James Lee's PCI Guide- 3Steps Protecting Your Business What Every Merchants Must Know

3steps Protecting

Your Business

From The Data Breach And Related Cost

That May Result In The Loss Of Your

Business-Every Merchant Must Know!

Being A PCI Compliant,

Protecting Your Business

The Sooner, The Better!

Welcome

Ask About

Merchant Services

James Lee M. 917.930.3945 [email protected]

http://b2breferral.wix.com/home

You Do Not Want Your Business In Danger, Dont You? Then Take A Time To Read Until You Know 3steps Protecting Your Business Which Enables You To Protect Your Business.

Step One. Aware Your Business Is Not Safe At All From The Data

Breach That May Result In The Loss Of Your Business

Small- and medium-sized businesses have become data thieves primary targets ** In 2011, there were 174 million compromised records - up from 4 million in 2010. The average total cost per reporting company was more than $6.3 million per breach and ranged form $225,000 to almost $35million.

Step 2. Know How Protect Your Business From The Data Breach

And Related Non-compliance Fine : Up To $500,000

1. What is PCI Compliance Guide?

2. Why you should be a PCI Compliant?

3. What you should do to be a PCI Compliant?

4. 3 of Key factors to be a PCI Compliant - At least you need to meet below 3 of Key factors to be a PCI

Compliant

Having PCI Program

Pass SAQ Test one a year

Be an Equipment Compliant

Step3: Start to secure your business with James Lee

Sign up for free PCI Consultation to have The key benefits with James Lees Free PCI

Consultation.

Cost of Data Breach May Result in Closing Your Business

Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation. The Real Cost of Data Breach (Its more than you thinkand youre more at risk than you know.) Jan 3, 2013 The HHS' Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations ...

3steps Protecting

Your Business

From The Data Breach And Related Cost That May

Result In The Loss Of Your Business-Every Merchant

Must Know

Ask About

Merchant Services



3steps Protecting Your Business

From The Data Breach And Related Cost That May Result In The Loss Of Your Business

Step One.

Aware Your Business Is Not Safe At All

From The Data Breach That May Result In

The Loss Of Your Business

Being A PCI Compliant,

Protecting Your Business


James Lee-Your Reliable Payment Processing Consultant

M. 917.930.3945 email: [email protected] www.facebook.com/bestprocessingsolutions

1

Part1. Aware we are unsafe world - No

Business Is Safe From The Data

Breach

Small- and medium-sized businesses have become data thieves primary targets ** In 2011, there were 174 million compromised records - up from 4 million in 2010. The average total cost per reporting company was more than $6.3 million per breach and ranged form $225,000 to almost $35million.

Retailer Gets Hacked 4.2 Million Credit Cards Identity Theft Protection

Boston Restaurant Group Fined $110,000 Over Data Breach

Credit Card Data Breach at Barnes & Noble Stores

Four Romanian nationals indicted for hacking Subway and 50 other merchants POS systems

The nightmare of a security breach at your small business has become more of a possibility in recent years. Despite that trend, a majority of small businesses are not taking steps to try to prevent a data or security breach, new research has found. According to the Verizon 2011 Data Breach Investigations Report, organizations with between 11 and 100 employees reported 436 data breaches last year almost six times as many as organizations with between 101 and 1,000 employees .

A Complete PCI Compliance

Advance Security Program

Free Identity Waver Up To $30,000- $100,000

Free PCI Compliant Terminal

WorldPay Security Program offers

Learn More, Contact James Lee at 1-917-930-3945 [email protected]

James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101


From The Data Breach And Related Cost That May Result In The

Loss Of Your Business

Your Reliable Payment Processing Consultant

Step One. Aware Your Business Is Not Safe At All From The Data

Breach That May Result In The Loss Of Your Business

No Business Is Safe

From The Data Breach

MasterCard, Visa Confirm 'Major' Breach-Global Payment

Ask About

Merchant Services



Step One. Aware Your Business Also Is Not Safe From The

Data Breach That May Result In The Loss Of Your Business

That number, however, does not scare small business owners. Eighty-five percent of them said in a new survey, conducted for investment and insurance company The Hartford, that they believe a data breach is unlikely to happen to them. A majority of those business owners also said they are unlikely to put any measures in place to prevent such an attack.

"Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted," said Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford. "As cybercriminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach." Six in 10 small business owners acknowledge that a data breach would compromise relationships with customers. Additionally, 38 percent said they would have a negative opinion of companies that responded poorly to a breach.

Cicero's wages legal battle over allegations of data breach.

Hackers Shift Attacks to Small Firms

Joe Angelastri, owner of City Newsstand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system

Please Take a look Data Breach Report published identity Theft Resource Center

2012 will be the year of skimming. Devices put on a dial terminal can steal cardholder information without a business knowing it. A teenager just went to jail for putting a skimming devise on a McDonald's terminal.

3 Delta is a very well know software provider for POS systems. The CEO and founder states, It's not a matter of if you get a data breach; it's just a matter of when. He offers tips to keep your network safe.

Now You agree your business is not safe from the cyber attacks, Dont you? You should aware the cost of data breach could hurt your Business seriously.

Cost of Data Breach-Best Resource 2010 Annual Study: U.S. Cost of a Data Breach



WorldPay Security Program offers James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101




Result In The Loss Of Your Business

Ask About

Merchant Services



WorldPay Security Program Helps Protect Your Business

From The Data Breach Fines For Non-compliance

With The PCI Standard Up To $500,000

Cost of Data Breach May Result

in Closing Your Business

Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation. The Real Cost of Data Breach (Its more than you thinkand youre more at risk than you know.) Jan 3, 2013 The HHS' Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations ... The Real Cost of Data Breach for Level 4 Merchant (Its more than you thinkand youre more at risk than you know.) The average- $36,000 and can be as high as $50,000 (or more). In other words, more than enough to crippleor even destroya small business. Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation Q1. What is Fine for Non PCI Compliance ? In order to address the threats to credit card information, the PCI Security Standards Council was formed in September, 2006. The PCI Security Standards Council has developed two primary standards that concern you: PCI DSS: The Payment Card Industry Data Security Standard outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your restaurants, you are responsible to comply with this standard. PA-DSS: Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data such as full magnetic stripe, credit card security code, or PIN data is not stored. PA-DSS compliance can only be accurately verified by a qualified

Part 2. Aware Cost of Data Breach May Result in

Closing Your Business


Forensic investigation of your POS system = $10,000-$20,000

Reimbursement for purchases made using stolen cards

Replacement for stolen credit cards = $20-$30 per card. (Just 1,000 cards means $20,000-$30,000)

A nearly priceless loss of Brand Equity Fines for Non-compliance with the PCI

standard. Fine Up to $500,000 with

VISA and up to $200,000 with

MasterCard

The Components of

Data Breach Cost

The Biggest Portion of Data

Breach Cost is The Fine for Non

PCI Compliance

Fines for Non-compliance with the PCI standard is

the most heaviest fine for data breach what you

need to avoid by being a PCI Compliant.

To Be a PCI Compliant, You need to

meet the requirement of PCI

Compliance and PA DSS-Payment

Application Data Security Standard




What is the cost of data breach?

A Complete PCI Compliance Advance Security Program



WorldPay Security Program Helps Protect Your Business



Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation. The Real Cost of Data Breach (Its more than you thinkand youre more at risk than you know.) Jan 3, 2013 The HHS' Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations ... The Real Cost of Data Breach for Level 4 Merchant (Its more than you thinkand youre more at risk than you know.) The average- $36,000 and can be as high as $50,000 (or more). In other words, more than enough to crippleor even destroya small business. Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation Q1. What is Fine for Non PCI Compliance ? In order to address the threats to credit card information, the PCI Security Standards Council was formed in September, 2006. The PCI Security Standards Council has developed two primary standards that concern you: PCI DSS: The Payment Card Industry Data Security Standard outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your restaurants, you are responsible to comply with this standard. PA-DSS: Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data such as full magnetic stripe, credit card security code, or PIN data is not stored. PA-DSS compliance can only be accurately verified by a qualified

Part 2. Aware Cost of Data Breach May Result in

Closing Your Business





A Complete PCI Compliance Advance Security Program



Fines for Non-compliance with the PCI standard. Fine Up to $500,000

with VISA and up to $200,000 with

MasterCard Forensic investigation of your POS system =

$10,000-$20,000 Reimbursement for purchases made using

stolen cards Replacement for stolen credit cards = $20-$30

per card. (Just 1,000 cards means $20,000-$30,000)

A nearly priceless loss of Brand Equity

The Components of

Data Breach Cost

WHAT IS THE COST OF DATA BREACH?


Breach Cost is The Fine for

Non PCI Compliance

Fines for Non-compliance with the PCI standard

is the most heaviest fine for data breach what you

need to avoid by being a PCI Compliant.





ID# Business

disruption

Productivity loss

Revenue

loss

Fines, penalties &

settlement costs Total

1 1 , 894 , 20 1 886 , 772 2 , 5 0 6 , 7 9 8 2 , 504 , 85 3 7 , 7 9 2 , 6 2 4

2 2 ,530,352 2 ,961,739 3 ,254,316 2 ,451,421 11,197, 829

3 3 ,510,825 3 ,522,002 2 ,521,616 978,761 10,533, 203

4 7 ,655,995 1 ,719,063 2 ,225,011 707,799 12,307, 868

5 6 ,067,953 4 ,591,037 3 ,996,297 811,886 15,467, 173

6 530,415 - 546,622 309,721 1,386,758

7 7 ,712,747 5 ,402,988 700,438 310,856 14,127, 029

8 1 ,399,309 3 , 401 , 98 8 3 ,157,199 1 ,666,473 9,624,969

9 4 ,747,903 1 ,663,583 1 ,606,138 191,044 8,208,668

10 3 ,804,836 5 ,150,215 4 , 552 , 82 4 1 ,938,156 15,446, 031

11 465,637 423 , 498 710,214 704,687 2,304,036

12 3 ,117,942 3 , 111 , 29 8 1 ,767,796 80 , 384 8,077,420

13 535,602 652,483 346,224 383,742 1,918,051

14 - 1 ,384,147 741,359 799,265 2,924,771

15 765,450 - 540,296 1 ,763,402 3,069,148

16 16,552, 877 53,154 6 ,538,555 1 ,344,968 24,489, 553

17 1 ,613,945 2 ,229,318 1 ,756,673 1 ,972,003 7,571,939

18 709,556 1 ,049,803 1 ,315,445 1 ,065,976 4,140,781

19 6 ,020,835 748,078 1 ,899,101 2 ,383,793 11,051, 807

20 - 4 , 501 , 59 8 1 ,571,536 2 ,390,360 8 , 463 , 49 4

21 2 ,663,217 6 , 446 , 75 8 2 ,513,763 3 ,431,797 15,055, 534

22 1 ,805,479 2 ,841,799 1 ,526,188 579,088 6,752,554

23 5 ,078,817 4 , 014 , 51 5 2 ,790,129 427 , 940 12,311, 402

24 4 ,359,921 3 ,898,962 2 ,637,710 668,455 11,565, 048

25 2 ,539,821 - 2 ,444,529 1 ,382,552 6,366,902

26 2 ,285,952 2 ,175,764 4 ,288,741 2 ,810,190 11,560, 647

27 630,284 1 ,613,219 2 ,498,983 2 ,103,072 6,845,558

28 10,610, 045 5 ,174,955 4 ,696,161 7 ,493,699 27,974, 860

29 3 ,878,864 3 , 135 , 70 8 2 ,067,828 2 ,841,451 11,923, 852

30 2 ,236,557 3 ,849,895 3 ,882,527 1 ,831,169 11,800, 148

31 3 ,683,109 2 ,763,377 3 ,044,502 885,412 10,376, 400

32 3 ,386,634 2 ,420,115 2 ,666,676 1 ,085,278 9,558,703

33 2 ,178,924 2 ,158,495 1 ,726,303 1 ,809,951 7,873,673

34 5 ,424,731 1 ,420,338 2 ,123,134 1 ,888,016 10,856, 219

35 1 ,532,994 1 ,721,369 1 ,668,480 700,800 5,623,643

36 2 ,152,478 469,623 1 ,387,055 526,313 4,535,469

37 1 ,393,876 - 154,675 146,806 1,695,357

38 328,189 - 557,464 671,041 1,556,694

39 1 ,955,264 3 , 536 , 60 0 1 ,304,047 2 ,689,848 9,485,760

40 2 ,333,900 3 ,800,776 1 ,763,831 869,986 8,768,492

41 1 ,621,980 5 ,697,483 2 ,539,403 795,896 10,654,763

42 6 ,413,603 3 ,550,955 3 ,178,774 147,334 13,290,666

43 3 ,035,969 204,740 1 ,478,622 798,862 5,518,192

44 3 ,383,818 2 ,603,496 1 ,201,703 1 ,997,390 9,186,408

45 2 ,076,828 1 ,761,714 2 ,320,328 1 ,369,728 7,528,597

46 5 ,063,475 3 ,425,150 1 ,608,866 2 ,077,943 12,175,433

Part 2 Cost of Data Breach

SUMMARIZED NON-COMPLIANCE COST DATA FOR 46 BENCHMARKED ORGANIZATIONS 30 The True Cost of Compliance | Benchmark Study of Mult inational Organizations | Ponemon Institute | January 2011

2010 Annual Study: U.S. Cost of a Data Breach








Part 2 Cost of Data Breach

Still The Cost of Data Breach dose not bring your attention?

Then You should take

look at below more reports




Your Reliable Payment Processing Consultant 3steps Protecting Your Business



Ponemon Cost of a Data Breach - SUMMARIZED NON-COMPLIANCE COST DATA FOR 46 BENCHMARKED ORGANIZATIONS

30 The True Cost of Compliance | Benchmark Study of Multinational Organizations | Ponemon Institute | January 2011

The Ponemon Institute proudly presents the 2010 U.S. Cost of a Data Breach, the sixth annual study concerning the cost of data breach incidents for U.S.-based companies sponsored by Symantec Corporation. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. The study also found that for the second straight year organizations need to respond rapidly to data breaches drove the associated costs higher. The sixth annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 51 U.S. companies from 15 different industry sectors.

Resources Press Release: Ponemon Study Indicates Organizational Data Breach Costs Hit $7.2 Million and Show No Sign of Leveling Off Press Release: Data breach cost hits UK organizations for 1.9 million per incident in 2010 2010 Annual Study: Global Cost of a Data Breach Report (PDF) 2010 Annual Study: U.S. Cost of a Data Breach Report (PDF) 2010 Annual Study: UK Cost of a Data Breach (PDF) 2010 Annual Study: Australia Cost of a Data Breach Report (PDF) Infographic: Data Breach Costs Soar Even Higher (PDF) Podcast: Ponemon Cost of a Data Breach Report SlideShare: 2010 Annual Study: U.S. Cost of a Data Breach Blog Post: In Defense of Data: Cost of a Data Breach Climbs Higher Blog Post: How Much Would A Data Breach Cost Your SMB? Data Breach Risk Calculator Symantecs Encryption Offerings Symantecs Data Loss Prevention Offerings

Ask About

Merchant Services



More on restaurants and credit card security: Pasta, Meatballs and Credit Card Theft (ABC

News)SecureWorks reports on quantifying the cost of a breach

What is the cost of a credit card breach EXCEPTING NON PCI COMPLIAN FINES?

The Payment Card Industry (PCI) standards have been

established to help you safeguard customer informationand protect your business.

The basics of PCI are similar to the standard business practices you already use to safeguard your business: You lock your doors as a matter of course. To protect your customers information, you also need the proper locks on your POS system and network.

Where to start? Read on to learn the key things you need to

know about credit card security and PCI.

What is the cost of a credit card breach EXCEPTING NON PCI COMPLIAN FINES?

Estimating the cost of a data breach is not straightforward.

In addition to the direct costs incurred in legal fees, security

audits, fines, and penalties, there are also less tangible losses,

such as brand damage, lost customers, and time spent

dealing with the breach.

industry such as food service, the cost can range from $155

to $305 for each customer record stolen. According to

payment security consultant Trustwave, an average of 40,000

card numbers are compromised in a typical breach. But

even in a breach involving less records, cost can escalate

quickly and force small business to close doors.

Forrester Research recently released survey data that

estimated costs for low- and high-profile breaches. The

graph below summarizes the firms findings: In a regulated

Sign up for

Consultation

James Lee M. 917.930.3945 F.718.661.0014 [email protected]

When you signed a merchant

agreement with Visa or MasterCard,

you agreed to comply with

payment card industry security

standards.

Your Business Pay the Price

Whos more at risk of a cardholder data security breach? A large chain with a huge IT budget or an independent restaurant with little technical resources?

of her system for nearly seven months before suspicious transactions were tracked to her restaurant.

Global payment security consultant Trustwave reports

that 9 of 10 cardholder data compromise incidents are

aimed at small operators, such as restaurant and pub

Spankys Marshside, in Brunswick, Georgia.

Like many operators, Carla didnt realize that her POS stored cardholder data, even though the information was no longer

needed after the transaction has been authorized. I didnt think I was at risk, Carla said. I thought I had everything I needed because I had a brand new POS system and I thought

that my software was compliant.

In August 2006, hackers broke into Spankys POS system. Magnetic data was taken which I didnt even know we were storing in the hard drive, and new cards were made and sold over the Internet, said owner Carla Yarborough, in a video interview with the Retail Solutions Providers Association.

Trustwave reports that in 60% of the cases where data is

compromised, merchants are relying on outdated software

that improperly handles sensitive cardholder data.

I just felt I had been blindsided because I was not aware it could even happen, Carla said. She didnt learn of the breach until February of the following year. Hackers had the run

Buying and maintaining compliant equipment is a crucial

step toward protecting your customers from theft and your

business from liability. I think you dont have a choice, Carla said. You can take the risk if you want to, but Im sitting here as a witness that it can happen. The damages far

outweigh the cost of upgrading your system.

At the time of the interview, the breach at Carlas restaurant had cost her $110,000 and counting. The small business person is taking up the brunt of the whole thing, Carla deplored. We have to pay for it one way or the other, if not by closing our doors, then by having to pay out big sums of

money.

How did you get to be liable?

When you signed a merchant agreement with Visa or

MasterCard, you agreed to comply with payment card industry

security standards. Its a single paragraph in the standard agreement that every merchant signs. But if a credit card

breach is tracked to your restaurant, and you are unable to

demonstrate compliance, that single paragraph could cost you

more in fines and other penalties than your business can bear.

James Lee M. 917.930.3945 F.718.661.0014 [email protected]

Sign up for

Consultation

HOW TO AVOID OR REDUCE

COST OF DATA BREACH

Part 2. Cost of Data Breach

Fines for Non-compliance with the PCI standard.

Fine Up to $500,000 with VISA and

up to $200,000 with MasterCard

Dont you decide to protect your business from the data breach and the High Cost of Data Breaches?

You may still wonder:

Why merchants have to pay for the cost of data breach and Non PCI Compliance Fine?

How to avoid or Reduce this scary cost of data breach?

You will discover the answer at the next

Ignoring The Potentials of Data Breach and Cost May

Destroy Your Business

Do You Aware the Heavy cost of data breach compromise can destroy your business?

Learn More, Contact James Lee at 1-917-930-3945 [email protected]

Your Business

is not Secured..

Ask About

Merchant Services



You know Your Business Is Not Safe

From The Data Breach That May Result

In The Loss Of Your Business

How to

Protect Your Business

With

PCI Compliance

and

Your Security

Solutions

Ask About

Merchant Services



Learn How to

Protects Your Business

Learn About Payment Industry

Security Compliance

Sign Up For Free Consultation


James Lee-Your Reliable Payment Processing Consultant

M. 917.930.3945 email: [email protected] www.facebook.com/bestprocessingsolutions

WorldPay Protects Your Business!

HOW TO PROTECT YOUR BUSINESS

FROM THE DATA BREACH AND THE FINE-AVERAGE $500.000

Answer: Businesses are required to implement all the Payment Card Industry Security requirements. Visa , MasterCard , Discover , American Express and JCB created the PCI Security Standards Council. There are 12 requirements for PCI DSS and businesses agree to adhere to them, when they sign the credit card processing agreement regardless of credit card processor. Most business do not realize they signed and agreed to the requirements; worse they think by paying a fee, they are safe and compliant. The reality is that merchants are responsible for all fees and fines if they suffer a data breach. A data breach can cost merchant tens of thousands of dollars enough to potentially put them out of business. Although a merchant may think that they are compliant because they are paying a monthly PCI fee, the reality is that they are likely paying a fee for non-compliance and not receiving anything in return for this fee.

Why merchants have to pay for the cost of data breach & Non PCI Compliance Fine How to avoid or Reduce this scary cost of data breach?

The Payment Application Data Security Standard (PA-DSS)

covers all software applications used to store, process, or transmit cardholder data as part of authorization or settlement. On October 1, 2008, the PCI Council developed a new standardPA-DSS to replace the VISA PABP standard.

The Payment Card Industry Data Security

Standard (PCI-DSS) outlines the requirements for

all merchants that store, process, or transmit

cardholder data.

PIN Entry Devices (PED

The PCI Security Standards Council

We would like the opportunity to educate you on the PCI requirements so you can determine if their current processor is actually providing the proper protection. We also would like to explain what products are available to them to protect the future of their business. In order to address the threats to credit card information,

Question:

Target

PCI requirements-MANDATORY

Why and How to Be A PCI Compliant?

Ask About

Merchant Services




HOW TO PROTECT YOUR BUSINESS


PCI EPP Standard

PCI DSS Standard

Payment Terminals POS

Terminals

Merchant Card

Acquirers Issuers

Automated Fuel Dispensers

Wireless Terminals Web Site

Host Servers

CORPORATE NETWORK

Store Servers

PCI PED Standard

Visa is implementing a series of mandates to eliminate the use of non- secure payment applications from the Visa payment system. Ensure all new POS deployments are only with PA-DSS certified POS applications

Remove all known vulnerable applications from the network by October 2009

Replace or upgrade existing POS terminals with PA-DSS certified applications before the July 2010 deadline

Visa is mandating that attended PIN Entry Device terminals adhere to PCI PED standards and implement TDES encryption

Ensure all new pin pads purchased are TDES-capable and PCI certified

Replace Pre-Visa PED Terminals with PCI PED Terminals by 7/1/2010

Need to Be PCI Compliant PCI Program Provider SAQ Certification 12 Requirement

PCI Program PCI Compliant Payment Equipment

Why and How to Be A PCI Compliant?

The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data.

PA-DSS Standard

You are now PCI Compliant who can protect your business from the crippling effects of

data compromise and avoid the critical fine of non PCI Compliance.

PCI Compliance at a glance

Ask About

Merchant Services



So how do you protect yourself?

3

Forensic investigation of your POS system = $10,000-$20,000

Reimbursement for purchases made using stolen cards

Replacement for stolen credit cards = $20-$30 per card. (Just 1,000 cards means $20,000-$30,000)

A nearly priceless loss of Brand Equity Fines for Non-compliance with the

PCI standard. Fine Up to $500,000

with VISA and up to $200,000 with

MasterCard

The Components of

Data Breach Cost

Ask us How We Can Helps Protect Your Business




So how do you protect yourself?

PROTECT

YOUR BUSINESS


PCI-DSS requires that you use only PABP/PA-DSS

compliant payment processing and POS systems.

Check the list of compliant vendors and software.

2. The Payment Application Data Security

Standard (PA-DSS) covers all software applications

used to store, process, or transmit cardholder data as

part of authorization or settlement. On October 1, 2008,

the PCI Council developed a new standardPA-DSS to replace the VISA PABP standard.

Start by educating yourself. The PCI Security Standards Council has developed standards to address the threats to credit card information.

As a business operator, there are two key standards that affect you:

1. The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data.

If you process credit cards in your business, you must comply

with PCI-DSS.


Breach Cost is The Fine for Non

PCI Compliance

Fines for Non-compliance with the PCI

standard is the most heaviest fine for data

breach what you need to avoid by being a

PCI Compliant.





*Visa awarded WorldPay a 2011 Service Quality Performance Award for the Lowest Fraud Chargeback

Rate and the Lowest Non-fraud Chargeback Rate

Credit card data, personal information and other private data attacks are a big part of white-collar crime. Anonymity from the crime via internet provides a larger problem and possess bigger treats as the attacks can be launched from anywhere in the world, even from within your own organization. Business size and type has little to do these days with potential data breeches and attacks as some believe that any data will do no matter what size the organization or business. Plain and simple, PCI is not optional and should be considered a key business policy to practice compliance. The PCI Security requirements have been put in place to secure the data and everyone must become compliant. Non-compliancy brings about fines and penalties from the payment card industry and providers. Fines can include the following: Fines of $500,000 per data security incident Fines of $50,000 per day for non-compliance with published standards Liability for all fraud losses incurred from compromised account numbers Liability for the cost of re-issuing cards associated with the compromise Suspension of merchant accounts Weight out your options... How important is your business, your livelihood and your personal and business information? Are you willing to take the risk of a data breech or attack? In addition to the fact that a single data breech can be devastating to you and your business, put you out-of-business and much worse, the fines and penalties can be just as massive. The above mentioned penalties are good indicators of what one can expect but they can get heftier and more expensive. It is simply not worth the risk and either a data breech or the fines and penalties can be devastating not to mention that you can lose your merchant account and will not be able to accept credit cards as payment. What happens if I am breached? Currently 38 states have enacted some sort of breach disclosure law. In general, most state laws follow the basic tenets of California's original law which was enacted in 2002. Companies who are breached must immediately disclose the data breach to customers, usually in writing. Companies must also notify their processor who will then notify the bank. At that point the processor or bank will initiate a PCI DSS audit on the merchant to see if the merchant was in fact PCI DSS compliant at the time of the breach. In case of a data breech you must report and disclose this to your customers, business partners, banks and providers. This is the law known as California SB 1386 which most states follow and adhere to. So, in essence, you have to make this public knowledge. The processor and PCI organization will then need to determine whether the business was or was not PCI complaint at the time of breech and will then determine which course of action to take. The merchant is obligated and expected to report any data breech and anything to the contrary can result in law suit and prosecution.


Learn About PCI Compliance

PCI Compliance & Fines PCI compliance requires that any business that processes transactions, stores credit card or card holder data MUST be compliant with the PCI DSS (Payment Card Industry Data Security Standards) and PCI-PA DSS If you handle or accept credit card payments then this means you too. Non-compliance is not an option and the fines and consequences are hefty. In order to address the threats to credit card information, the PCI Security Standards Council was formed in September, 2006. The PCI Security Standards Council has developed two primary standards that concern you:

PCI DSS The Payment Card Industry Data Security Standard outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your restaurants, you are responsible to comply with this standard. PA-DSS

Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data such as full magnetic stripe, credit card security code, or PIN data is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility.


HOW TOPROTECT YOUR BUSINESS


Q2. Do I need to use a PA-DSS compliant point of sale equipment? If you accept credit cards, the answer is: yes. As of July 2010, merchants are required to use only PCI PA-DSS validated point of sale and payment applications. Financial institutions enforce the requirement for an annual PCI security self-assessment and quarterly network scans, and can levy fines for non-compliance. If your POS system is non-compliant, you will automatically fail your PCI assessment, and could lose the ability to accept credit cards.

Q3. What if I choose not to comply with PCI standards? Aside from the penalties and liability associated with a credit card breach, the effect on your brand could be devastating: Not surprisingly, sixty percent of consumers in a recent poll said that they would never return to a business where their credit card information was stolen. And as the payment card industry continues to tighten its enforcement of the standard, you may also lose the privilege of accepting credit cards at all.

Q5. What are the penalties for contravening the PCI standards? Card data theft is costly. If your business location is determined to be a common point of purchase for stolen card data, the card associations order a forensic audit. This can cost you in the neighborhood of $15,000. Then, depending on the number of cards affected, and whether you have taken the necessary steps toward PCI compliance, the card association(s) assess fines that can range from $50,000 and up. Moreover, 44 states to date have enacted privacy laws that require you to report any suspected breach to the FBI and personally notify every potentially affected cardholder. The cost of notification averages $30 to $50 per customer. In addition, following a breach, your restaurant is automatically re-classified as a Level 1 Merchant, subjecting you to the same rigorous audit requirements (and costs) as the largest retail companies in the country. Expect to pay $25,000 to $35,000 per year for a mandatory on-site audit. The Ponemon Institute, a research firm dedicated to privacy, data protection and information security, estimates that a breach costs between $90 and $305 per record. Many factors enter into such an estimate: in addition to the direct costs incurred in legal fees, security audits, fines, and penalties, there are also less tangible losses, such as brand damage, lost customers, and time spent dealing with the credit card breach. A feature article on RestaurantPartner.com, Restaurants and Credit Cards A Dangerous Combination, related this example from a single Atlanta Bread Co. restaurant in Kansas City: When a hacker compromised their credit card processing system it tallied up a bill of over $25,000 and counting. They were threatened with fines up to $1 million and had $16,000 pulled from their bank account without notice. This prohibited them from buying food for a period of time and then had to spend $7000 upgrading their POS system. Luckily, they were able to weather the storm and stay afloat. Unfortunately, many restaurants maintain a very tight cash flow and such a blow could easily put them out of business.

Q4. What happens when there is a credit card breach? Outlines a typical breach scenario: The fraud department of the credit card company that suspects a breach will contact the restaurant owner to discuss the irregular credit card transactions. The store will be submitted to an internal credit card security audit, which cost from $8,000 to $15,000. The business owner has to select a pre-approved forensic audit firm from a list provided. With little or no notice, the card processing company may begin withholding funds to pay for the projected fines and penalties. After the forensic audit is completed, the owner, auditor, and credit card company representative(s) will hold a conference call to review the findings and outline what steps the merchant must take to remedy the credit card breach. Failure to comply with remediation steps results in additional fines and the loss of credit card processing privileges. The merchant must pay all fines, penalties, and assessments that arose as a result of the breach.

*Visa awarded WorldPay a 2011 Service Quality Performance Award for the Lowest Fraud Chargeback Rate

and the Lowest Non-fraud Chargeback Rate

CONTACT JAMES LEE M. 917.930.3945 E-mail: [email protected]




Learn About PCI Compliance

What are the keys to compliance?

Contents

For merchants and organizations that store, process or transmit cardholder data

Introduction Overview of PCI Requirements

Security Controls and Processes for PCI DSS Requirements

PCI Quick Reference Guide

How to Comply With PCI DSS

Understanding the Payment Card Industry Data Security Standard version 1.2

Web Resources About the PCI

Security Standards Council

Refer to this great guide put together by the PCI Security

Council for more detailed information in an easy-to-follow

format.

Ask us for copies of their PCI Implementation Guide.

The PCI Data Security Standard outlines 12 key requirements for compliance:

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and

applications Implement Strong Access Control

Measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder

data Regularly Monitor and Test

Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and

processes Maintain an Information

Security Policy

12. Maintain a policy that addresses information security

The PCI Data Security Standard outlines 12 key requirements for compliance.

PCI DSS Standard

Need to Be PCI Compliant PCI Program SAQ Certification 12 Key Requirement

The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data.


Ask About

Merchant Services



Your point of sale Equipment is a key factor in safeguarding your business. One of the most important requirements of the PCI Data Security Standard is the use of point of sale Equipment-Hardware and payment applications at merchant locations by confirming sensitive cardholder Software that has been validated compliant.

Why you should care:

The risk to your business in the event of a breach, of course, is the #1 reason to be careful about choosing a PA-DSS validated point of sale application.

But theres another reason, too:

As of July 2010, merchants are

required to use only PCI-PA DSS

validated point of sale and

payment applications.

Financial institutions enforce the requirement for

an annual PCI security self-assessment and quarterly

network scans, and can levy fines for non-compliance.

If your POS Terminals or POS system is non-

compliant, you will automatically fail your PCI

assessment, and could lose the ability to accept

credit cards.

If a card data theft is traced back to your business, you are

liable. Installing a PA-DSS-validated POS is insurance

against this liability. So choose carefully.

Q. *What is PA-DSS?

A. Payment Application Data Security Standard (PA-DSS) is designed to help implement secure data such as full magnetic stripe, credit card security code, or PIN data is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility.

CARD HOLDER DATA

Processor

Ongoing testing by third-party labs ensure that all payment applications follow these new standards STORED SECURELY

Primary Account Number Cardholder Name Expiration Date NOT STORED

Full Magnetic Stripe Credit Card Security Code PIN Data**

PA-DSS APPROVAL

How does your POS Equipment factor into this?

Why Equipment Compliance is Important?


Ask About

Merchant Services



PCI Good Business Practices

Protecting your customers credit card information involves more than just using a PCI-compliant POS. It is important that

you also review security management, policies and procedures

in your restaurant.

Restrict employee access to your system to what is strictly

necessary to accomplish their job. Assign unique IDs and

passwords to each user, and ensure old IDs and passwords no

longer work.

Restrict access to your router to prevent illicit tampering with

your network connections. Keep all terminals in plain sight or

under lock and key to prevent illicit use.

You already have safety guidelines for staff. PCI-DSS says you

also need to create protective policies for customers personal information. Likewise, defining IT best practices is really just an

extension of your existing operating procedures. Got that

covered? Then prepare a maintenance schedule for your POS

like the one you follow for your oven to keep up to date.

Add the annual PCI Self-Assessment Questionnaire to your

regular insurance review. After all, handling credit card data

without the proper controls is like running a business without

insurance. Then take a few minutes to schedule your quarterly

network scans.

Do routine vulnerability scans of your systems.*

Do security awareness training for all of your

staff. Do audits of system access.

Do monitor your system activity logs.

Do remove access privileges of separated

employees. Do install software patches.

Do take any threats seriously

Do have an incident response plan in place

Dont store or archive whole credit card numbers.

Dont transmit credit card information

PCI Dos and Donts

PCI Dos

unencrypted.

PCI Donts

Its important to read and understand the PCI Data Security Standard, and take the necessary steps to comply.

But limiting your liability ultimately comes down to these five

key points:

Never...EVER...store cardholder data after transaction authentication.

2. Use a PA-DSS validated POS Equipment.

Complete an accurate PCI Self-Assessment

Questionnaire each year.

Schedule quarterly PCI network scans.

Manage your credit card environment like your business

depends on it.

1.

Go to the source for complete details:

The PCI Security Standards


Ask About

Merchant Services



Step Three: Sign Up For Free Consultation

Your Business Protection


Sign Up for Free Consultation And

Become A PCI Compliant With

A Complete Free PCI Program At The Top of

The Best Benefits On Payment Processing

Never Delivered From Others

3

Ask About

Merchant Services



How does your POS Equipment factor into this?

Do not operate NON-COMPLIANT AND KNOWN-COMPROMISED PIN ENTRY DEVICES.

IT COULD BE THE REASON OF DATA BREACH and Non PCI Fines up $500.000

NONCOMPLIANT DEVICES

POSSIBLE REPLACEMENT

DEVICES

Hypercom ICE 5500 VeriFone Vx510LE (3730LE)

or Hypercom T4220

Ingenico eN-Crypt 100 PIN Pad VeriFone PP 1000SE PCI-PED IVI Sentinel PIN Pad

Lipman Nurit 2085 Terminal Add the external PIN Pad VeriFone PP 1000SE

PCI-PED Lipman Nurit 2085+ Terminal

Lipman Nurit 3000 Terminal VeriFone Vx510LE (3730LE)

Lipman Nurit 3010 Terminal

NCR 5945 PIN Pad

VeriFone Mx830 or Vx850 NCR 5991 PIN Pad

NCR 5992 PIN Pad

Thales Talento T-IPP Terminal

VeriFone Vx510LE (3730LE)

Thales Talento T-IPPS Terminal

Thales T-Pad PIN Pad

VeriFone Omni 3210 Terminal

VeriFone Omni 470 Terminal

VeriFone Omni 490 VeriFone Mx830 or Vx850

VeriFone PIN Pad 1000 VeriFone PP 1000SE

PCI-PED VeriFone PIN Pad 1000SE (160 Firmware)

VeriFone PIN Pad 1000SE G-Site (160 Firmware)

There is no PCI-PED- compliant device for

G-Site Fuelman.

VeriFone SC5000 PIN Pad (Pulsar and Stardust model) VeriFone SC5000 PCI-PED

We strive to keep you informed about important compliance PCI-PA DSS mandates and regulations affecting your business.

Current Card Association mandates require that all

merchant acquirers and acquiring processors begin

retirement of PIN Pad and

terminal devices that are not PED compliant (non lab

evaluated), are not TDES encrypted or that are on Visas

known-compromised device list.

Non-compliant devices must be removed from service no later than

July 1, 2010, and known-compromised devices should be

removed from service as soon as possible.

NON-PED-COMPLIANT DEVICES:

Are typically referred to as non lab evaluated or

vendor attested devices

Typically only support the less secure SDES and do

not support the more robust TDES encryption

KNOWN-COMPROMISED DEVICES:

Appear on Visas known-compromised list Pose an elevated risk of breach of cardholder information

Can subject merchants to a risk of fines up to

$500,000 per incident from Visa , MasterCard or

other Card Associations if cardholder information is

compromised in any way

James Lee is urging retailers to consider replacing these devices quickly to avoid the risk of being non-compliant. Our

goal is to notify our merchants well ahead of the July 2010 mandate regarding PED-compliant replacements and

upgrades. Please see the lists of known-compromised and non-compliant devices along with possible replacement devices:

NON-COMPLIANT DEVICES

Payment Processing Hardware Compliance

Ask About

Merchant Services



The PCI Security Standards Council (PCI-SSC) has

officially announced a significant enhancement to

payment security that has far-reaching operational

consequences for all retailers with electronic

payment transaction systems. The new mandate

requires that most payment applications must

now be audited under the new PA-DSS (Payment

Application Data Security Standard) on a continual

basis, which will help merchants maintain PCI DSS

compliance. Here, VeriFone answers common

questions regarding the new security standard.

Security is a never-ending race against

potential attackers.

As a result, it is necessary to regularly

review, update and improve the

security requirements used to evaluate


PCI PA-DSS Program Guide


Ask About

Merchant Services



Q. What is PA-DSS?

A . Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant

locations by confirming sensitive cardholder data such as full

magnetic stripe, credit card security code, or PIN data is not

stored. PA-DSS compliance can only be accurately verified by a

qualified application audit facility.

Q. Are my payment applications compliant?

A . Managing data security can be a daunting task for merchants who do not have an onsite technical or security-related

staff. VeriFone has alleviated this headache by obtaining PA-DSS

approval for all payment applications

that operate on VeriFone terminals and providing you

the necessary supporting documentation to ensure your

compliance.* VeriFone is committed to delivering the

highest level of security by being the first to offer a full

suite of PA-DSS approved payment applications.

Q. What happens if Im non-compliant and compromised?

A . Merchants are responsible for maintaining site compliance based upon PCI DSS standards. Non-compliance and/or site

compromise can lead to:

Fines from financial institution

Reimbursement of forensic audit files

L it igat ion fees

Loss of reputation and customers

92% of security compromises were Level 4 merchants

(mom-and-pop companies). Losses associated with

breaches increased to $197 per card compromised.**

For more information visit

www.verifone.com/padss

www.verifone.com/security

www.pcisecuritystandards.org/security_standards/pa_dss.

www.pcisecuritystandards.org/security_standards/pci_dss.

* Please consult your payment service provider to find out when your application will be available. ** March 2008 Global Compromise Statistics review of 350 breaches by industry-leading security firm Trustwave.

Q. What are my responsibilities? A . Implementing a PA-DSS compliant payment application into a PCI DSS compliant environment

Configuring the payment application (where

configuration options are provided) according to the

PA-DSS Implementation Guide provided by the vendor

Configuring the application in a PCI DSS compliant

manner

Maintaining the PCI DSS compliant status for both

the environment and the application configuration

Merchants should complete the PCI DSS Self-Assessment

Questionnaire and Attestation of Compliance document

as a statement of compliance.

VeriFones PA-DSS approved applications enable

merchants to fulfill all of these responsibilities and

achieve PCI DSS compliance.

CARDHOLDER DATA

Processor

Ongoing testing by third-party labs ensure that all payment applications follow these new standards

STORED SECURELY Primary Account Number Cardholder Name Expiration Date

NOT STORED Full Magnetic Stripe Credit Card Security Code PIN Data**

PA-DSS APPROVAL

w w w . v e r i f o n e . c o m

2009 VeriFone. All rights reserved. VeriFone and the VeriFone logo are either trademarks or registered trademarks of VeriFone in the United States and/or other countries. All features and specifications are subject to change without notice. 01/09 45694 Rev B 0/FS

The PCI Security Standards Council (PCI-SSC) has officially announced a significant enhancement to payment security that has far-reaching operational consequences for all retailers with electronic payment transaction systems. The new mandate requires that most payment applications must now be audited under the new PA-DSS (Payment Application Data Security Standard) on a continual basis, which will help merchants maintain PCI DSS compliance.


As of July 2010, merchants are

required to use only PCI-PA DSS

validated point of sale and


Q. *What is PA-DSS?

A. Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data such as full magnetic stripe, credit card security code, or PIN data is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility.

CARD HOLDER DATA

Processor

Ongoing testing by third-party labs ensure that all payment applications follow these new standards

STORED SECURELY Primary Account Number Cardholder Name Expiration Date

NOT STORED

PA-DSS APPROVAL

SIGN UP A CONSULTATION TO UPGRADE TO PCI APPROVED PAYMENT

PROCESSING EQUIPMENTS FIT YOUR BUSINESS.

AS OF JULY 2010, MERCHANTS ARE REQUIRED TO USE ONLY *PCI PA-DSS VALIDATED POINT

OF SALE AND PAYMENT APPLICATIONS. NON PCI COMPLIANT TERMINALS MUST BE REMOVED

7/10/2010. Nearly Half Of The Data Breaches That Occur Are Through Point Of Sale (POS) Terminals That Are Out Of Compliance such terminals Listed Credit Above, No Longer PCI Complaints. These Credit Card Terminals also do not qualify credit cards correctly resulting in higher fees and surcharges. Financial institutions enforce the requirement for an annual PCI security self-assessment, Quarterly network scans and use only PCI PA-DSS validated point of sale and payment applications and can levy fines for non-compliance. If your POS Equipment is non-compliant, you will automatically FAIL YOUR PCI ASSESSMENT, and could lose the ability to accept credit cards. Also youre putting your customer information and possibly your entire business in jeopardy. Businesses that use noncompliant credit card processing equipment are at high risk for a data security breach. A data breach while out of compliance could result in

Forensic investigation of your POS system = $10,000-$20,000 Reimbursement for purchases made using stolen cards Replacement for stolen credit cards = $20-$30 per card. (Just 1,000 cards means $20,000-$30,000) A nearly priceless loss of Brand Equity

Fines for Non-compliance with the PCI standard. Fine Up to $500,000 with VISA and up to $200,000 with MasterCard Even if you do not suffer a data breach, noncompliant credit card processing terminals can cause major headaches including slower

.

STOP TO OPERATE NON PCI

COMPLIANT TERMINAL OR MAY

RESULT IN FINES UP TO$500,000

Upgrade PCI Compliant

Processing Equipment

NO LONGER PCI COMPLIANT TERMINALS

STOP TO USE NON PCI COMPLIANT TERMINALS ABOVE

OR MAY RESULT IN FINES UP TO $500,000.

Full Magnetic Stripe Credit Card Security Code PIN Data**

You will get the right buyers guide: How to Select type of Equipment POS System, Stand alone Terminal,

Virtual Terminal, Mobile Payment with Card Reader Payment Software or Quick Book Integrated Payment Software: etc

The best meadow of payment and pricing guide: Free with Condition, Install Payment or pay all at onetime.

Ask About

Merchant Services



Step Three:

Sign Up for Free Consultation And

Become A PCI Compliant With

A Complete Free PCI Program At The Top of

The Best Benefits On Payment Processing

Never Delivered From Others

3

There is nothing more important than

Your Business Protection


Ask About

Merchant Services



Since 1998, James Lee has been serving a free consulting services and provided the most reliable business payment solutions to around 5,000 US merchants. Just asking him what your business needs on payment processing, you will get the best answer from James Lee-your reliable payment processing consultant. If you have the pain on payment processing, just ask him so that you get an instant resolution without the waste of time and mistreatment.

You are sick and tired of hidden surcharges eating your profits every single sales, are you? You do not have to stay

on it. We will show you how to stop your loss and help your business more profitable when we talk together.

Time is money. The more delaying , The more loss of your profits.

Sign up for Free Consultation Not to

Miss Your Business Total Advantages

These copies were created by James Lee and opinions expressed here are the personal opinions of James Lee, an account execut ive of Clearent. Content published

here is not monitored or approved by Clearent before it is posted and does not necessarily represent the views and opinions of Clearent.

To Set up Merchant Account without set up cost at the condition of no cancellation fee

To have the perfect payment solutions you have been looking for..

To prevent your damages from the bad choice for the processing services provider, equipment's and service plan: etc

To Stop your loss profits on hidden surcharges on payment processing service fee.

To protect your business from the damages from the failing of payment processing mandatories such as PCI Compliance

Visit my business page James Lees Free Payment Processing Consultation and Thumbs Up then You will get the further merchant guide

Be connected at Social Connections: LinkedIn Twitter Facebook

James Lee's reliable payment processing consultation helps you:

More Resource

Ask About

Merchant Services



Documents

James Lee's PCI Guide- 3Steps Protecting Your Business What Every Merchants Must Know