Upload
holly-miller
View
20
Download
0
Tags:
Embed Size (px)
DESCRIPTION
EarthLink Business PCI Compliance Solution Services. EarthLink Business: Secure Solutions for Merchants & Retailers. SMB to Fortune 500 retail customers Tens of thousands of store locations Comprehensive network and IT services to support PCI compliance: Nationwide private MPLS - PowerPoint PPT Presentation
Citation preview
EarthLink BusinessPCI Compliance Solution Services
EarthLink Business: Secure Solutions for Merchants & Retailers
• SMB to Fortune 500 retail customers
• Tens of thousands of store locations
• Comprehensive network and IT services to support PCI compliance:
– Nationwide private MPLS
– Direct Connect
• Secure Point of Sale connectivity
– SSAE 16 compliant data centers; connect directly via MPLS
– Managed security services
– PCI Compliance Validation with Breach Protection
What is PCI Compliance?
Definition – Payment Card Industry Data Security Standard (PCI-DSS)
Set up by Visa, MasterCard, American Express, Discover, and JCB to reduce the risk of credit card theft and transfer liability to merchants
Requires mandatory adoption by allbusinesses that store, process, transmit credit/debit card data
6 Control Objectives
6 Control Objectives
12 Core Requirements
250+ Audit
Procedures
If you cannot answer yes to the three questions below, you are not PCI Compliant
Have ALL employees completed a PCI Certified security awareness training program upon hire and annually thereafter ?
Have all employees read and signed a formal security policy ?
Can you demonstrate that you run quarterly ASV scans ?
1
2
3
97% of U.S. events occurred at small merchants, and 91% of those were brick and mortar merchants. (Visa, 2012)
Impact of a Breach on a Business
A credit card breach can take months to remediate
1. Must stop taking credit cards2. Pay for forensic audit3. Pay fines and credit card replacement costs4. Pay to implement remediation actions and
for future on-site audits by a Qualified Security Assessor
The average business loses $3,007,015 per breach incident due to customer churn, brand damage, etc.
(Symantec and Ponemon Institute)
Vulnerabilities that Cyber Criminals Exploit
No firewall to separate Point-of-Sale (POS) and Internet traffic
Insecure Remote Access Lack of staff training needed to
spot scams and protect information
Weak security configurations Operating system flaws Flawed security policies Poor change control procedures
Retailer Challenge: Dedicating the Time, Resources, and Expertise
Required to Stop Cyber Crime
PCI Compliance Data Security Standards Requirements
1
2
3
4
5
6
Build and Maintain a Secure Network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords or other security parameters
3. Protect stores data4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update antivirus software6. Develop and maintain secure systems and
applications
7. Restrict access to data by business need to know8. Assign a unique ID to each person with computer
access 9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes
1. Maintain a policy that addresses information security
LEVEL CRITERIA On-Site Security
Audit
Self-Assessment Questionnaire
External Vulnerability
Scan
1
Any merchant processing more than 6 million transactions
per year
Required Annually
Required Quarterly
2
Any merchant processing 1 to 6
million transactions per year
Required Annually Required Quarterly
3
Any merchant processing 20,000 to 1 million transactions per
year
Required Annually Required Quarterly
4
All other merchants, not in Levels 1, 2 or 3
Required Annually Required Quarterly
Merchant Requirements:Based on Transaction Volume
Protect and Validate PCI Compliance
FINANCIALLY PROTECT YOUR BUSINESS: Up to $100,000 of data breach expense subject to per occurrence and aggregate limits of $ 500,000 per year, protection per location for less than $1 per day.
VALIDATE YOUR LEVEL OF PCI COMPLIANCE: Reduce the risk of breach with easy to use web-based tools for validating compliance
Designed for Level 2-4 merchants, PCI Compliance Validation is a comprehensive solution to protect business owners and organizations protecting themselves from the crippling financial effects of credit card theft while reducing the risk of data breach
Solution powered by ANX eBusiness, an Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA)
Breach Protection*
Breach Protection provides for merchant reimbursement of up to $100,000 per location subject to a per occurrence and aggregate yearly maximum of $ 500,00 to cover expenses if a customer’s credit card information is breached.
Covered expenses include: Forensic audit provided by a Qualified Security Assessor
(QSA) as required by PCI DSS Replacement of credit cards and related expenses Fines and penalties incurred as a result of the breach Two-hour telephone consultation with a breach consultant*DISCLAIMER NOTICE. The PCI Compliance Solution Services are provided and serviced by ANXeBusiness Corp. and offered through EarthLink Business, and
are subject to the terms and conditions found at http://www.earthlinkbusiness.com/about-us/legal/terms.xea. All Data Breach Protection Service reimbursements are limited to: $100,000.00 a year for each qualifying location, not to exceed $500,000.00 per occurrence for customers with multiple locations, and an aggregate maximum of $500,000.00 per customer. Use of the PCI Compliance Validation Service does not guarantee that a data breach will not occur and alone cannot prevent losses. EarthLink Business makes no representations as to whether the Data Breach Protection Service will apply to or cover a particular claim or loss. The material in this document (or on this site) is intended for informational purposes only, not as professional advice, and is provided on an “AS IS” basis. EARTHLINK BUSINESS DISCLAIMS ALL WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, RELATING TO THE PCI COMPLANCE SOLUTION SERVICES, INCLUDING, WITHOUT LIMITATION, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND THE ACCURACY AND COMPLETENESS OF ASSOCIATED INFORMATIONAL CONTENT AND WILL NOT BE LIABLE FOR LOSSES, COSTS OR DAMAGES ARISING FROM THE PCI COMPLIANCE SOLUTION SERVICES OR ANY ASSOCIATED INFORMATIONAL CONTENT.
PCI Self Assessment Questionnaire (SAQ) wizard with question and answer support
Task Management and Reporting
Security Policy Templates
External Vulnerability Scanning
PCI eLearning course (versions for cashier, IT and owner)
EarthLink PCI Compliance Validation
Proactively Protect Your Business from Breach
Step 1: Financially Protect Yourself from a Breach
Step 2: Validate PCI Compliance
Step 3: Achieve Compliance
Step 4: Maintain Compliance
How can EarthLink help you achieve PCI Compliance ?