national bank of dominica ltd. 2011 merchant seminar facilitator: janiere frank fraud &...
TRANSCRIPT
The Caribbean Credit Card Corporation Ltd.
National Bank of Dominica Ltd. 2011 Merchant Seminar
Facilitator: Janiere Frank
Fraud & Compliance Analyst
June 16, 2011.
Legal Disclosure These materials are provided for informational purposes only and should not be
relied upon for marketing, legal, regulatory or other advice. You should independently evaluate all content and recommendations in light of your specific business needs, operations and policies as well as any applicable laws and regulations. Caribbean Credit Card Corporation Ltd. is not responsible for your use of these materials, including errors of any kind, or any assumptions or conclusions you might draw from their use.
Use of the following information is the sole and exclusive responsibility of the user.
Payment Card Industry Data Security Standard (PCI DSS)
A brief review of the Payment Card Data Security Standards Requirements and Relevance
What is PCI DSS?PCI DSS is:
A set of requirements established by the Payment Card Industry Security Standards Council (PCI SSC) to protect cardholder data.
The founders of the PCI SSC: Visa Inc., MasterCard Worldwide, American Express,
Discover Financial Services and JCB International
What is PCI DSS?There are six (6) main goals and twelve (12) basic
requirements of the PCI DSS.
Is PCI DSS relevant to me?Compliance with the PCI data security
standards is mandatory for ALL entities that store, process or transmit cardholder data.This includes merchants, acquirers, processors
and other participants in the industry.
Why Comply?Benefits of compliance:
Helps to create a secure environment for customers
Increased customer confidenceGreater Market Leverage
Why Comply?
Consequences of non-compliance:Fines and penaltiesTermination of ability to accept payment cardsLost confidence, so customers go to other merchantsLost salesCost of reissuing new payment cardsLegal costs, settlements and judgmentsFraud lossesHigher subsequent costs of complianceGoing out of business
www.pcisecuritystandards.org
What do I need to protect?
PCI DSS Quick Reference GuideUnderstanding the Payment Card Industry Data Security Standard version 2.0, October 2010
What do I need to protect?
PCI DSS Quick Reference GuideUnderstanding the Payment Card Industry Data Security Standard version 2.0, October 2010
What do I need to protect?Points from which cardholder data can be
stolen:Compromised card readerPaper stored in a filing cabinetData in a payment system databaseHidden camera recording entry of
authentication dataSecret tap into your store’s wireless or wired
network
www.pcisecuritystandards.org
PCI DSS: An Ongoing ProcessAssess – take an inventory
of IT systems and business processes to identify cardholder data and determine vulnerabilities.
Remediate – fix vulnerabilities; don’t store card data unless needed.*
Report – submit compliance reports to your bank.
Common Myths of PCI DSSMyth 5 – PCI DSS is unreasonable; it
requires too muchMyth 7 – We don’t take enough credit
cards to be compliantPCI DSS compliance is required for any
business that accepts payment cards – even if the quantity of transactions is just one.
Myth 8 – We completed a SAQ so we’re compliant
QUESTIONS