SlideShare uma empresa Scribd logo

PCI DSS: Why it matters

Internet Security Auditors
Internet Security Auditors

Presentación de Steve Wilson de VISA sobre la visión de esta marca del porqué de contemplar la implantación de PCI DSS dentro de la empresa y los beneficios que aporta su implantación.

TecnologiaNegócios
1 de 20
Baixar para ler offline
For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities PCI DSS – Why it matters Steve Wilson Head of Information Security Compliance Visa Europe Madrid 7 November 2007
Presentation Identifier.2Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 2PCI DSS – Why it matters For Visa Internal Use Only What is PCI DSS ? • ‘Common sense’ approach to data security • Closely linked to other standards • BS 7799 • ISO 27001 • Sarbannes Oxley etc • Focussed on card data • Owned and managed by PCI SSC (independent of the card schemes) • Any organisation can become a participant
For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Why is PCI DSS important ?
Presentation Identifier.4Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 4PCI DSS – Why it matters For Visa Internal Use Only A simple equation Data = identity = money
Presentation Identifier.5Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 5PCI DSS – Why it matters For Visa Internal Use Only A Visa card… Card number Expiry date
Presentation Identifier.6Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 6PCI DSS – Why it matters For Visa Internal Use Only A Visa card…(cont.) CVV2 The card account number, plus a three-digit Card Verification Value 2 (CVV2) is indent-printed on the signature panel Magnetic Stripe made up of “Track 1” and “Track 2” data Track data and CVV2 should never be stored after authorisation
Presentation Identifier.7Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 7PCI DSS – Why it matters For Visa Internal Use Only Card data is retained by companies for 3 weeks or longer after authorisation Reasons given include: – Marketing purposes – As a unique customer identifier – Fraud analysis – Customer profiling
Presentation Identifier.8Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 8PCI DSS – Why it matters For Visa Internal Use Only Data security and your brand -How much would your brand be worth if you lose your consumers trust? -Would your consumers stay with you? -Would your shareholders stay with you?
Presentation Identifier.9Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 9PCI DSS – Why it matters For Visa Internal Use Only Your brand needs security! -Compromises do happen everyday, everywhere -In the consumer’s view, consumers, card schemes and merchants share responsibility for protecting their card data ¹Source: Javelin Strategy and Research 2007 Yet… 63% of consumers views merchants as the weakest link when it comes to protecting their data…¹
Presentation Identifier.10Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 10PCI DSS – Why it matters For Visa Internal Use Only Merchants as the weakest link
Presentation Identifier.11Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 11PCI DSS – Why it matters For Visa Internal Use Only Consumer confidence seriously impacted by a data breach In the case of a breach…. 49% of consumers believe merchants to be the most likely source of the data breach 3 out of 4 consumers won’t shop again at a compromised merchant Investing in PCI DSS should be part of your consumer retention plans
Presentation Identifier.12Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 12PCI DSS – Why it matters For Visa Internal Use Only Media and regulators are watching us… -National and European Government are showing increasing interest in the area of account information security • The European Commission is considering legislation on the duty to notify (suspicion of breach and actual compromise) – already adopted in California, Minnesota and Texas -Media increasingly questioning industry compliance and progress…..
Presentation Identifier.13Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 13PCI DSS – Why it matters For Visa Internal Use Only Security and your corporate social responsibility strategy 84% of consumers want to shop at merchants who are security market leaders A secure merchant secures consumers trust! Can you retain your shareholders if you lose your customers?
Presentation Identifier.14Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 14PCI DSS – Why it matters For Visa Internal Use Only Security/IT benefits A socially responsible merchant is fully aware of how its systems work and what it is doing to protect card data in their possession PCI DSS makes you aware of issues; -This enables you to fix them -This works towards protecting consumers and shareholders trust in your brand
Presentation Identifier.15Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 15PCI DSS – Why it matters For Visa Internal Use Only Financial benefits -The sheer financial cost of a compromise may prove hard to bear -Large retailers indicate that their business case for investing in PCI DSS is based on the potential financial cost of reacting to a data breach
Presentation Identifier.16Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 16PCI DSS – Why it matters For Visa Internal Use Only Costing the reaction to a data breach = € 10,000,000¹ +Hiring security firms to contain the compromise +Replacing systems +Increased customer service costs +Actual costs of internal investigations +Outside legal defence fees +Discounted services offered +Lost employee productivity +Financial hit from lost customers ¹Figure is based on the average cost of containing a compromise based on research by the Ponemon Institute
Presentation Identifier.17Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 17PCI DSS – Why it matters For Visa Internal Use Only Some Tips from Large Merchants in Europe and US Sr. management sponsorship is mandatory • Assign dedicated people • PCI DSS is as much about people and business processes as it is systems • Map and document your business processes – Trace cardholder from point of sale to billing and settlement. – Map systems, applications and databases that support these processes – Re-engineer processes to remove duplicate or unnecessary data • Reduce the scope as much as possible – Segment cardholder data network from rest of network – If you don’t need it, don’t store it! • Engage a QSA early on in the project
Presentation Identifier.18Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 18PCI DSS – Why it matters For Visa Internal Use Only Considerations -We need to reduce our information footprint -We need to rethink ways of achieving the same marketing ad fraud objectives without storing data unnecessarily -We need to prioritise the removal of magstripe and card verification data
Presentation Identifier.19Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 19PCI DSS – Why it matters For Visa Internal Use Only Support from Visa Europe Collateral available from Visa Europe website http://www.visaeurope.com/aboutvisa/security/ais/main.jsp • Merchant implementation guides -Service Provider guides • Available in English, French, Spanish, German, Italian • List of certified Service Providers • Work with Acquiring banks to provide • Merchant training • Guidance on specific issues
For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Thank you

Recomendados

Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.CA Priyadarshan Behera
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Blackbaud Pacific
 
Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Donald E. Hester
 
Hatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewHatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewSilvano Stagni
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarIdan Tohami
 
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Idan Tohami
 
Chapter 10 aml technologies
Chapter 10 aml technologiesChapter 10 aml technologies
Chapter 10 aml technologiesQuan Risk
 

Recomendados

Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.CA Priyadarshan Behera
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Blackbaud Pacific
 
Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Donald E. Hester
 
Hatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewHatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewSilvano Stagni
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarIdan Tohami
 
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Idan Tohami
 
Chapter 10 aml technologies
Chapter 10 aml technologiesChapter 10 aml technologies
Chapter 10 aml technologiesQuan Risk
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019 Mutual Trust Bank Ltd.
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and MythsBluePayProcessing
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...The Harvey Company Insurance Services
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small BusinessMark Ginnebaugh
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1leon bonilla
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. VisaInternet Security Auditors
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoInternet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaInternet Security Auditors
 

Mais conteúdo relacionado

Semelhante a PCI DSS: Why it matters

PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...The Harvey Company Insurance Services
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small BusinessMark Ginnebaugh
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 

Semelhante a PCI DSS: Why it matters (20)

MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS Slidecast
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and Myths
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. Visa
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for Dummies
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePay
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci compliance
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final project
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 

Mais de Internet Security Auditors

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoInternet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaInternet Security Auditors
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Internet Security Auditors
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsInternet Security Auditors
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosInternet Security Auditors
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOInternet Security Auditors
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaInternet Security Auditors
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)Internet Security Auditors
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?Internet Security Auditors
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCIInternet Security Auditors
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesInternet Security Auditors
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Internet Security Auditors
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...Internet Security Auditors
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidInternet Security Auditors
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.Internet Security Auditors
 

Mais de Internet Security Auditors (20)

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimiento
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional Datos
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPO
 
PCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del CumplimientoPCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del Cumplimiento
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
 
CIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINTCIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINT
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 

Último

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

PCI DSS: Why it matters

  • 1. For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities PCI DSS – Why it matters Steve Wilson Head of Information Security Compliance Visa Europe Madrid 7 November 2007
  • 2. Presentation Identifier.2Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 2PCI DSS – Why it matters For Visa Internal Use Only What is PCI DSS ? • ‘Common sense’ approach to data security • Closely linked to other standards • BS 7799 • ISO 27001 • Sarbannes Oxley etc • Focussed on card data • Owned and managed by PCI SSC (independent of the card schemes) • Any organisation can become a participant
  • 3. For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Why is PCI DSS important ?
  • 4. Presentation Identifier.4Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 4PCI DSS – Why it matters For Visa Internal Use Only A simple equation Data = identity = money
  • 5. Presentation Identifier.5Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 5PCI DSS – Why it matters For Visa Internal Use Only A Visa card… Card number Expiry date
  • 6. Presentation Identifier.6Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 6PCI DSS – Why it matters For Visa Internal Use Only A Visa card…(cont.) CVV2 The card account number, plus a three-digit Card Verification Value 2 (CVV2) is indent-printed on the signature panel Magnetic Stripe made up of “Track 1” and “Track 2” data Track data and CVV2 should never be stored after authorisation
  • 7. Presentation Identifier.7Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 7PCI DSS – Why it matters For Visa Internal Use Only Card data is retained by companies for 3 weeks or longer after authorisation Reasons given include: – Marketing purposes – As a unique customer identifier – Fraud analysis – Customer profiling
  • 8. Presentation Identifier.8Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 8PCI DSS – Why it matters For Visa Internal Use Only Data security and your brand -How much would your brand be worth if you lose your consumers trust? -Would your consumers stay with you? -Would your shareholders stay with you?
  • 9. Presentation Identifier.9Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 9PCI DSS – Why it matters For Visa Internal Use Only Your brand needs security! -Compromises do happen everyday, everywhere -In the consumer’s view, consumers, card schemes and merchants share responsibility for protecting their card data ¹Source: Javelin Strategy and Research 2007 Yet… 63% of consumers views merchants as the weakest link when it comes to protecting their data…¹
  • 10. Presentation Identifier.10Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 10PCI DSS – Why it matters For Visa Internal Use Only Merchants as the weakest link
  • 11. Presentation Identifier.11Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 11PCI DSS – Why it matters For Visa Internal Use Only Consumer confidence seriously impacted by a data breach In the case of a breach…. 49% of consumers believe merchants to be the most likely source of the data breach 3 out of 4 consumers won’t shop again at a compromised merchant Investing in PCI DSS should be part of your consumer retention plans
  • 12. Presentation Identifier.12Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 12PCI DSS – Why it matters For Visa Internal Use Only Media and regulators are watching us… -National and European Government are showing increasing interest in the area of account information security • The European Commission is considering legislation on the duty to notify (suspicion of breach and actual compromise) – already adopted in California, Minnesota and Texas -Media increasingly questioning industry compliance and progress…..
  • 13. Presentation Identifier.13Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 13PCI DSS – Why it matters For Visa Internal Use Only Security and your corporate social responsibility strategy 84% of consumers want to shop at merchants who are security market leaders A secure merchant secures consumers trust! Can you retain your shareholders if you lose your customers?
  • 14. Presentation Identifier.14Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 14PCI DSS – Why it matters For Visa Internal Use Only Security/IT benefits A socially responsible merchant is fully aware of how its systems work and what it is doing to protect card data in their possession PCI DSS makes you aware of issues; -This enables you to fix them -This works towards protecting consumers and shareholders trust in your brand
  • 15. Presentation Identifier.15Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 15PCI DSS – Why it matters For Visa Internal Use Only Financial benefits -The sheer financial cost of a compromise may prove hard to bear -Large retailers indicate that their business case for investing in PCI DSS is based on the potential financial cost of reacting to a data breach
  • 16. Presentation Identifier.16Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 16PCI DSS – Why it matters For Visa Internal Use Only Costing the reaction to a data breach = € 10,000,000¹ +Hiring security firms to contain the compromise +Replacing systems +Increased customer service costs +Actual costs of internal investigations +Outside legal defence fees +Discounted services offered +Lost employee productivity +Financial hit from lost customers ¹Figure is based on the average cost of containing a compromise based on research by the Ponemon Institute
  • 17. Presentation Identifier.17Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 17PCI DSS – Why it matters For Visa Internal Use Only Some Tips from Large Merchants in Europe and US Sr. management sponsorship is mandatory • Assign dedicated people • PCI DSS is as much about people and business processes as it is systems • Map and document your business processes – Trace cardholder from point of sale to billing and settlement. – Map systems, applications and databases that support these processes – Re-engineer processes to remove duplicate or unnecessary data • Reduce the scope as much as possible – Segment cardholder data network from rest of network – If you don’t need it, don’t store it! • Engage a QSA early on in the project
  • 18. Presentation Identifier.18Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 18PCI DSS – Why it matters For Visa Internal Use Only Considerations -We need to reduce our information footprint -We need to rethink ways of achieving the same marketing ad fraud objectives without storing data unnecessarily -We need to prioritise the removal of magstripe and card verification data
  • 19. Presentation Identifier.19Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 19PCI DSS – Why it matters For Visa Internal Use Only Support from Visa Europe Collateral available from Visa Europe website http://www.visaeurope.com/aboutvisa/security/ais/main.jsp • Merchant implementation guides -Service Provider guides • Available in English, French, Spanish, German, Italian • List of certified Service Providers • Work with Acquiring banks to provide • Merchant training • Guidance on specific issues
  • 20. For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Thank you