SlideShare uma empresa Scribd logo

PCI DSS: Why it matters

Internet Security Auditors
Internet Security Auditors

Presentación de Steve Wilson de VISA sobre la visión de esta marca del porqué de contemplar la implantación de PCI DSS dentro de la empresa y los beneficios que aporta su implantación.

TecnologiaNegócios
1 de 20
Baixar para ler offline
For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities PCI DSS – Why it matters Steve Wilson Head of Information Security Compliance Visa Europe Madrid 7 November 2007
Presentation Identifier.2Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 2PCI DSS – Why it matters For Visa Internal Use Only What is PCI DSS ? • ‘Common sense’ approach to data security • Closely linked to other standards • BS 7799 • ISO 27001 • Sarbannes Oxley etc • Focussed on card data • Owned and managed by PCI SSC (independent of the card schemes) • Any organisation can become a participant
For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Why is PCI DSS important ?
Presentation Identifier.4Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 4PCI DSS – Why it matters For Visa Internal Use Only A simple equation Data = identity = money
Presentation Identifier.5Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 5PCI DSS – Why it matters For Visa Internal Use Only A Visa card… Card number Expiry date
Presentation Identifier.6Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 6PCI DSS – Why it matters For Visa Internal Use Only A Visa card…(cont.) CVV2 The card account number, plus a three-digit Card Verification Value 2 (CVV2) is indent-printed on the signature panel Magnetic Stripe made up of “Track 1” and “Track 2” data Track data and CVV2 should never be stored after authorisation
Presentation Identifier.7Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 7PCI DSS – Why it matters For Visa Internal Use Only Card data is retained by companies for 3 weeks or longer after authorisation Reasons given include: – Marketing purposes – As a unique customer identifier – Fraud analysis – Customer profiling
Presentation Identifier.8Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 8PCI DSS – Why it matters For Visa Internal Use Only Data security and your brand -How much would your brand be worth if you lose your consumers trust? -Would your consumers stay with you? -Would your shareholders stay with you?
Presentation Identifier.9Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 9PCI DSS – Why it matters For Visa Internal Use Only Your brand needs security! -Compromises do happen everyday, everywhere -In the consumer’s view, consumers, card schemes and merchants share responsibility for protecting their card data ¹Source: Javelin Strategy and Research 2007 Yet… 63% of consumers views merchants as the weakest link when it comes to protecting their data…¹
Presentation Identifier.10Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 10PCI DSS – Why it matters For Visa Internal Use Only Merchants as the weakest link
Presentation Identifier.11Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 11PCI DSS – Why it matters For Visa Internal Use Only Consumer confidence seriously impacted by a data breach In the case of a breach…. 49% of consumers believe merchants to be the most likely source of the data breach 3 out of 4 consumers won’t shop again at a compromised merchant Investing in PCI DSS should be part of your consumer retention plans
Presentation Identifier.12Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 12PCI DSS – Why it matters For Visa Internal Use Only Media and regulators are watching us… -National and European Government are showing increasing interest in the area of account information security • The European Commission is considering legislation on the duty to notify (suspicion of breach and actual compromise) – already adopted in California, Minnesota and Texas -Media increasingly questioning industry compliance and progress…..
Presentation Identifier.13Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 13PCI DSS – Why it matters For Visa Internal Use Only Security and your corporate social responsibility strategy 84% of consumers want to shop at merchants who are security market leaders A secure merchant secures consumers trust! Can you retain your shareholders if you lose your customers?
Presentation Identifier.14Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 14PCI DSS – Why it matters For Visa Internal Use Only Security/IT benefits A socially responsible merchant is fully aware of how its systems work and what it is doing to protect card data in their possession PCI DSS makes you aware of issues; -This enables you to fix them -This works towards protecting consumers and shareholders trust in your brand
Presentation Identifier.15Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 15PCI DSS – Why it matters For Visa Internal Use Only Financial benefits -The sheer financial cost of a compromise may prove hard to bear -Large retailers indicate that their business case for investing in PCI DSS is based on the potential financial cost of reacting to a data breach
Presentation Identifier.16Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 16PCI DSS – Why it matters For Visa Internal Use Only Costing the reaction to a data breach = € 10,000,000¹ +Hiring security firms to contain the compromise +Replacing systems +Increased customer service costs +Actual costs of internal investigations +Outside legal defence fees +Discounted services offered +Lost employee productivity +Financial hit from lost customers ¹Figure is based on the average cost of containing a compromise based on research by the Ponemon Institute
Presentation Identifier.17Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 17PCI DSS – Why it matters For Visa Internal Use Only Some Tips from Large Merchants in Europe and US Sr. management sponsorship is mandatory • Assign dedicated people • PCI DSS is as much about people and business processes as it is systems • Map and document your business processes – Trace cardholder from point of sale to billing and settlement. – Map systems, applications and databases that support these processes – Re-engineer processes to remove duplicate or unnecessary data • Reduce the scope as much as possible – Segment cardholder data network from rest of network – If you don’t need it, don’t store it! • Engage a QSA early on in the project
Presentation Identifier.18Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 18PCI DSS – Why it matters For Visa Internal Use Only Considerations -We need to reduce our information footprint -We need to rethink ways of achieving the same marketing ad fraud objectives without storing data unnecessarily -We need to prioritise the removal of magstripe and card verification data
Presentation Identifier.19Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 19PCI DSS – Why it matters For Visa Internal Use Only Support from Visa Europe Collateral available from Visa Europe website http://www.visaeurope.com/aboutvisa/security/ais/main.jsp • Merchant implementation guides -Service Provider guides • Available in English, French, Spanish, German, Italian • List of certified Service Providers • Work with Acquiring banks to provide • Merchant training • Guidance on specific issues
For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Thank you

Recomendados

Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.CA Priyadarshan Behera
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Blackbaud Pacific
 
Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Donald E. Hester
 
Hatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewHatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewSilvano Stagni
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarIdan Tohami
 
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Idan Tohami
 
Chapter 10 aml technologies
Chapter 10 aml technologiesChapter 10 aml technologies
Chapter 10 aml technologiesQuan Risk
 

Recomendados

Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.CA Priyadarshan Behera
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’...Blackbaud Pacific
 
Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Payment Card Industry Introduction CMTA APR 2010
Payment Card Industry Introduction CMTA APR 2010Donald E. Hester
 
Hatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewHatstand Snaphot - Extraterritorial Reach of the MiFID Review
Hatstand Snaphot - Extraterritorial Reach of the MiFID ReviewSilvano Stagni
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarIdan Tohami
 
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Fina...Idan Tohami
 
Chapter 10 aml technologies
Chapter 10 aml technologiesChapter 10 aml technologies
Chapter 10 aml technologiesQuan Risk
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019 Mutual Trust Bank Ltd.
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and MythsBluePayProcessing
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...The Harvey Company Insurance Services
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small BusinessMark Ginnebaugh
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1leon bonilla
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. VisaInternet Security Auditors
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoInternet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaInternet Security Auditors
 

Mais conteúdo relacionado

Semelhante a PCI DSS: Why it matters

PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...The Harvey Company Insurance Services
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small BusinessMark Ginnebaugh
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 

Semelhante a PCI DSS: Why it matters (20)

MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS Slidecast
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and Myths
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. Visa
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for Dummies
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePay
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci compliance
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final project
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 

Mais de Internet Security Auditors

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoInternet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaInternet Security Auditors
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Internet Security Auditors
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsInternet Security Auditors
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosInternet Security Auditors
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOInternet Security Auditors
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaInternet Security Auditors
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)Internet Security Auditors
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?Internet Security Auditors
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCIInternet Security Auditors
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesInternet Security Auditors
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Internet Security Auditors
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...Internet Security Auditors
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidInternet Security Auditors
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.Internet Security Auditors
 

Mais de Internet Security Auditors (20)

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimiento
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional Datos
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPO
 
PCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del CumplimientoPCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del Cumplimiento
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
 
RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?RootedCon 2017 - Workshop: IoT Insecurity of Things?
RootedCon 2017 - Workshop: IoT Insecurity of Things?
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
 
CIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINTCIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINT
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

PCI DSS: Why it matters

  • 1. For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities PCI DSS – Why it matters Steve Wilson Head of Information Security Compliance Visa Europe Madrid 7 November 2007
  • 2. Presentation Identifier.2Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 2PCI DSS – Why it matters For Visa Internal Use Only What is PCI DSS ? • ‘Common sense’ approach to data security • Closely linked to other standards • BS 7799 • ISO 27001 • Sarbannes Oxley etc • Focussed on card data • Owned and managed by PCI SSC (independent of the card schemes) • Any organisation can become a participant
  • 3. For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Why is PCI DSS important ?
  • 4. Presentation Identifier.4Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 4PCI DSS – Why it matters For Visa Internal Use Only A simple equation Data = identity = money
  • 5. Presentation Identifier.5Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 5PCI DSS – Why it matters For Visa Internal Use Only A Visa card… Card number Expiry date
  • 6. Presentation Identifier.6Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 6PCI DSS – Why it matters For Visa Internal Use Only A Visa card…(cont.) CVV2 The card account number, plus a three-digit Card Verification Value 2 (CVV2) is indent-printed on the signature panel Magnetic Stripe made up of “Track 1” and “Track 2” data Track data and CVV2 should never be stored after authorisation
  • 7. Presentation Identifier.7Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 7PCI DSS – Why it matters For Visa Internal Use Only Card data is retained by companies for 3 weeks or longer after authorisation Reasons given include: – Marketing purposes – As a unique customer identifier – Fraud analysis – Customer profiling
  • 8. Presentation Identifier.8Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 8PCI DSS – Why it matters For Visa Internal Use Only Data security and your brand -How much would your brand be worth if you lose your consumers trust? -Would your consumers stay with you? -Would your shareholders stay with you?
  • 9. Presentation Identifier.9Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 9PCI DSS – Why it matters For Visa Internal Use Only Your brand needs security! -Compromises do happen everyday, everywhere -In the consumer’s view, consumers, card schemes and merchants share responsibility for protecting their card data ¹Source: Javelin Strategy and Research 2007 Yet… 63% of consumers views merchants as the weakest link when it comes to protecting their data…¹
  • 10. Presentation Identifier.10Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 10PCI DSS – Why it matters For Visa Internal Use Only Merchants as the weakest link
  • 11. Presentation Identifier.11Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 11PCI DSS – Why it matters For Visa Internal Use Only Consumer confidence seriously impacted by a data breach In the case of a breach…. 49% of consumers believe merchants to be the most likely source of the data breach 3 out of 4 consumers won’t shop again at a compromised merchant Investing in PCI DSS should be part of your consumer retention plans
  • 12. Presentation Identifier.12Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 12PCI DSS – Why it matters For Visa Internal Use Only Media and regulators are watching us… -National and European Government are showing increasing interest in the area of account information security • The European Commission is considering legislation on the duty to notify (suspicion of breach and actual compromise) – already adopted in California, Minnesota and Texas -Media increasingly questioning industry compliance and progress…..
  • 13. Presentation Identifier.13Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 13PCI DSS – Why it matters For Visa Internal Use Only Security and your corporate social responsibility strategy 84% of consumers want to shop at merchants who are security market leaders A secure merchant secures consumers trust! Can you retain your shareholders if you lose your customers?
  • 14. Presentation Identifier.14Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 14PCI DSS – Why it matters For Visa Internal Use Only Security/IT benefits A socially responsible merchant is fully aware of how its systems work and what it is doing to protect card data in their possession PCI DSS makes you aware of issues; -This enables you to fix them -This works towards protecting consumers and shareholders trust in your brand
  • 15. Presentation Identifier.15Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 15PCI DSS – Why it matters For Visa Internal Use Only Financial benefits -The sheer financial cost of a compromise may prove hard to bear -Large retailers indicate that their business case for investing in PCI DSS is based on the potential financial cost of reacting to a data breach
  • 16. Presentation Identifier.16Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 16PCI DSS – Why it matters For Visa Internal Use Only Costing the reaction to a data breach = € 10,000,000¹ +Hiring security firms to contain the compromise +Replacing systems +Increased customer service costs +Actual costs of internal investigations +Outside legal defence fees +Discounted services offered +Lost employee productivity +Financial hit from lost customers ¹Figure is based on the average cost of containing a compromise based on research by the Ponemon Institute
  • 17. Presentation Identifier.17Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 17PCI DSS – Why it matters For Visa Internal Use Only Some Tips from Large Merchants in Europe and US Sr. management sponsorship is mandatory • Assign dedicated people • PCI DSS is as much about people and business processes as it is systems • Map and document your business processes – Trace cardholder from point of sale to billing and settlement. – Map systems, applications and databases that support these processes – Re-engineer processes to remove duplicate or unnecessary data • Reduce the scope as much as possible – Segment cardholder data network from rest of network – If you don’t need it, don’t store it! • Engage a QSA early on in the project
  • 18. Presentation Identifier.18Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 18PCI DSS – Why it matters For Visa Internal Use Only Considerations -We need to reduce our information footprint -We need to rethink ways of achieving the same marketing ad fraud objectives without storing data unnecessarily -We need to prioritise the removal of magstripe and card verification data
  • 19. Presentation Identifier.19Information Classification as NeededThis information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities 19PCI DSS – Why it matters For Visa Internal Use Only Support from Visa Europe Collateral available from Visa Europe website http://www.visaeurope.com/aboutvisa/security/ais/main.jsp • Merchant implementation guides -Service Provider guides • Available in English, French, Spanish, German, Italian • List of certified Service Providers • Work with Acquiring banks to provide • Merchant training • Guidance on specific issues
  • 20. For Visa Internal Use Only This information is not intended, and should not be construed, as an offer to sell, or as a solicitation of an offer to purchase, any securities Thank you