D i a g r a m m i n g a

1010110100010001101010010

$$$$$$

DATA BREACHDATA BREACH

Think You’re Not a Target?

of data breaches occur in small and medium

sized businesses 1

of breach victims do not detect the breach

themselves 2

Crooks want transaction card data that can be converted to cash. They’ll go after anyone

who has it. Here’s what you need to know.

$23,675 average breach damage to small/Level 4 merchants 5

$3.8 billion in 2014 credit card losses (U.S.) due to counterfeit and lost/stolen cards 6

87 days (median) from initial intrusion to detection 2

1 day to containment if breach is self-detected 2

14 days to containment if breach is not self-detected 2

of breaches at point-of-sale 2

Source Footnotes

1. PCI Council, PCI Council Website, https://www.pcisecuritystandards.org/smb/why_secure.html, 20142. Trustwave, 2014 Global Security Report,

http://www2.trustwave.com/rs/trustwave/images/2014_Trustwave_Global_Security_Report.pdf?aliId=17096634, 2013

3. Verizon, Verizon 2014 PCI Compliance Report, http://www.verizonenterprise.com/pcireport/2014/, 20144. Ponemon Institute, Ponemon Institute Research Report, http://www.experian.com/assets/data-

breach/brochures/2014-ponemon-2nd-annual-preparedness.pdf, September 20145. Royal Group Services. Level 4 merchants are those who process less than 1 million VISA transactions annually.6. Source: Aite; 2012 to 2014, © Statista 2015.

1. Use complex passwords and two-factor authentications for all access in the payment environment, including POS accounts and remote access.

2. Properly store authentication/security tokens and change passwords every 90 days.

3. Install and keep current anti-virus, anti-spyware and firewalls to regularly run scans for malicious software.

4. Implement secure technologies such as point to point encryption, tokenization, and EMV to help remove valuable cardholder data from your environment.

5. Keep your POS and payment environment behind its own firewall, completely segregated from other networks such as complimentary customer Wi-Fi.

WHERE & WHY

Don’t be one of the nearly 30% of companies that have no data breach response plan. Prepare today!

Five Steps to Prevent & Prepare

80%71%

PCI Validation Matters!Only 11% of all merchants are fully PCI validated, but it’s one of the most important steps you can take. 3

11%

35%

18%11%

35% retail 2

18% food/beverage 2

11% hospitality 2

43% of companies reported a data breach in 2014 4

60% of victims experienced more than one breach 4

WHO Gets Hit?

of breaches due to weak passwords 2

33% 31% ****

87WHEN: The Timeline

WHAT is the Result?

A Vantiv Company