Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Published byClay Chatelain Modified over 9 years ago

Similar presentations

Presentation on theme: "Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,"— Presentation transcript:

1 Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta, Vice Manager, United Airlines Herman Mensink, EVP, Prism Group, EMEA Paul Buelens, Fraud Manager, MasterCard International, Risk & Security Services, ESAMEA

2 Risk Management Through PCI Compliance March 2006 Peter Warner EVP, Business Development

3 Hacking Is Fast Becoming The “Crime Of The Century”

4 Hacking Yes they do - but organised criminals do it for profit ! A single database compromise in a payment card processor or a major on-line retailer can reap millions of card details Which the criminals can use to commit payment card fraud Hackers do it for Fun!

5 The Cost? Aside from the fraud losses which on average are $1,000 per card account The payment card schemes impose substantial penalties on the compromised company to compensate the card issuers for replacing the card ($25 per card) or monitoring the account activity more closely ($5 per account) For example if 1 million accounts are compromised of which only 1,000 or 0.1% are used fraudulently the organisation responsible will face costs of –$1,000,000 in fraud losses –Up to $25,000,000 in penalties And suffer the consequential reputational risk

6 Ready for Export 99% of all known Account Data Compromise events were on US institutions Of these 68% were at Merchant Service Providers (MSP’s) And 32% were at Merchants Unnecessary & insecure data storage must be eliminated in order to minimise the risk

7 The Real Cost of e-commerce Fraud for Airlines Lost revenue: Lost ticket sales to fraud Rejecting, insulting and losing genuine airline customers Lost repeat ticket sales to competitors Rejecting third party bookings as risk prone Turning away cross border transactions from high risk destinations Seats blocked to good customers by fraudsters testing cards (Alicante) Increased fraud: Chargebacks, surcharges and fines Increased Costs: Cost of sale (postage, ticket sales time) High manual review costs to minimise fraud

8 Warning Many hacks are not reported Many more are not detected And internal fraud is often involved

9 Top 5 Reasons for Compromise 1.Ineffective patch management 2.No security scanning 3.Weak network level security 4.SQL injection 5.Lack of real-time security monitoring ……………………………………………………………………. Security professionals use scans to find vulnerabilities Hackers also scan systems to find vulnerabilities and exploit them using well-known and widely available tools

10 2005 known hacks Source: Cybertrust

11 PCI Compliance – Some Observations ReD were already BS 7799 compliant when PCI programme was started. –Basic infra-structure was already in place –Saved a considerable amount of documentation work (e.g. process definition etc.) HOWEVER, PCI Compliance took longer than we originally planned due to: –Production Network Reconfiguration –Installation of an Intrusion Detection System –Implementation of a full Network Monitoring system –Number of planned maintenance windows required to accomplish this (our customers commented on this). Need to select a Quality Audit Partner –Need access to a dedicated resource –Make sure that resource is available throughout the audit process

12 PCI Compliance – The Trickle Down Theory Need to assess the impact on your Supply Chain –Vendors have been slow to recognise the importance of PCI Compliance –Vendors have been slow to modify their products and services to be PCI Compliant –Examples: Off-Site Tape Storage and liability Database Encryption Communications Need to assess the impact on your Customers –PCI Compliance message has not gone out to everyone

13 PCI Compliance – In Summary PCI Compliance is expensive but necessary –Smaller Payment Service Providers may be forced out of business –Benefit to out-sourcing Payment Service Processing Staying PCI Compliant requires strict adherence to change management processes

14 The Impact of Account Data Compromise Counterfeits cards and fraud Significant chargeback risk Penalties, fines, losses Negative media coverage Loss of reputation Re-issuance and monitoring of cards Loss of consumer confidence Threat of new legislation

15 Thank you March 2006 Peter Warner EVP, Business Development

Download ppt "Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,"

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
CyberSource Strengths

CyberSource Strengths
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Advantages of having integrated ePayments and eCommerce By Fauwaz Hussain Nodus Technologies.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Advantages of having integrated ePayments and eCommerce By Fauwaz Hussain Nodus Technologies.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.

Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Around the World, Around the Corner WorldPay for Small Business.

Around the World, Around the Corner WorldPay for Small Business.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.

SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.

PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council to encourage and enhance cardholder.

Similar presentations

Ads by Google