Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.

Published bySharlene Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services."— Presentation transcript:

1 Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services

2 Payment Technology Trends Enterprise Class Businesses Migration/Early adoption of newer payment technologies such as Point-to-Point Encryption (P2PE) Leading the “charge” for EMV implementation Small-to-Mid Sized Businesses (SMB’s) Focus on upgrading POS operating systems, equipment, devices Remain highest users of traditional Terminal/Server systems Movement away from dial-up to Internet connected processing Everyone is looking at wireless enabled payment systems Major driving force behind technology changes is PCI, but not necessarily SECURITY

3 Payment Technology Realities Data breaches and card theft continues to go up PCI compliance rates are up / so are breaches ??? Networks remain “flat” so sensitive data can be targeted via other IP connected devices Hackers are looking downstream (SMB’s) because they are the most unsecured Most businesses either do not properly deploy and maintain security technologies (plus resources) or they cannot afford it Businesses have adopted a “check box” mentality and are only concerned about getting their PCI Certificate of Compliance Believe that PCI compliance means they are secure Confusion over PA DSS and PCI DSS Mandates are getting harder to comply with in 2015 Big emphasis on companies providing services that could impact cardholder dataBig emphasis on companies providing services that could impact cardholder data

4 Common Network Landscape – Highly Unsecure

5

6

7

8 Properly Secured Data Network

9 Emphasis on Service Providers Service Providers (SP) are defined by the PCI Council as: “Companies directly involved in the processing, storage, or transmission of cardholder data, or companies that provide services that could impact the security of cardholder data.” Common examples include: Transaction Processors, Payment Gateways, Managed Service Providers, or Web Hosting Providers. A service provider is any “business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity.” This includes companies that provide services that control or could impact the security of cardholder data. There is already a requirement in every SAQ to maintain a written agreement with each SP, and have a process for monitoring a Service Provider’s PCI Compliance status. In addition, All SAQ’s now have a place in the Executive Summary to input Service Providers New requirement 12.8.5 states a list must be maintained of which PCI DSS requirements are managed by the Service Provider and which by the merchant Changes To PCI Mandate

10 All companies will have to NAME their service provider when filling out their self assessment questionnaire (SAQ) beginning in January 2015 Clear transfer of risk and exposure to all companies that implement, service or maintain POS systems, IT systems and/or ancillary IP connected equipment/services Service providers are largely the ones that companies look to for help with security and PCI As a service provider, you must look for ways to ensure your risk and exposure is limited Become a PCI compliant service provider Have every implementation and system change “audited” Outsource Changes To PCI Mandate

11 A Solutions Approach Look to subscription based managed services that ensure continuous network security and PCI compliance as a by product Focus needs to be on protecting sensitive data systems (payments, health records, personal information, etc) along with all other Internet traffic - not just the card data! Cloud-based - No need for clients to invest in expensive equipment, software or additional personnel Certification – There are many managed offerings on the market, but certification (look for PCI L1) will ensure you’re not at risk should a breach occur Feature Rich – A few offer secure WiFi, 3G/4G backup, Content Filtering and many more benefits Breach Protection/Insurance – Extend the ability to offset unfunded risk should a breach occur

12 THANK YOU

Download ppt "Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
PCI DSS for Retail Industry

PCI DSS for Retail Industry
UCSB Credit Card Processing and PCI Compliance

UCSB Credit Card Processing and PCI Compliance
Troy Leach April 2012 The PCI Security Standards Council.

Troy Leach April 2012 The PCI Security Standards Council.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.

ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.
CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.

CONFIDENTIAL AND PROPRIETARY ©2014 DISCOVER FINANCIAL SERVICES 2014 Discover ® Dealer Incentive Program & EMV Update.
PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.

PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,

PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,
Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.

Visa Europe Implementing PCI DSS Requirements Within Your Organisation September 2008 Simon Breeden.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Similar presentations

Ads by Google