Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Published byHarold Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009."— Presentation transcript:

1 Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009

2 Presentation Overview Why Should I Care? Safety in “Numbers” PCI – What is This? PCI “Digital Dozen” – Does it Make a Difference? Legislation – Uncle Sam and Friends are Here to Help Future Steps I’ve Been Breached, What Happens Next?

3 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Why Should I Care? Do you have insurance for identifiable business risks? Is it challenging to attract new and retain existing customers? Are credit or debit cards are meaningful percentage of your payment tender types? Do you want to focus your resources on growing your business or possibly seeking out your customers to notify them that they payment card information has been compromised? Do you believe negative events at your company can impact your brand?

4 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Safety in Numbers? Not so much … 2004 – BJ’s Wholesale 2005 – Designer Shoe Warehouse (DSW) 2007 – TJ Maxx, OfficeMax, Dave & Busters, 7- 11 2008 – Hannaford Brothers Grocery Dec 2007 to March 2008 – 4 million cards 1,800 fraudulent charges made – 21 civil claims 2009 – Heartland Payment Systems Fall 2008 to January 2009 - to date $12.5 million in fines.

5 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards According to a report released August 17, 2009 by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute's 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident.reportcost

6 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards PCI – What is This? Collaborative based approach by major card brands: Visa, MasterCard, Discover, Amex, JCB to address card industry data security on a proactive and unified approach.

7 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards PCI “Digital Dozen” – Does it Make a Difference? Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across public networks

8 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to data by business need to know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data

9 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Regularly Monitor and Test Networks 10.Track and monitor all access to network resources and cardholder data. 11.Regularly test security systems and processes. Maintain an Information Security Policy 12. Maintain a policy that addresses information security.

10 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards To become compliant what does a company need to do? 1.Complete a Self Assessment Questionnaire (SAQ) 2.Complete a network vulnerability scan if you have a external connection. 3.On site PCI audit if you are a large card transacting merchant.

11 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Does PCI - the Digital Dozen make a difference? Merchant awareness : Merchant action: Post breach forensic findings:

12 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Legislation – Uncle Sam and Friends are Here to Help You. 2009 Legislation 2008 and prior legislation

13 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards Likely Future Industry Steps Credit card processors will really expect compliance Solutions for non-access storage End to end encryption

14 SAMPLE TEXT © FIRST NATIONAL BANK Data Security and Payment Cards I’ve Been Breached, What Do I Do? 1. Immediately contain and limit the exposure. Prevent further loss of data by conducting a thorough investigation of the suspected or confirmed compromise of information. Preserve evidence and help facilitate the investigation. 2. Alert all necessary parties immediately. : –Your internal information security group and incident response team. –Your merchant bank. –Your local office of the United States Secret Service. 3. Provide all compromised payment card accounts to your merchant bank within 10 business days. The payment brands will distribute the compromised account numbers to Issuers and ensure the confidentiality of entity and non-public information

15 Contact information: Brian Ridder Senior Vice President First National Merchant Solutions bridder@fnni.com 402-633-1875

Download ppt "Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google