Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautions and Mitigate Risk

About the i2Coalition• A global voice for the people and companies building the nuts and bolts of the Internet

• More than 65 members, including hosts, data centers, cloud providers, registrars and more

• Founded in 2012 to advocate on issues, connect members, and share best practices

Best Practices Working Group• The i2Coalition works with members to develop and share best practices on a range of topics.

• Our industry has been and will continue to be at the forefront of fighting piracy, fraud, child pornography, and other Internet-based legal offenses.

• We want to make the Internet a better, safer place for all.

Contact UsLearn more about joining or working with the i2Coalition.

www.i2coalition.com

membership@i2coalition.com

Guiding open standards for global payment card security

PCI Updates: Securing the future of payments

Bob Russo, General Manager2014

Everyone is Aware of Breaches!

Custom Malware

Advanced Persistent Threats

Trojan Horses

WormsViruses

Evolution of Cyber Attacks

Modern Malware Hides Itself

About the PCI Council

Founded in 2006 - Guiding open standards for payment card security

• Development• Management• Education• Awareness

Manufacturers

PCI PTSPin Entry Devices

Ecosystem of payment devices, applications, infrastructure and users

Software Developers

PCI PA-DSSPayment

Applications

PCI Security& Compliance

Merchants & Service Providers

PCI DSSSecure

Environments

PCI Security Standards SuiteProtection of Cardholder Payment Data

The Formula for PCI Success

PeopleProcessesTechnology Security

92% 97%

With version 3.0, PCI DSS is more mature than ever, and covers a broad base of technologies and processes such as encryption, access control, and vulnerability scanning to offer a sound baseline of security.

PCI Standards Help Secure Your Data

Source: 2013 Trustwave Global Security Report

PCI DSS has made comprehensive security controls more commonplace in larger organizations. Therefore, the organizations become more difficult to compromise.

The Standards Continually Evolve

Weak or default passwords

Lack of employee education

Security deficiencies introduced by third parties

Slow self-detection

Top Mistakes Revealed by Forensic Audits

Source: 2013 Trustwave Global Security Report

PCI DSS, PA-DSS 3.0 – Key Themes

Make PCI your compass, not your roadmap

Education Awareness

Flexibility

Security as a Shared

Responsibility

Effective Dates for v3.0 PCI DSS

Version 3.0 became effective on 1 January 2014

Version 2.0 is valid until 31 December 2014

Supporting documents now available

Feedback period begins November 2014

Download PCI DSS 3.0 and supporting documents at pcisecuritystandards.org

EMV Chip in US – It’s Almost Here…

You May Have Heard…

EMV Chip will solve all security problems

Card payments will be revolutionized with EMV Chip

The payment landscape will be transformed, no need for PCI

PCI is on its way to extinction

PCI Helps Secure Card Data Across All Channels

EMV Chip Helps Reduce Face-to-Face Fraud

Even EMV Chip Needs PCI

PCI PIN Transaction Security Listing https://www.pcisecuritystandards.org/approved_companies_provide

rs/approved_pin_transaction_security.php

Upgrade Your Terminal

Don’t Forget About E-Commerce

PCI DSS E-Commerce Guidelineswww.pcisecuritystandards.org/pdfs/

PCI_DSS_v2_eCommerce_Guidelines.pdf

Looking Forward …

PCI Standards will

continue to evolve…

And will be applied as

required, such as with EMV

Mobile

retail

$19paymen

accepte

dThank

PCI SSC is working with industry

PCI Standards focus on merchant-acceptance

Mobile payment acceptance still evolving

Understand risk and use PCI SSC resources

PCI SSC is working with industry

Mobile Guidelines and Best Practices

Guidelines published 2012-2013

• PCI Mobile Payment Acceptance Guidelines for Developers

• PCI Mobile Payment Acceptance Guidelines for Merchants as End-Users

• Accepting Mobile Payments with a Smartphone or Tablet

Reducing the cardholder data footprint

efficient security

complicated for PCI DSS

Where the Footprint Begins

66% of data breaches, the organization didn’t know the data was on the compromised systemVERIZON DATA BREACH INVESTIGATIONS REPORT

Ways to Reduce Footprint

Business process for retention

Tokenization

Reduce the need or ability to store or transmit cardholder data

Point-to-Point Encryption

What is a PCI P2PE Solution?

PCI PIN Transaction Security (PTS) approved devices with Secure Reading and Exchange of Data (SRED)

PCI P2PE validated applications and processes

Listed by PCI SSC

P2PE and Merchants

Merchants and their acquirers accept the risk when using encryption solutions not listed by the Council

Only PCI-listed P2PE solutions are recognized as meeting requirements for reducing merchant PCI DSS scope

Tokenization

Tokenization can remove or render payment card data useless to cybercriminals and work in concert with PCI Standards to increase the security of this data.

The Formula for PCI Success

PeopleProcessesTechnology Security

PreparationWhat are your personal PCI education goals for the next three years?

For your staff

For yourself

People in Payment Chain Cause Most Internal Breaches!

Be Aware! Get Educated!

Lack of employee education and awareness is a lead contributor to data breaches

Insider’s Guide•Defines/explains updates to PCI DSS 3.0 in 90 minutes

PCI Essentials• Payment

security basics

www.pcisecuritystandards.org/training

Training Highlights

Online Internal Security Assessor (ISA) Training

P2PE Assessor Training

Corporate Group Training– Let Us Come To You!

Online Awareness Training in Four Hours

Qualified Integrators and Resellers (QIR)™ Program

PCI Professional Program (PCIP)™To learn more, visit: www.pcisecuritystandards.org/training

New! Quick Resources for card security

www.pcisecuritystandards.org/news_events/quick_resources.php

Get Involved – We Need Your Input

Join Learn Input Network

Nominate Vote Share Influence

Be Part of SIGs

Security Awareness Penetration TestingGuidance

Save the Dates – 2014 Community Meetings

North America

9-11 September Orlando, Florida

Europe

7-9 OctoberBerlin, Germany

Asia-Pacific

18-19 NovemberSydney, Australia

Please visit our website at www.pcisecuritystandards.org

Questions?

Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautions and Mitigate Risk

Internet

Wireless & Health: Simple Precautions Make Senseehtrust.org/wp-content/uploads/2012/04/Doctors-Advice-Wireless_Apr... · distance from head and body. Protect children • Children

Isolation Precautions anas.n 7.4.54 - si. · PDF fileIsolation Precautions Standard Precautions Expanded Precautions + N Stdd Airborne Precautions New Standard Precautions for Pts.:

Prevent Policy - geniuspeople.co.uk€¦ · - where an attack cannot be stopped, to mitigate its impact . PROTECT - to strengthen against terrorist attack, including borders, utilities,

3389 ACRYLITE Resist Technical Data Sheet · 3389-06/06-CYRO FIRE PRECAUTIONS ACRYLITE acrylic sheet products are combustible thermoplastics. Precautions should be taken to protect

CC–PROTECT: Cooperative Cross-layer Protection to Mitigate

RURAL INFORMATION CAMPAIGN ON PRECAUTIONS AGAINST CORONAVIRUS · 2020. 6. 8. · RURAL INFORMATION CAMPAIGN ON PRECAUTIONS AGAINST CORONAVIRUS HOW CAN WE PROTECT OURSELVES AND OTHERS

6-1 OSHA Bloodborne Pathogens Standard and Universal Precautions Disposal of infectious or potentially infectious waste Laws protect healthcare workers

Mitigate Climate Change and Simultaneously Protect Health ... · PDF fileVeerabhadran Ramanathan . Univ of California at San Diego . INDICATORS OF CLIMATE CHANGE IN CALIFORNIA . JUNE

Space Capabilities Presentation - API Techmicro.apitech.com/pdf/api-space-capabilities.pdf · Electromagnetic and security solutions to mitigate interference and protect the safe

STANDARD PRECAUTIONS - Infection Prevention …...Standard precautions are applied during working practices to protect patients and staff from infection. All blood and body fluids

Diagnosis of Tuberculosis - Open Access eBooksopenaccessebooks.com/diagnosis-management-tuberculosis/...3 Diagnosis and Management of Tuberculosis precautions to mitigate the risk

Using product standards to protect consumers across ECOWAS - … · 2019. 10. 29. · Mitigate Climate Change Reduce Energy Supply Cost ... cheap products off the market •Policy

Compliance Policy Manual for Morningstar Research Services LLC · governing their conduct; (2) protect the Research Group’s reputation; (3) mitigate securities law violations; and

Threat Control and Containment in Intelligent Networks · Technologies and security services to • Mitigate the effects of outbreaks • Protect critical assets • Ensure privacy

Managers: Protect Correctional Staff from MRSA Standard Precautions Educate staff to assume any inmate could be contagious and to take precautions when direct contact with body fluids,

Decontaminating a Vomit Incident. Be Careful Clean up people must take special precautions to protect themselves from contamination. Bodily fluids

Influenza A(H1N1) Self-care guide · 4 Protection, prevention and health advice 4 Ways to protect yourself against inﬂ uenza 5 Precautions and care 7 Precautions at work 8 Medication

Instruction Manual - Ideal · PDF fileSTP-301/451 Series Instruction Manual 1 SAFETY PRECAUTIONS The Safety Precautions in this Manual constitute guidelines to protect operators, the

Facing Up to the Consequences of Digitizationweb.stanford.edu/class/ee380/Abstracts/190227-slides.pdfAddressing Digital Pollution •Mitigate and protect the vulnerable Empowerpeople

Implementing OTC Derivatives Market · PDF fileImplementing OTC Derivatives Market Reforms ... improve transparency in the derivatives markets, mitigate systemic risk, and protect