adoção do pci no brasil - 10o workshop seginfo - apresentação
TRANSCRIPT
![Page 1: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/1.jpg)
PCI Payment Protection Resources for Small Merchants
Carlos CaetanoAssociate Regional Director – Brazil atPCI Security Standards Council
![Page 2: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/2.jpg)
Agenda
Background
Resources
Call to Action
What’s Next
Intro
![Page 3: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/3.jpg)
Intro
![Page 4: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/4.jpg)
What is the PCI Security Standards Council?
Collaboration
Education
Simplified solutions for merchants
![Page 5: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/5.jpg)
What does PCI Council Produce?Standards, Best Practices & Services
Training – Assessors, Acquirers, Integrators
Validation & Qualification – Equipment, Service Providers, Assessors, Investigators
Payment Equipment Payment Software Merchant & Payment Service
Provider Environments
![Page 6: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/6.jpg)
What’s this all about?
![Page 7: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/7.jpg)
Why?Small businesses around the world are increasing targets for payment data theft
77% believe that their company is safe from cyber attacks
80% of websites attacked everyday belong to small merchants
Nearly half of global cyberattacks in 2015 were against small businesses
48% of small businesses have been hit by at least one cyber-attack in the past 12 months
20% see cyber security as a top business priority
10% have never invested in improving the security of their website
54% of SMEs who say they’re concerned their business could be at risk from an attack
![Page 8: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/8.jpg)
Current Threats
SQL Injection
Weak Passwords
Spear Phishing
Malware / Ransomware
Remote Attack Vector
Poor Patching
“No locale, industry or organization is bulletproof
when it comes to the compromise of data”
Verizon 2016 DBIR
![Page 9: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/9.jpg)
Birth and Rebirth of a Data Breach
Target phishingcampaign against
vendor
Person clicks on email and malware installation occurs
Keylogger deployed and client’s environment static
auth credentials stolen for final target access
Malware installed directly in final victm’s POS system
Malware functionalities of scraping RAM and exporting data, establishment
of control and persistence
Source: Verizon 2016 Data Breach Investigations Report
![Page 10: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/10.jpg)
Small Merchant
Task Force
![Page 11: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/11.jpg)
PCI Small Merchant Task ForceObjective
Collaborate with the PCI community to address the needs of the small merchant market segment by providing guidance that:
• Is simple, easy to understand and relevant to the unique needs of small merchants
• Helps small merchants understand their responsibility for protecting payment card data and to identify and mitigate areas of risk in their environment
• Provides small merchants with the information needed when assessing their own environment, working with a QSA, and/or considering a new payment channel, vendor or service provider
![Page 12: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/12.jpg)
Global Participation: Merchants & Merchant Partners
“If the larger merchants and financial institutions themselves cannot be protected from data breaches, you can imagine how difficult protection is for independent small business owners.”
“An issue that many small businesses have is that they
do not have the in-house resources to be experts in
all aspects of running a business. Small businesses rely on external expertise to
simplify the complicated.”
![Page 13: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/13.jpg)
Meet Mary, Ms. Small Business
• “How do I sell more wine?”
• “How do I differentiate my customers’ experience in a saturated market?”
• “How do I find and keep good employees?”
• Her bank.
• The 1-800 number on the sticker that’s on her payment system.
• To understand why/how she’s at risk.
• The right questions to ask her bank and her payment system vendor for help.
• Simple steps she can take.
On her mind Her needsHer dilemma Who she calls
Mary, wine bar owner
• She wants to do the right thing for her customers and her business
• BUT, she doesn’t have time to understand
“SSL Rootkits”
![Page 14: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/14.jpg)
Content Development Approach
Audience
Simple, not exhaustive
Accessible
Measurable
![Page 15: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/15.jpg)
Simplifying Security
![Page 16: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/16.jpg)
Simplifying SecurityPayment Protection Resources for Small Merchants
![Page 17: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/17.jpg)
Simplifying SecurityGuide to Safe Payments
![Page 18: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/18.jpg)
Simplifying SecurityGuide to Safe Payments – Understanding Your Risk
![Page 19: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/19.jpg)
Simplifying SecurityGuide to Safe Payments – Understanding Your Risk
![Page 20: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/20.jpg)
Simplifying SecurityGuide to Safe Payments – Protecting Your Business with Security Basics
Cost
Ease
Risk Mitigation
![Page 21: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/21.jpg)
Simplifying SecurityGuide to Safe Payments – Protecting Your Business with Security Basics
![Page 22: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/22.jpg)
Simplifying SecurityGuide to Safe Payments – Where to Get Help
Payment Brand List
• List of Compliant Service Providers
PCI DSS and Related Guidance
• More about PCI DSS• PCI DSS Self-Assessment
Questionnaires• Guide: Skimming Prevention: Overview
of Best Practices for Merchants
• List of Validated Payment Applications• List of Approved PTS Devices• List of Approved Scanning Vendors• List of Qualified Integrators/Resellers• List of P2PE Validated Solutions
PCI Council Listings
![Page 23: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/23.jpg)
Simplifying SecurityCommon Payment Systems
![Page 24: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/24.jpg)
Simplifying SecurityCommon Payment Systems
![Page 25: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/25.jpg)
Simplifying SecurityCommon Payment Systems - Example
YES
This IS my setup.Show me the details.
NO
This IS NOT my setup.Show me the next step.
BACKto previous diagram.
Mag Stripe
RISK PROFILE
Chip
TYPE 2 PROTECTIONS
LOWER LOWER
![Page 26: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/26.jpg)
Simplifying SecurityCommon Payment Systems - Example
![Page 27: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/27.jpg)
Simplifying SecurityE-commerce example
YES
This IS my setup.Show me the details.
NO
This IS NOT my setup.Show me the next step.
BACKto previous diagram.
RISK PROFILE
TYPE 10 PROTECTIONS
LOWER
![Page 28: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/28.jpg)
Simplifying Security E-commerce example
![Page 29: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/29.jpg)
Simplifying SecurityQuestions to Ask Your Vendors
![Page 30: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/30.jpg)
Simplifying SecurityGlossary of Payment Information Security Terms
![Page 31: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/31.jpg)
How Can You Help?
![Page 32: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/32.jpg)
Restaurateurs are not technology experts. They areskilled in culinary arts, general business managementand hospitality. Like many small businesses, they arereliant on the expertise of others in the cybersecurityspace. In order for small restaurants to thrive in thedigital age, they will need significant help from thebroader technology and security community.
David Matthews, National Restaurant Association, PCI Small Merchant Taskforce Co-Chair
“
“
![Page 33: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/33.jpg)
Call to Action
Visit PCI SSC website
Download
Share
Co-brand
https://www.pcisecuritystandards.org/pci_security/small_merchant
How You Can Help
![Page 34: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/34.jpg)
Regional Participant Organizations
![Page 35: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/35.jpg)
Participating Organization Benefits
• Advance review of standards and supporting materials before release, with the opportunity to provide feedback
• Complimentary attendance at annual Community Meetings hosted by the Council
• Substantial training discounts; courses are offered in instructor-led and eLearning formats
• Nominate and vote for representatives to stand for election to the Council’s Board of Advisors
• Drive the Special Interest Groups (SIGs) that provide the Council with understanding and guidance on particular topics or technologies
769PCI Council
Participating
Organizations
Join us: www.pcisecuritystandards.org/get_involved/participating_organizations
![Page 36: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/36.jpg)
Attend South America Forum and Save
We Need You!
All attendees of the South America Forum will receive a
$1,500 savings on a PCI Participation Organization
membership.Discount Code will be
provided at event.
Check PCI website for more info on the August 2017 event
![Page 37: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/37.jpg)
Get Trained and Ready to Support the IndustryBecome a PCI Professional – you’ll be in good company
• Over 2,500 of your colleagues have become PCIPs - why not join them and show off your PCI knowledge?
• Get the three-year credential that’s not tied to your employer.
• When you do, you can show off your professional status since you’ll be listed on the PCI website!
https://www.pcisecuritystandards.org/program_training_and_qualification/pci_professional_qualification
![Page 38: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/38.jpg)
What’s Next?
![Page 39: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/39.jpg)
Based on feedback, enhance current small merchant materials as needed
Evaluate and propose simple-to-use alternate validation tools and/or SAQs
Formalize communications strategy and determine effectiveness of dissemination methods
2016 / 2017 Focus
![Page 40: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/40.jpg)
Resources
Check Our
Document Library
for New Resources
www.pcisecuritystandards.org
![Page 41: Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação](https://reader034.vdocuments.net/reader034/viewer/2022051520/58a847eb1a28ab210b8b4697/html5/thumbnails/41.jpg)
Thank You