Upload
vanessa-sherman
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
© Vendor Safe Technologies 2008
BREACHES BY MERCHANT BREACHES BY MERCHANT TYPETYPE
70%
1%
9%
20%
Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits
© Vendor Safe Technologies 2008
PCIHEADLINES
AM I AT RISK?AM I AT RISK?
© Vendor Safe Technologies 2008
WHAT IS PCIWHAT IS PCI
PCI = Payment Card Industry
• VISA
• American Express
• MasterCard Worldwide
• Discover Financial Services
• JCB International– Together they formed the PCI Security
Standards Council
4
© Vendor Safe Technologies 2008
WHAT IS PCI/DSSWHAT IS PCI/DSS
• PCI DSS = Payment Card Industry Data Security Standards
• Designed to STOP computer hackers!
– Data Breach
– Theft of Cardholder Data
– Fraud
– Financial Loss to merchants
Compliance is MANDATORY:
– To avoid fines and penalties
– Safeguard locations against hackers
5
© Vendor Safe Technologies 20086
Required to Complete -PCI Self Assessment Questionnaire
200+ Questions to Address AcrossTHREE CRITICAL COMPONENTS
© Vendor Safe Technologies 2008
PoliciesPolicies & &ProceduresProcedures
Networ
k
Networ
k
Secu
rity
Secu
rity
Data Access
Data Access
7
BECOMING COMPLIANTBECOMING COMPLIANTCAN BE A DAUNTING TASKCAN BE A DAUNTING TASK
© Vendor Safe Technologies 2008
Our SolutionOur Solution
PCI MANAGED PCI MANAGED
SECURITY SUITE SECURITY SUITE
Provided by Provided by New Haven Cash Register New Haven Cash Register
and and VendorSafe™VendorSafe™
© Vendor Safe Technologies 2008
VendorSafe™PCI Managed Security Suite
1. Global Security Mesh™/VPN
Managed Firewall with Security Services
2. Wi-Fi HotSpot Plus ™
Up to four secure wireless networks per location
3. TrustVault™ Certificate
$50K Guarantee per location
9
© Vendor Safe Technologies 2008
VendorSafe™GLOBAL SECURITY MESH™/VPN
VPN Architecture Benefits
Hierarchical VPN Architecture
All end users on same network
Support Staff can easily access remote locations
True two-factor authentication
Required by PCI-DSS
No need to remember or distribute IP addresses
Reduction in liability involving terminated support
staff
10
© Vendor Safe Technologies 2008
VendorSafe™GLOBAL SECURITY MESH™/VPN
Managed Firewall
Auto Broadband BackupCredit card processing stays online
Minimizes support calls
Security policy and managementBlock incoming and outgoing internet traffic
Gateway Logging Compliant logging for communication
records
11
© Vendor Safe Technologies 2008
VendorSafe™GLOBAL SECURITY MESH™/VPN
Managed Firewall (continued)
Forced Configuration Manager™Ensures secure communications
Rogue Device Manager™Keeps hackers out of your system
IP Data Blocker™Prevents data transfer to any
unauthorized IP address
12
© Vendor Safe Technologies 2008
VendorSafe™ Wi-Fi HOTSPOT PLUS
HotSpot Features: Four Separate Wireless Networks
- Public / Private Segregation
Encrypted Communications
Contains all necessary Infrastructure for Wireless POS devices / Handhelds
VendorSafe™ Bandwidth Q.O.S. Manager
- Dynamically allocates resources
URL Web Filtering
Family Friendly Wi-Fi
Browse by Category 13
© Vendor Safe Technologies 2008
VendorSafe™TRUSTVAULT™ CERTIFICATE
The VendorSafe Guarantee:
Covers up to $50,000 in direct expenses relating to a data
breach including:
Mandatory security audit
Card replacement fees
Fines and penalties, ex. VISA
Covers physical or electronic data breach at EVERY merchant
location
14
© Vendor Safe Technologies 2008
WHEN A BREACH OCCURS
Merchant Expenses: Mandatory Forensic Audit - $10 to $20K
Fines for Non Compliance VISA - up to $500K
MasterCard – up to $200K
Credit Card Replacement $25.00 per card
Risk to Brand Equity - Priceless
$50K+ to Recover from a Breach
15
DID YOU READ THE FINE DID YOU READ THE FINE PRINT?PRINT?
Merchants Merchants have already agreedhave already agreed to be PCI to be PCI
Compliant Compliant !!
7 Data Security and Privacy You agree to post and maintain on all your Web Sites both your consumer data policy (which must comply with all Payment Brand Rules, Regulations, and Guidelines) and your method of transaction security. You may not retain or store CW2/CVC2 data or PIN data subsequent to the authorization. You must comply with all Security Standards published by the Payment Brands and the PCISSC including, but not limited to, Visa’s Customer Information Security Program (“CISP”), MasterCard’s Security Data Program (“MDSP”) and the Payment Card Industry Data Security Standard (“PCIDSS”). Pursuant to the Security Standards, you must,
among other things: (i) install and maintain a working network firewall to protect data accessible via the internet; (ii) keep security patches up to date; (iii) encrypt stored data and data sent over open networks; (iv) use and update antivirus software; (v) restrict access to employees
who are on a “need to know” basis; (vi) assign a unique ID to each person with computer access to data; (vii) not use vendor-supplied defaults for system passwords and other security parameters; (viii) track access to data by unique ID; (ix) regularly test security systems and processes; (x) maintain a policy
that addresses information security for employees and contractors; (xi) restrict physical access to Customer information; (xii) when outsourcing administration of information assets , networks, or data you must retain legal control of proprietary information and use limited “need to know” access to such assets, networks or data; and (xiii) reference the protection of Customer Information and compliance with the Security Standards in contracts with other service providers. You must notify Paymentech of any third party vendor with access to Customer Information, and you are responsible for ensuring that all third party vendors are compliant with the Security Standards, to the extent applicable. The Security Standards may require that you engage an approved third party vendor to conduct quarterly perimeter scans and/or security reviews can be accessed through Visa and Mastercard websites at www.Visa.com and www.MasterCard.com
DON’T BECOME A VICTIM!DON’T BECOME A VICTIM!
New Haven Cash RegisterSelling and Supporting POS Solutions Since 1949
New Haven Cash Register Company2546 State StreetHamden, CT 06517203.287.2977 ext. 302www.newhavencashregister.com
New Haven Cash RegisterSelling and Supporting POS Solutions Since 1949
Since 1949 New Haven Cash Register Company has provided point of sale & cash register systems to Ct based restaurant and retail businesses. Every sale is personalized to meet customer specific requirements by providing a full range of implementation(configuration, installation, training, go-live standbye), software support and on-site services..
Whether it is a robust point of sale solution or less sophisticated cash register system New Haven Cash Register can recommend the product that best meets your requirements & budget. Every system is fully programmed and properly configured which reduces your learning curve and start up problems .
Call today for the right system- the first time
Are you processing credit cards with your POS system? If you are, then you know you must use a PCI compliant version or risk a major fine from the credit card industry should a security breach occur.New Haven Cash Register provides PCI compliant solutions.
IN THE NEWSIN THE NEWS