standards are the best set of security requirements available This must start at the very top of your organisation Remember; People, Process and Technology is what matters Just buying the technology is not the answer

Download ppt "Making a Holiday Special For All The Right Reasons"

Similar presentations

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
Troy Leach April 2012 The PCI Security Standards Council.

Troy Leach April 2012 The PCI Security Standards Council.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.

PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Around the World, Around the Corner WorldPay for Small Business.

Around the World, Around the Corner WorldPay for Small Business.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.

PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Similar presentations

Ads by Google