© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits

© Vendor Safe Technologies 2008

BREACHES BY MERCHANT BREACHES BY MERCHANT TYPETYPE

70%

1%

9%

20%

Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits


PCIHEADLINES

AM I AT RISK?AM I AT RISK?


WHAT IS PCIWHAT IS PCI

PCI = Payment Card Industry

• VISA

• American Express

• MasterCard Worldwide

• Discover Financial Services

• JCB International– Together they formed the PCI Security

Standards Council

4


WHAT IS PCI/DSSWHAT IS PCI/DSS

• PCI DSS = Payment Card Industry Data Security Standards

• Designed to STOP computer hackers!

– Data Breach

– Theft of Cardholder Data

– Fraud

– Financial Loss to merchants

Compliance is MANDATORY:

– To avoid fines and penalties

– Safeguard locations against hackers

5


Required to Complete -PCI Self Assessment Questionnaire

200+ Questions to Address AcrossTHREE CRITICAL COMPONENTS


PoliciesPolicies & &ProceduresProcedures

Networ

k

Networ

k

Secu

rity

Secu

rity

Data Access

Data Access

7

BECOMING COMPLIANTBECOMING COMPLIANTCAN BE A DAUNTING TASKCAN BE A DAUNTING TASK


Our SolutionOur Solution

PCI MANAGED PCI MANAGED

SECURITY SUITE SECURITY SUITE

Provided by Provided by New Haven Cash Register New Haven Cash Register

and and VendorSafe™VendorSafe™


VendorSafe™PCI Managed Security Suite

1. Global Security Mesh™/VPN

Managed Firewall with Security Services

2. Wi-Fi HotSpot Plus ™

Up to four secure wireless networks per location

3. TrustVault™ Certificate

$50K Guarantee per location

9


VendorSafe™GLOBAL SECURITY MESH™/VPN

VPN Architecture Benefits

Hierarchical VPN Architecture

All end users on same network

Support Staff can easily access remote locations

True two-factor authentication

Required by PCI-DSS

No need to remember or distribute IP addresses

Reduction in liability involving terminated support

staff

10



Managed Firewall

Auto Broadband BackupCredit card processing stays online

Minimizes support calls

Security policy and managementBlock incoming and outgoing internet traffic

Gateway Logging Compliant logging for communication

records

11



Managed Firewall (continued)

Forced Configuration Manager™Ensures secure communications

Rogue Device Manager™Keeps hackers out of your system

IP Data Blocker™Prevents data transfer to any

unauthorized IP address

12


VendorSafe™ Wi-Fi HOTSPOT PLUS

HotSpot Features: Four Separate Wireless Networks

- Public / Private Segregation

Encrypted Communications

Contains all necessary Infrastructure for Wireless POS devices / Handhelds

VendorSafe™ Bandwidth Q.O.S. Manager

- Dynamically allocates resources

URL Web Filtering

Family Friendly Wi-Fi

Browse by Category 13


VendorSafe™TRUSTVAULT™ CERTIFICATE

The VendorSafe Guarantee:

Covers up to $50,000 in direct expenses relating to a data

breach including:

Mandatory security audit

Card replacement fees

Fines and penalties, ex. VISA

Covers physical or electronic data breach at EVERY merchant

location

14


WHEN A BREACH OCCURS

Merchant Expenses: Mandatory Forensic Audit - $10 to $20K

Fines for Non Compliance VISA - up to $500K

MasterCard – up to $200K

Credit Card Replacement $25.00 per card

Risk to Brand Equity - Priceless

$50K+ to Recover from a Breach

15

DID YOU READ THE FINE DID YOU READ THE FINE PRINT?PRINT?

Merchants Merchants have already agreedhave already agreed to be PCI to be PCI

Compliant Compliant !!

7 Data Security and Privacy You agree to post and maintain on all your Web Sites both your consumer data policy (which must comply with all Payment Brand Rules, Regulations, and Guidelines) and your method of transaction security. You may not retain or store CW2/CVC2 data or PIN data subsequent to the authorization. You must comply with all Security Standards published by the Payment Brands and the PCISSC including, but not limited to, Visa’s Customer Information Security Program (“CISP”), MasterCard’s Security Data Program (“MDSP”) and the Payment Card Industry Data Security Standard (“PCIDSS”). Pursuant to the Security Standards, you must,

among other things: (i) install and maintain a working network firewall to protect data accessible via the internet; (ii) keep security patches up to date; (iii) encrypt stored data and data sent over open networks; (iv) use and update antivirus software; (v) restrict access to employees

who are on a “need to know” basis; (vi) assign a unique ID to each person with computer access to data; (vii) not use vendor-supplied defaults for system passwords and other security parameters; (viii) track access to data by unique ID; (ix) regularly test security systems and processes; (x) maintain a policy

that addresses information security for employees and contractors; (xi) restrict physical access to Customer information; (xii) when outsourcing administration of information assets , networks, or data you must retain legal control of proprietary information and use limited “need to know” access to such assets, networks or data; and (xiii) reference the protection of Customer Information and compliance with the Security Standards in contracts with other service providers. You must notify Paymentech of any third party vendor with access to Customer Information, and you are responsible for ensuring that all third party vendors are compliant with the Security Standards, to the extent applicable. The Security Standards may require that you engage an approved third party vendor to conduct quarterly perimeter scans and/or security reviews can be accessed through Visa and Mastercard websites at www.Visa.com and www.MasterCard.com

DON’T BECOME A VICTIM!DON’T BECOME A VICTIM!

New Haven Cash RegisterSelling and Supporting POS Solutions Since 1949

New Haven Cash Register Company2546 State StreetHamden, CT 06517203.287.2977 ext. 302www.newhavencashregister.com

New Haven Cash RegisterSelling and Supporting POS Solutions Since 1949

Since 1949 New Haven Cash Register Company has provided point of sale & cash register systems to Ct based restaurant and retail businesses. Every sale is personalized to meet customer specific requirements by providing a full range of implementation(configuration, installation, training, go-live standbye), software support and on-site services..

Whether it is a robust point of sale solution or less sophisticated cash register system New Haven Cash Register can recommend the product that best meets your requirements & budget. Every system is fully programmed and properly configured which reduces your learning curve and start up problems .

Call today for the right system- the first time

Are you processing credit cards with your POS system? If you are, then you know you must use a PCI compliant version or risk a major fine from the credit card industry should a security breach occur.New Haven Cash Register provides PCI compliant solutions.

IN THE NEWSIN THE NEWS

Documents

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits