Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI DSS Managed Service Solution October 18, 2011.

Published byRolf Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "PCI DSS Managed Service Solution October 18, 2011."— Presentation transcript:

1 PCI DSS Managed Service Solution October 18, 2011

2 Who is Vendor Safe? Founded in 1989 in Houston, Texas:  20 Plus Years of Security Experience  Internet Security  Network Security  Data Security Transformation in 2007:  Managed Firewall Architecture  Provide Security First – PCI Compliance Will Follow  PCI DSS Security Experts 2

3 “Many Franchise owners and IT Managers underestimate the high risk of credit card fraud and the consequences that follow.” Why Care about PCI Compliance The Problem: 3

4 PCI - Terms PA - DSS ( Payment Application) PCI- DSS ( Data Security) SAQ -( Self Assessment Questionnaire) Scans - External, Internal, Wireless ASV - Authorized Scanning Vendor QSA – Qualified Security Assessor Compliance vs. Validation

5 I Signed What? ! Merchants have already agreed to be PCI Compliant ! 5

6 It Won’t Happen to Me! 6 Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better." Hackers Shift Attacks to Small Firms Joe Angelastri, owner of City News stand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system. Article – Wall Street Journal 7-21-2011

7 Breach - Ugly Facts Forensic Audit 6k - 10K (per location) Audit sent to Card Brands and Merchant Bank Scope of Breach Determined Fees / Fines Assessed (+ 10k cards) Remediation - Required for Lack of Security – or Additional Fines (5k) Customer Loss and Brand Damage

8 PCI Solution Overview PCI is More Than POS 8

9 PCI Solution Overview 12-286 12 RequirementsVendor Safe Solutions Install and Maintain a FirewallVendor Safe Global Security Mesh / Security Services Change Default PasswordsVendor Safe Equipment and Remote Access is compliant Policy to assist client with LAN management Protect Stored DataVendor Safe Security Policy provided to address credit card data Encrypt Credit Card TransmissionsVendor Safe equipment can encrypt to the highest standards (wired and wireless) Updated Anti-Virus SoftwareOptional Vendor Safe Managed Anti-Virus Service or POS Reseller provided Develop Secure ApplicationsVendor Safe does NOT Provide Payment Software (PA-DSS Certified Versions) Restrict Access to DataVendor Safe Hierarchical remote access VPN architecture Vendor Safe Customer policies and procedure templates Assign a unique ID for usersVendor Safe two factor remote access (different account for each user) Vendor Safe Customer policies and procedure templates Restrict Physical AccessVendor Safe Training material (Web Videos / Policy and Procedure Templates) Track and Monitor Data AccessVendor Safe Workstation Logging client available Lanscribe™ Regularly Test VulnerabilitiesVendor Safe Internal and External Vulnerability scanning services Vendor Safe Penetration Testing Guide Maintain Policy and ProceduresVendor Safe Template Provided and maintained by customer Vendor Safe available for professional services if needed 9

10 10 VST Value Proposition Heavy Lifting Components of PCI - DSS –High End Firewall, Secure Network Segments required (In Scope) Devices for PCI DSS –Provides Secure Remote Access, Policy Based –2 Factor Authentication, SMS or Email –Logging and Storage – Firewall, Remote Access –Managed Service, Updates, and 24x7 Monitoring –System Logs and File Integrity Monitoring (LAN Scribe) –Internal Scan –Wireless Detection Scan

11 Platinum Package Global Security Mesh™  $100,000 TrustVault™ Certificate  Managed Juniper Firewall with VPN  Implementation, Set-up, and Configuration  Gateway Session Logging Logs Stored Online for 1 Year  Secure Remote Access with Two Factor Authentication SMS / Email OTP Validation Forced Configuration Manager™  Ensures Secure Communications  Enforces Antivirus policies 11

12 Platinum Package Cont’d Global Security Mesh™  Network Segmentation to meet PCI Standards  IPS / IDS  Web Filtering / Content Management  24 x 7 x 365 Event Logging, Monitoring, and Support  Centralized Firewall Configuration Management  Firewall Security Policy Template Updates  Ongoing Firewall Change Control and Policy Updates Includes Technological Changes to PCI-DSS Standard  Next Business Day Hardware Replacement 12

13 Platinum Package  Package Geared towards SAQ D Attestation Level Merchants  Automated security policies that reflect the more complicated requirements of the environment  LANScribe™ - Workstation Logging and File Integrity Monitoring (Up to 6 Workstations) 13

14 Beyond PCI™ Security Beyond PCI Security Services Rogue Device Manager™ Identifies unknown devices plugged into network “Block” Mechanism Built into System IP Data Blocker™ Centrally managed system to prevent unauthorized data transmission to unknown IP addresses for an organization 14

15 TrustVault ™ Certificate The Vendor Safe Guarantee:  Covers up to $100,000 in Direct Expenses Relating to a Data Breach including: Mandatory Security Audit Card Replacement Fees Fines and Penalties, ex. VISA  Covers Electronic Data Breach at Every Franchisee Location 15

16 PCI Solution Validation Web Portal Services:  Self Assessment Questionnaire  SAQuick™ Questionnaire  On-Line Access to Compliance Status  Quarterly Vulnerability Scanning  Schedule scans automatically  Print out vulnerability reports  ASV on record 403-Labs  Report Generator  Real-time Report Generator  Print SAQ and Scan reports PCI Compliance Reporting Services 16

17 Questions David Bones dbones@vedorsafe.com 210-412-4756 17

Download ppt "PCI DSS Managed Service Solution October 18, 2011."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
PCI DSS for Retail Industry

PCI DSS for Retail Industry
MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.

PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Similar presentations

Ads by Google