Enviar pesquisa
Carregar
Protecting Customer Data An Essential Part Of Doing Business Wp101174
•
1 gostou
•
289 visualizações
E
Erik Ginalick
Seguir
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 5
Baixar agora
Baixar para ler offline
Recomendados
Rogerio sepuveda 14 00
Rogerio sepuveda 14 00
forumsustentar
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
Information Security Awareness Group
Global scenarios 2014
Global scenarios 2014
Иван Глебов
sfsa
sfsa
thinkingeurope2011
Ip3 powerpoint 97 2003
Ip3 powerpoint 97 2003
Deborah Swartzentruber
High speed downlink packet access
High speed downlink packet access
Pankaj Khodifad
Closing The Clinical It Chasm Wp101198
Closing The Clinical It Chasm Wp101198
Erik Ginalick
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
Recomendados
Rogerio sepuveda 14 00
Rogerio sepuveda 14 00
forumsustentar
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
Information Security Awareness Group
Global scenarios 2014
Global scenarios 2014
Иван Глебов
sfsa
sfsa
thinkingeurope2011
Ip3 powerpoint 97 2003
Ip3 powerpoint 97 2003
Deborah Swartzentruber
High speed downlink packet access
High speed downlink packet access
Pankaj Khodifad
Closing The Clinical It Chasm Wp101198
Closing The Clinical It Chasm Wp101198
Erik Ginalick
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Erik Ginalick
Inspiratinal quate
Inspiratinal quate
Pankaj Khodifad
Clock distribution in high speed board
Clock distribution in high speed board
Pankaj Khodifad
Wireless network in aircraft
Wireless network in aircraft
Pankaj Khodifad
Terminaters
Terminaters
Pankaj Khodifad
Saha lecture updated1
Saha lecture updated1
Nomun Bukh-Ochir
slideOLOGY 2.0
slideOLOGY 2.0
Matt Schreier
Term Paper on Fiber Optic Sensors
Term Paper on Fiber Optic Sensors
Pankaj Khodifad
Operational Excellence - The Digital Way
Operational Excellence - The Digital Way
GE Intelligent Platforms
Slide-OLOGY
Slide-OLOGY
Matt Schreier
Tyler objective model group presentation
Tyler objective model group presentation
Jordan Adinit
RAM and ROM Memory Overview
RAM and ROM Memory Overview
Pankaj Khodifad
Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Erik Ginalick
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Erik Ginalick
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Erik Ginalick
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Erik Ginalick
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Erik Ginalick
The Worry Free Network Wp091050
The Worry Free Network Wp091050
Erik Ginalick
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Erik Ginalick
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Erik Ginalick
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
Mais conteúdo relacionado
Destaque
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Erik Ginalick
Inspiratinal quate
Inspiratinal quate
Pankaj Khodifad
Clock distribution in high speed board
Clock distribution in high speed board
Pankaj Khodifad
Wireless network in aircraft
Wireless network in aircraft
Pankaj Khodifad
Terminaters
Terminaters
Pankaj Khodifad
Saha lecture updated1
Saha lecture updated1
Nomun Bukh-Ochir
slideOLOGY 2.0
slideOLOGY 2.0
Matt Schreier
Term Paper on Fiber Optic Sensors
Term Paper on Fiber Optic Sensors
Pankaj Khodifad
Operational Excellence - The Digital Way
Operational Excellence - The Digital Way
GE Intelligent Platforms
Slide-OLOGY
Slide-OLOGY
Matt Schreier
Tyler objective model group presentation
Tyler objective model group presentation
Jordan Adinit
RAM and ROM Memory Overview
RAM and ROM Memory Overview
Pankaj Khodifad
Destaque
(12)
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Inspiratinal quate
Inspiratinal quate
Clock distribution in high speed board
Clock distribution in high speed board
Wireless network in aircraft
Wireless network in aircraft
Terminaters
Terminaters
Saha lecture updated1
Saha lecture updated1
slideOLOGY 2.0
slideOLOGY 2.0
Term Paper on Fiber Optic Sensors
Term Paper on Fiber Optic Sensors
Operational Excellence - The Digital Way
Operational Excellence - The Digital Way
Slide-OLOGY
Slide-OLOGY
Tyler objective model group presentation
Tyler objective model group presentation
RAM and ROM Memory Overview
RAM and ROM Memory Overview
Mais de Erik Ginalick
Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Erik Ginalick
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Erik Ginalick
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Erik Ginalick
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Erik Ginalick
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Erik Ginalick
The Worry Free Network Wp091050
The Worry Free Network Wp091050
Erik Ginalick
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Erik Ginalick
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Erik Ginalick
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Erik Ginalick
Plan For Success White Paper
Plan For Success White Paper
Erik Ginalick
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Erik Ginalick
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
Erik Ginalick
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Erik Ginalick
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
Erik Ginalick
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Erik Ginalick
Finding The Right Cloud Solution Wp111455
Finding The Right Cloud Solution Wp111455
Erik Ginalick
Mais de Erik Ginalick
(20)
Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
The Worry Free Network Wp091050
The Worry Free Network Wp091050
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Plan For Success White Paper
Plan For Success White Paper
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Finding The Right Cloud Solution Wp111455
Finding The Right Cloud Solution Wp111455
Protecting Customer Data An Essential Part Of Doing Business Wp101174
1.
Protecting Customer Data:
An Essential Part of Doing Business What You Need to Know About Payment Card Industry Compliance Personally identifiable data is everywhere—and Payment Card Industry Compliance: everywhere at risk, especially when this data is kept on laptops and other mobile devices. Social security numbers A Security Mandate appear in employment and school applications, real estate To address this growing problem, the major payment transactions and medical records. Websites ask for user card systems, including Visa, MasterCard and American names and passwords to access content. Credit and debit Express, founded the Payment Card Industry (PCI) card information is transmitted over wired and wireless Security Standards Council and created the Data Security networks, from brick-and-mortar stores and online. Smaller Standard (DSS). Based on industry best practices, this set companies, which face particular constraints on time and of 12 comprehensive requirements includes measures resources, can be especially vulnerable. to prevent, detect and react to security incidents, and enhance the security of payment accounts. The goal is One notable area of concern is credit card data. And it’s to make it easier for any business to understand how to not just retailers who must be aware of the risks and the safeguard private data and stay ahead of threats to its required steps to prevent breaches. Anyone who transmits, business and its customers’ privacy. processes or stores payment card data is at risk—from stores and restaurants to doctor’s offices and auto repair shops. In fact, Visa estimates that approximately 85% of Why Does PCI Compliance data breaches occur at the small business level.1 Matter to You? Point-of-sale devices, personal computers or servers, • PCI compliance is not optional. It is an industry wireless networks, Web shopping applications, paper- mandate strictly enforced by the major payment card based and electronic data storage and unsecured brands based on the DSS. The DSS applies to transmission of cardholder data to service providers are all everyone who transmits, processes or stores payment vulnerable. On top of that, there may be vulnerabilities in card data—regardless of company size or how few the financial institutions that connect merchants and card card payments it may process. Card payment payment companies. companies require PCI compliance even if the business processes just a single payment. 1 http://www.bbb.org/data-security/intro-to-small-businesses/ ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. WP101174 07/11
2.
• Your company’s
reputation is on the line. When it For example, every time you add a new application or comes to a security breach, there is no such thing as device, you need to take precautions to ensure that it good publicity. Stolen data equals stolen trust, and meets security standards and is properly integrated with once lost, it may never be recovered. the rest of your system. A key vulnerability that many business owners may not even be aware of is improperly— • You could be personally liable. Simply put, you could or inadvertently—storing cardholder data. Contact your get sued if your customers’ information is stolen. POS provider to see what you’re storing on your system. Failing to meet security standards can subject you to potential gross negligence or class-action lawsuits. Ensure that the network is secure and available. Your signature on the application to become part of Because breaches can still occur after a company passes any payment card network means that you become its audit, you need to: liable if gross negligence can be shown. • Regularly test security systems and processes to make • Fines and penalties can be costly. If you do not sure they are up to date. Make changes if necessary. meet PCI compliance requirements, payment card companies may assess steep penalties—up to • Maintain an information security policy so all $500,000 per incident.1 They may even stop you employees are aware of the sensitivity of cardholder from handling credit and debit card payments. data and their responsibilities for protecting it. • It’s good business to be safe. Beyond legal obligations • Maintain a plan for responding to incidents. and financial considerations, network security and data protection are an essential part of doing business. Enforcement of PCI DSS Compliance By taking the proper steps to protect the privacy and data of your customers, clients or patients, you Compliance requirements depend on the number of credit establish trusting relationships and a positive brand card transactions that are processed per year, with more image. True, it costs money to comply. You must rigorous monitoring and testing required for businesses pay for infrastructure, technology and time. But just that handle more transactions. Businesses are also one security breach could cost much more. In short, required to demonstrate ongoing compliance through the cost of compliance is a cost of doing business. quarterly testing and an annual assessment. Any company may be audited, whether it processes thousands of transactions or just a few. How Can You Ensure PCI Compliance? Adhere to regulations. In addition to applicable federal Within the PCI Security Standards Council, each payment and state laws and regulations, businesses that process card company maintains its own compliance enforcement credit card payments have a responsibility to ensure that program. Businesses fall into one of four “merchant levels” they meet the PCI compliance requirements and stay up to with any card payment company, based on the number of date. At a minimum, you must: transactions with that company. • Install a firewall and anti-virus software. • Make sure patches are up to date. • Turn off remote access when not needed. • Change passwords often. • Stay informed about what is required to maintain compliance. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. WP101174 07/11
3.
Merchant Levels
In addition, all but the largest businesses (which must be assessed on-site) are required to complete a self- Level 1: Any merchant that suffered a breach that assessment questionnaire (SAQ) every year. The SAQ compromised its accounts and/or any merchant includes a series of yes-or-no questions, and “no” answers processing: must include a plan for fixing the problem. • More than 6 million Visa or MasterCard transactions/year Important Updates • And/or 2.5 million American Express The payment card companies issue new mandates as transactions/year necessary to help members maintain security as new threats evolve. Level 2: Any merchant processing: • As of April 1, 2010, Visa requires every merchant to be PCI-compliant before accepting Visa card • 1–6 million Visa or MasterCard transactions/year payments. • And/or 50,000–2.5 million American Express • MasterCard has redefined its merchant-level transactions/year categories and deadlines with stricter compliance validation procedures. Level 3: Any merchant processing: • 20,000–1 million Visa or MasterCard e-commerce PCI compliance is in everyone’s best interest—the transactions/year payment card company, the merchant or service provider and the consumer. However, it can be difficult for smaller • And/or fewer than 50,000 American Express businesses to keep up with new security threats and the transactions/year industry standards and practices created to address them. Level 4 (Visa and MasterCard only): All others, How CenturyLink Business Can Help estimated at more than 5 million businesses • Up to 20,000 Visa or MasterCard e-commerce CenturyLink Business facilitates compliance by giving transactions/year customers a single point of contact for all PCI-compliance needs. • Or up to 1 million Visa or MasterCard transactions/year in all channels Offering an ideal combination of local know-how and personalized service, CenturyLink can help you understand what’s required to achieve and maintain compliance—from The card payment companies require regular monitoring basics like installing a firewall and maintaining anti-virus and testing to ensure that each business remains software to identifying what’s stored on your system. We compliant with the DSS over time. For all levels, network can also help you stay up to date on new technologies and scans are required quarterly by an approved scan vendor responses to ever-changing threats, helping you to build an (ASV). ASVs are trained and qualified by the PCI Security effective long-term compliance strategy while making the Standards Council to perform the network and systems most of your internal resources. scans required by the DSS. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. WP101174 07/11
4.
Data Protection Solutions
from CenturyLink Business CenturyLink Business services include penetration testing, vulnerability assessments, remediation consulting, gap analysis, pre-audit assessments and more. Our solutions, customized to your needs, can help you: • Stop virus, spam and other dangers from reaching your business. • Securely transfer data to wherever it’s needed. • Provide reports for auditors and alerts to staff to optimize processes running over the network. • Provide mobile access to the Internet that offers secure access to your company network via optional VPN client. PCI Compliance Checklist Build and Maintain a Secure Network Implement Strong Access Control Measures 1. Install and maintain a firewall to protect 7. Restrict access to cardholder data by business cardholder data. need-to-know. 2. Do not use vendor-supplied defaults for 8. Assign a unique ID to each person with system passwords and other security settings. computer access. 9. Restrict physical access to cardholder data. Protect Cardholder Data 3. Protect stored cardholder data. Regularly Monitor and Test Networks 4. Encrypt transmission of cardholder data 10. Track and monitor all access to network across open, public networks. resources and cardholder data. 11. Regularly test security systems and processes. Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software. Maintain an Information Security Policy 6. Develop and maintain secure systems 12. Maintain a policy that addresses and applications. information security. ~From the PCI Data Security Standard Learn More > ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. WP101174 07/11
5.
Other Resources Better
Business Bureau, Data Security Made Simpler, 2010 View pdf > PCI Security Standards Council, Data Storage Dos and Don’ts, 2008 View pdf > PCI Security Standards Council, PCI Quick Reference Guide: Understanding the Payment Card Industry Data Security Standard Version 1.2, 2008 View pdf > PCI Security Standards Council, Skimming Prevention: Overview of Best Practices for Merchants, 2009 View pdf > PCI Security Standards Council, Ten Common Myths of PCI DSS, 2008 View pdf > Protecting Payment Card Data, CenturyLink Business, 2009 View pdf > CenturyLink Service Assurance, 2009 View pdf > ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. WP101174 07/11
Baixar agora