Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

PCI Compliance - how protecting your customer card data protects your business

510 Aufrufe

Veröffentlicht am

A data breach can threaten your ability to process card payments and possibly expose your business to fines. Check out this presentation for tips on how to get your company in compliance with the card industry's PCI requirements. We also recently hosted a webinar on this topic with First Data, which can be viewed here: https://bit.svb.com/2J125es

Veröffentlicht in: Business
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Gehören Sie zu den Ersten, denen das gefällt!

PCI Compliance - how protecting your customer card data protects your business

  1. 1. How Protecting Customer Card Data Protects Your Business PCI COMPLIANCE May, 2018 SVB Global Merchant Services
  2. 2. Learn How to Comply with PCI Data Security Standards 1 PCI Basics 2 Risks of Non-Compliance 3 Resources PCI Compliance 2
  3. 3. Compliant policies, systems & procedures ProcessorsMerchants Banks Qualified Security Assessor (QSA) • Perform assessments and provide support to merchants, processors, banks • Submit compliance report or other form PCI Security Standards Council Who’s Responsible for What 3 Oversight, Responsibility, Enforcement PCI Compliance
  4. 4. PCI Basics • Cardholder data is any personally identifiable data including: – Primary Account Number – Expiry Date – Name • Sensitive Authentication Data must also be protected: – Full Track Data (magnetic strip) – CAV2/CVC2/CVV2/CID (3 or 4 digit code) – PIN/PIN Block • All merchants accepting debit/credit cards must comply with the PCI DSS at all times 4PCI Compliance
  5. 5. PCI Basics • The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements designed to protect cardholder data. • Applies to all merchants, systems, networks and applications that process, store, and/or transmit card numbers. • Build and Maintain a Secure Network and Systems (2) • Protect Cardholder Data (2) • Maintain a Vulnerability Management Program (2) • Implement Strong Access Control Measures (3) • Regularly Monitor and Test Networks (2) • Maintain an Information Security Policy (1) 5PCI Compliance
  6. 6. PCI DSS Key Terms Self-Assessment Questionnaire (SAQ) – A questionnaire designed to assist organizations in self-evaluating their IT and payment processing environment. Vulnerability Scanning – Helps secure your business by identifying weaknesses in your network and applications. Qualified Security Assessor (QSA) – Certified to validate that a company is compliant with the PCI DSS. Approved Scanning Vendor (ASV) – Certified to perform vulnerability scanning. 6PCI Compliance
  7. 7. 7 Validation Actions Depend on Level Merchant Level Validation Actions Validated By 3 Any merchant that processes 20,000 to 1 million e-commerce transactions annually Annual Self-Assessment Questionnaire Merchant Quarterly Network Scan Approved Scanning Vendor 4 Any merchant that processes up to 1 million brick-and-mortar Visa transactions, or less than 20,000 Visa/e-commerce transactions annually Annual Self-Assessment Questionnaire Merchant Quarterly Network Scan Approved Scanning Vendor PCI Compliance
  8. 8. 8 SAQ Name Description A Card-not-present merchants (e-commerce or mail/telephone-order), that have fully outsourced all cardholder data functions to PCI DSS compliant third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Not applicable to face-to-face channels. A-EP E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No storage, processing, or transmission of cardholder data on merchant’s systems or premises. Applicable only to e-commerce channels. B Merchants using only: • Imprint machines with no electronic cardholder data storage, and/or • Standalone, dial-out terminals with no electronic cardholder data storage. Not applicable to e-commerce channels. B-IP Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor with no electronic cardholder data storage. Not applicable to e-commerce channels. C-VT Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based, virtual payment terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage. Not applicable to e-commerce channels. C Merchants with payment application systems connected to the Internet, no electronic cardholder data storage. Not applicable to e-commerce channels. P2PE Merchants using only hardware payment terminals included in and managed via a validated, PCI SSC-listed P2PE solution, with no electronic cardholder data storage. Not applicable to e-commerce merchants. D All merchants not included in descriptions for the above SAQ types. PCI Compliance
  9. 9. PCI DSS Compliance • Fundamental Security Best Practices – Avoid fraud – Helps to understand own system better – Clarifies where data is stored • Upholds Brand Name – Adds value to name – Increases consumer confidence • Non-compliant or Compromised Business could expect: – Damage to their brand/reputation – Investigation costs – Remediation costs – Fines and fees 9 Oversight, Responsibility, Enforcement PCI Compliance
  10. 10. Best Practices • Use strong passwords • Protect card data and only store what you need • Inspect terminal for tampering • Install patches from vendors • Use trusted business partners • Protect in-house access to data • Use anti-virus • Scan for vulnerabilities • User secure terminals • Protect business from internet • Make stored data useless to criminals 10 From PCI Security Standard PCI Compliance
  11. 11. 11 Risks of Non-Compliance Of merchants who had data stolen 90% are small merchants, 60% of small and medium businesses breached were closed in 6 months $20,752 Is the average cost to a small business due to hacking 45%of organizations were breached through remote access, 21%of organizations were breach through malicious code, 39%had memory-scraping malware installed Trustwave; PCI Guidetosafepayments Security metrics’2017ReportPCI Guidetosafepayments PCI Compliance
  12. 12. 12 Resources PCI Security Standards Council: www.pcisecuritystandards.org List of validated payment applications, services providers, and more. Full version of the PCI DSS Visa CISP: http://www.visa.com/cisp Mastercard SDP: http://www.mastercard.com/sdp We’re here to help: TransArmor Solution PCI Rapid Comply: https://pcirapidcomply.com Have your Merchant ID handy Customer Support Number 1-877-201-3617 support@pcirapidcomply2.com PCI Compliance
  13. 13. Want to know more about PCI and how you can create a more secure payments processing environment? Get advice from the experts at svb.com/merchant-services PCI Compliance Webinar 13
  14. 14. First Data is an independent third party and is not affiliated with SVB Financial Group. ©2018 SVB Financial Group. All rights reserved. SVB, SVB FINANCIAL GROUP, SILICON VALLEY BANK, MAKE NEXT HAPPEN NOW and the chevron device are trademarks of SVB Financial Group, used under license. Silicon Valley Bank is a member of the FDIC and the Federal Reserve System. Silicon Valley Bank is the California bank subsidiary of SVB Financial Group (Nasdaq: SIVB). This material, including without limitation the statistical information herein, is provided for informational purposes only. The material is based in part on information from third-party sources that we believe to be reliable, but which have not been independently verified by us, and for this reason, we do not represent that the information is accurate or complete. The information should not be viewed as tax, investment, legal or other advice, nor is it to be relied on in making an investment or other decision. You should obtain relevant and specific professional advice before making any investment decision. Nothing relating to the material should be construed as a solicitation, offer or recommendation to acquire or dispose of any investment or to engage in any other transaction. 14PCI Compliance

×