Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

Published byStewart Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009."— Presentation transcript:

1 Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009

2 Medical University of South Carolina Melissa Smith, MBA Director of Accounting Operations smimel@musc.edu 843-792-9138 Dave Moses, MBA, CISA, PMP, CPHIMS Manager, IT Audit mosesdav@musc.edu 843-792-1309

3 OVERVIEW Red Flags Rule Red Flags Rule PCI (Payment Card Industry) Compliance PCI (Payment Card Industry) Compliance Risks of Non-compliance Risks of Non-compliance Compliance approach Compliance approach Important Websites Important Websites

4 STANDARD DEFINITIONS The Red Flags Rules – issued by Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) to ensure that financial institutions and creditors develop and implement written identity theft prevention programs as part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) The Red Flags Rules – issued by Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) to ensure that financial institutions and creditors develop and implement written identity theft prevention programs as part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) Programs must be in place to provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. Programs must be in place to provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

5 STANDARD DEFINITIONS Red Flags Rules – Update – from the FTC website – Released 10/30/09 Red Flags Rules – Update – from the FTC website – Released 10/30/09 “At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.” “At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.”

6 STANDARD DEFINITIONS PCI – Payment Card Industry PCI – Payment Card Industry DSS – Data Security Standards DSS – Data Security Standards PCI SSC- PCI Security Standards Council PCI SSC- PCI Security Standards Council The PCI SSC sets the standards for cardholder data protection The PCI SSC sets the standards for cardholder data protection The founding members of the PCI SSC are responsible for enforcement of the standards. The founding members of the PCI SSC are responsible for enforcement of the standards. MasterCard Worldwide, Visa Inc., American Express, JCB International, and Discover Financial Services MasterCard Worldwide, Visa Inc., American Express, JCB International, and Discover Financial Services

7 STANDARD DEFINITIONS Who must comply with PCI DSS? Who must comply with PCI DSS? Any merchant that accepts or processes payment cards Any merchant that accepts or processes payment cards Everyone! Everyone!

8

9 RISKS …to the Enterprise –Lost productivity –Reputation –Fines –Notification expenses –Loss of ability to accept payment cards for services rendered (i.e. credit/debit cards, etc.)

10 COMPLIANCE APPROACH Compliance with both the Red Flags and PCI Compliance require the following: Compliance with both the Red Flags and PCI Compliance require the following: –review and understanding of requirements –Enterprise policies and procedures

11 COMPLIANCE APPROACH Red Flags Rules Red Flags Rules –The FTC has created a How-To Guide for navigating the Red Flags Rule and setting a compliance program. Below is a recap of the information in the How-To Guide: 1. Create policies and procedures that help identify the “red flags” in your normal business operations. 2. Design a program that helps detect the “red flags” you have identified. 3. Create procedures that will be taken when “red flags” are detected. 4. Set up a re-evaluation system for your “red flags” program. 4. Set up a re-evaluation system for your “red flags” program.

12 COMPLIANCE APPROACH PCI Compliance PCI Compliance –Review PCI DSS Requirements – from the PCI Quick Reference Guide –Create inventory of payment card processing that is being completed on your campus.

13 COMPLIANCE APPROACH –Develop preliminary budget and resource estimates for compliance –Develop detailed plan for initial compliance –Develop plan for maintaining compliance and on-going training for users

14 COMPLIANCE APPROACH –Develop policies and procedures for payment card acceptance –Train all users on the importance of data security –Remember that PCI Compliance is a continuous process – Assess, Remediate, Report

15 WEBSITES Federal Trade Commission – Fair Credit Reporting – Major Links - you can find the How-To Guide for Red Flags Rules on this website http://www.ftc.gov/os/statutes/fcrajump.shtm PCI Security Standards Council website https://www.pcisecuritystandards.org/ PCI Security Standards Council Quick Reference Guide https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide. pdf https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide. pdf

16 WEBSITES Treasury Institute for Higher Education – there is a PCI DSS blog on this site and other helpful information http://www.treasuryinstitute.org/ Listing of breaches for 2009 http://www.identitytheft.info/breaches09.aspx

17 QUESTIONS Thank you for attending our session! Thank you for attending our session!

Download ppt "Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009."

Similar presentations

ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program

WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.

1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May 25. 2010 Chris Apgar, CISSP President, Apgar & Associates,

1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May Chris Apgar, CISSP President, Apgar & Associates,
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Red Flags Rule & Municipal Utilities

Red Flags Rule & Municipal Utilities

Similar presentations

Ads by Google