date: 3/28/2014 getting started with the integrity easy pci program presenter : integrity payment...

DATE: 3/28/2014

GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM

Presenter : Integrity Payment Systems

Title: Easy PCI Program

1. Integrity Easy PCI Program

2. About Trustwave

3. PCI Basics

4. The Risk of Non-Compliance

5. Using TrustKeeper PCI Manager

AGENDA

Who We AreWHO IS TRUSTWAVE?Company facts and figures

ESTABLISHED

TRUSTED

GLOBAL

GROWING

INNOVATING

1995BY OVER 2.5 MILLION BUSINESSES

NOW OVER 1,200 EMPLOYEESCUSTOMERS IN 96 COUNTIRES

OVER 50 PATENTS & COUNTING

Global Threat Database feeds technologies and services with threat intelligence

Selected by more enterprises for compliance – chosen more often than the next 10 service providers combined

Industry’s most holistic portfolio of security technologies delivered through TrustKeeper®

PCI BASICS

• The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements designed to protect cardholder data

• It is applied to all merchants, systems, networks and applications that process, store, and/or transmit card numbers

PCI DSS Defined

PCI BASICS

• Cardholder data is any personally identifiable data associated with a cardholder, including:– Primary Account Number– Expiry Date– Name

• All merchants accepting debit/credit cards must comply with the PCI DSS at all times.

PCI DSS Defined

PCI DSS

• Self-Assessment Questionnaire (SAQ)– A questionnaire designed to assist organizations in self-evaluating

their IT and payment processing environment

• Vulnerability Scanning– Helps secure your business by identifying weaknesses in your

network and applications

• Qualified Security Assessor (QSA)– Certified to validate that a company is compliant with the PCI DSS

• Approved Scanning Vendor (ASV)– Certified to perform vulnerability scanning

Key Terms

THE RISK OF NON-COMPLIANCE

• Large corporations that have been breached make the news daily• What doesn’t make the news is that small merchants are at the

greatest risk of a data breach

Trustwave found that 90% of merchants that have data stolen are small businesses

PCI DSS COMPLIANCE

• Fundamental Best Security Practices– Avoid fraud– Helps to understand own system better– Clarifies where data is stored

• Upholds Brand Name– Adds value to name– Increases consumer confidence

• Non-compliant, compromised business could expect:– Damage to their brand/reputation– Investigation costs– Remediation costs– Fines and fees

Sound Business Practice

Integrity Data Breach Protection

• Data Breach Coverage is a new and unique indemnification program designed specifically to meet the expenses resulting from a suspected or actual breach of credit card data.

• Audit Costs – Employee Theft, Fraud, Stolen Computers, Hacked Networks, etc.

• Why do I need Data Breach Coverage?If you suffer a suspected or actual data breach, you could incur thousands upon thousands of dollars of unexpected costs in the form of audit expenses, card monitoring and replacement expenses, and fines. These costs could significantly affect revenue... and even jeopardize the existence of your business. This inexpensive program reduces your monetary exposure when a presumed or actual data compromise occurs, thus providing peace of mind!

$100,000 in Protection for Your Merchant

Other Data Breach FAQ’s

• 85% of Data Breaches happen in small, level 4 merchant locations.• No deductible on the $100,000 Insurance Policy• Even if you are compliant, a data breach can still happen!• Claims are processed quickly, within 30 days.• You will have an insurance company working to reduce the fees.

How big a problem is this?

GETTING STARTED WITH TRUSTKEEPER PCI MANAGER

USING TRUSTKEEPER PCI MANAGER

REGISTRATION – THREE EASY STEPS Step 1: Enter merchant information

REGISTRATION – THREE EASY STEPS Step 2: How does your business accept credit cards?

REGISTRATION – THREE EASY STEPS Step 3: Create User Account and Register

SAQ OR PCI WIZARD?Simplify completion by selecting the Step-By-Step Wizard

USING THE PCI WIZARD

USING THE PCI WIZARD

PCI WIZARD (INET-PA)

PCI WIZARD Click the “?” icon for help

PCI WIZARD Click the “i” icon to learn why it’s important

PCI WIZARD Answer a question wrong . . .

PCI WIZARD A task is added to the To Do List

SCAN SETUP Add a scan location

SCAN SETUP E-commerce website or physical location?

SCAN SETUPEnter information about the scan location

CERTIFICATE OF COMPLIANCE

TRUSTED COMMERCE SEAL

SECURITY POLICY ADVISOR Sample security policies and supporting documents

SECURITY AWARENESS EDUCATION Select training based on different industries and employee roles

RESOURCES

• PCI Security Standards Council:– https://www.pcisecuritystandards.org

• VISA CISP:– http://www.visa.com/cisp

• MasterCard SDP:– http://www.mastercard.com/sdp

• Discover DISC– http://www.discovernetwork.com/disc

• American Express– www.americanexpress.com/datasecurity

QUESTIONS?

• Integrity Easy PCI Starting Page:– https://pci.trustwave.com/integrity – Have your Merchant ID handy

• Customer Support – Trustwave– pcisupport@integritypays.com– (877) 417-2186

We’re here to help!

THANK YOU