Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006.

Published byLaurel Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006."— Presentation transcript:

1 Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006

2 Presentation Identifier.2 Information Classification as Needed Visa EuropeBasel25 April 2006 Agenda Account Information Security Programme and the Payment Card Industry (PCI) Data Security Standards PCI DSS - Protecting your business Plans for 2006

3 Presentation Identifier.3 Information Classification as Needed Visa EuropeBasel25 April 2006 Account Information Security Programme -The Payment Card Industry Data Security Standards (PCI DSS) were developed jointly by Visa and MasterCard and are endorsed by Amex, JCB, Discovery, Diners Work is under way to promote the establishment of PCICo, an independent industry body that will act as custodian of the PCI DSS Visa promotes the implementation of the PCI DSS through its Account Information Security Programme (AIS) AIS is part of a wider Visa strategy to make the card industry more secure

4 Presentation Identifier.4 Information Classification as Needed Visa EuropeBasel25 April 2006 Account Information Security (AIS) alongside other Visa security products POS Environment Online e-commBack office, systems Chip & PIN Verified by VisaAIS

5 Presentation Identifier.5 Information Classification as Needed Visa EuropeBasel25 April 2006 Why do we need PCI DSS? 40M credit cards hacked Breach at third party payment processor affects 22 million Visa cards and 14 million MasterCards. June 20, 2005: 5:04 PM EDT Jeanne Sahadi, CNN/Money senior writer

6 Presentation Identifier.6 Information Classification as Needed Visa EuropeBasel25 April 2006 Why do we need PCI DSS? From The Times, Saturday April 15 2006 : The Times contacted 14 customers whose details had been passed to it by a US company that monitors […] chat rooms. They were astonished when a reporter read out their credit card numbers. The names had been taken from unidentified British servers. By ringing the individuals on each list and checking which purchases they had made on the day the details were stolen, The Times was led to two reputable companies — one a supplier of travel goods based in Amesbury, Wiltshire, with a database of more than 20,000 customers, the other a computer sales company in Sheffield. Neither company was aware that its systems had been targeted. [Jonathan Richards, ‘Revealed: how credit cards are plundered on the net’, The Times, Saturday April 15 2006]

7 Presentation Identifier.7 Information Classification as Needed Visa EuropeBasel25 April 2006 Key role of beyond facilitator of payments? External pressure on Visa to protect personal financial information Q28: Aside from Visa being a facilitator of purchases or a processor of transactions, when you think of Visa and the role you expect it to play in society, which one of the following best describes your expectations of what Visa should be – educator on financial issues, protector of personal financial information, contributor to economic growth, or something else? If you have a different expectation for Visa, please let me know. Base: Total Respondents, n=2044 Top mentions Protector of personal financial information Contributor to economic growth Educator on financial issues Something else Other Don’t know

8 Presentation Identifier.8 Information Classification as Needed Visa EuropeBasel25 April 2006 In addition: Data Security is a major concern for customers worldwide Natural disasters (drought, earthquakes, floods, fires, hurricanes) *Loss of trust in governments/businesses/ institutions Spread of disease, or health epidemics Having a credit card, debit card, or some type of payment card lost or stolen Losing your primary source of income (such as your job) Terrorism in the world or in your country Protecting the environment Having your personal or financial info lost or stolen Base: All respondents, except (*) not asked in China Top 3 Box (Rated 8-10)

9 Presentation Identifier.9 Information Classification as Needed Visa EuropeBasel25 April 2006 Recent Visa Europe experience -Remarkable increase in compromises in Europe, regardless of acceptance channels Full track two data being targeted -Processors and IPSPs remotely targeted -Increase in compromises at non e-commerce Merchants -E-commerce still a target Fraud migrating to card not present sector because of increased security in face to face (EMV chip)

10 Presentation Identifier.10 Information Classification as Needed Visa EuropeBasel25 April 2006 Benefits of compliance with PCI DSS Ensures protection of the brands and reputation of all parties Visa Acquiring banks Merchants Service providers Helps gaining and maintains consumer confidence in payment systems Secures customers Makes them come back

11 Presentation Identifier.11 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance with PCI DSS - Systems benefit More aware of how your business works Provides you with greater awareness of security measures and preventative options available Helps you identify and address weaknesses in your security Systems

12 Presentation Identifier.12 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance with PCI DSS - Financial Benefits Financial Avoid cost of reaction to cybercrime suspension from trading consultancy fees police involvement law suits Avoid cost of fraud Protects you from card schemes post-compromise penalties

13 Presentation Identifier.13 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance with PCI DSS - Reputational Benefits Reputation Brand damage alone may put a company out of business! No compromises – no unwanted media attention

14 Presentation Identifier.14 Information Classification as Needed Visa EuropeBasel25 April 2006 If an organisation is certified compliant with PCI DSS.. -A compromise is less likely to happen. -If it happens it may be: Smaller –reduced fraud cost easier and cheaper to contain –Less investment needed to bring the organisation into compliance –Faster to bring the organisation into compliance - If the forensics investigation confirms that the organisation was still PCI compliant at the time of compromise Visa will not levy compromise fees

15 Presentation Identifier.15 Information Classification as Needed Visa EuropeBasel25 April 2006 Sensitive Information Card number Expiry date Full Track 2 (for face to face transactions) CVV2 (for Card not Present transactions) Track 2 and CVV2 should never be stored after authorisation -NOT storing any of the above removes the need for PCI DSS validation -If the information is stored, it has to be stored securely (encrypted)

16 Presentation Identifier.16 Information Classification as Needed Visa EuropeBasel25 April 2006 Compliance Validation Requirements - Merchants Level 1 - Merchants with 6,000,000+ transactions a year- all acceptance channels Level 2&3 - E-commerce Merchants with 6,000,000 to 20,000 transactions a year Level 4 – all other Merchants Mandated Annual onsite audit, and Quarterly network scan The audit can be done by a qualified auditor or by Merchant’s internal audit team, but has to assess compliance with the PCI Standards Mandated Annual PCI Self-assessment questionnaire, and Quarterly network scan Recommended annual PCI Self- assessment questionnaire and annual network scan

17 Presentation Identifier.17 Information Classification as Needed Visa EuropeBasel25 April 2006 Merchants – next steps for 2006 ALL Merchants should be compliant with PCI DSS already Regardless of Merchant size Data security should be ongoing work -Difference is only in type of validation required -Validation may be recommended for some categories, but compliance is mandated to be part of the Visa system -All Merchants should make provisions to ensure than any third party they contract with is compliant

18 Presentation Identifier.18 Information Classification as Needed Visa EuropeBasel25 April 2006 Visa – Recent and next steps -Finished re-accreditation of Qualified Security Assessors  -Producing more awareness raising and support materials  -AIS as contractual requirement for all new merchant agreements -New set of penalties for Acquirers with non-compliant Merchants If a Merchant commits to starting the work, they will be allowed reasonable time to work towards compliance -Lowering the Level 1 threshold to include more non e-commerce Merchants

19 Presentation Identifier.19 Information Classification as Needed Visa EuropeBasel25 April 2006 Conclusion We are flexible, want to help you get started PCI DSS adds value to your brand and consumers PCI DSS protects your revenues Based on ISO/BSS, tailoring these standards to cards industry

20 Presentation Identifier.20 Information Classification as Needed Visa EuropeBasel25 April 2006 Visa OnLine https://www.eu.visaonline.com/eu_ais/ Visa Europe website www.visaeurope.com/acceptingvisa/datasecurity.htmlwww.visaeurope.com/acceptingvisa/d Email: datasecuritystandards@visa.comdatasecuritystandards@visa.com AIS Programme Manager: Lara Fiorani Tel: +44 207 795 5668 Email: datasecuritystandards@visa.comdatasecuritystandards@visa.com 20 Where to find information on PCI DSS

21 Visa Europe Confidential Thank you

Download ppt "Visa Europe Confidential PCI DSS Protecting your business Lara Fiorani, Visa Europe Basel 25 April, 2006."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Accepting Credit Cards and PCI Compliance

Accepting Credit Cards and PCI Compliance
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.

Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Similar presentations

Ads by Google