security and pci compliance: what you should know
TRANSCRIPT
Security & PCI ComplianceWhat You Should Know
Presented By: Stephanie Wagner, Director of Business Development
FrontStream Payments, a front runner in the payments industry, specializes in empowering businesses to accept payments anytime, anywhere, any
way. As a trusted integrated partner with Frazer Computing, FrontStream is pleased to offer an interactive 30-minute session on the
important details of PCI Compliance.
What We Will Discuss….
• What is PCI Compliance? • Why is PCI Compliance so important? • Who should be concerned with PCI Compliance?• Where and when is PCI Compliance Applicable?
What is PCI Compliance?
Payment Card Industry Data Security Standard (PCI DSS)• A proprietary information security standard for organizations that handle
cardholder information for the major debit, credit, prepaid, e-purse, ATM and POS cards developed by the Payment Card Industry Security Standards Council (joint creation of Visa, MasterCard, Discover and American Express)
• Created to increase controls around cardholder data to reduce credit card fraud
• Must be validated annually by an external Qualified Security Assessor (QSA) who creates a Report on Compliance (ROC) for any organization that processes a large volume of transactions, or by Self-Assessment Questionnaire (SAQ) for companies who handle small volumes of transactions
How Credit Card Payments Work
Why Is PCI Compliance Important?
• Protect your business from data security breaches• Protect your customers’ personal/financial information• Ensure your business is not fined as much as $500,000 per data security
breach incident• Maintain your right to accept credit as payment • Protect your brand and business from incriminating lawsuits
7
12 Steps to PCI Compliance1. Install and maintain a firewall configuration to protect data2. Do not use vendor-supplied defaults for system passwords and other security
parameters3. Protect stored data4. Encrypt the transmission of cardholder data and sensitive information across
public networks5. Use and regularly update antivirus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that addresses information security
The 12 PCI Requirements (A Visual Aid)
What Level is Your Business?
Benefits of Frazer / FrontStream Integration in relation to PCI Compliance
• All credit card and ACH transactions supported through your existing Frazer interface
• Able to process one-time payments, recurring payments, and future payments
• Potential errors caused by redundant entry eliminated• Automatic batching decreases reconciliation time and saves
employee hours• No more countertop terminals• In-house customer and technical support for one-call resolution • Dedicated in-house PCI Compliance team• Breach protection program offered to all clients
Breach Protection – What FSP Does
FrontStream Payments has partnered with Royal Group Services to offer our merchants a high impact security breach protection program.
What this means to your business:• $50,000 coverage per breach incident per Merchant ID• If you have more than one Merchant ID, $500,000 cap per incident• As long as you’re not involved in the breach or suspected breach, you’re
protected from loss in three ways: 1) Forensic audit when a data breach is suspected 2) Card replacement costs 3) Assessments and fines
• As a merchant, you’re not required to be PCI DSS compliant certified to participate, but fines specific to non-compliance are not covered
• This program is offered regardless of credit card processor or sponsoring bank
To Be EXTRA Sure You are PCI Compliant
• Do not store credit card numbers in a digital format• Do not store any paper copies of CVV2 security codes• Destroy and purge any unnecessary data• Any paper documents with credit card information must be kept in a
locked filing area with restricted access• Check yourself – make sure your security is strong and follow your policy• Visit the PCI DSS website at www.pcisecuritystandards.org/merchants
and complete the appropriate survey for your business and send it to your merchant services provider
Thank you for joining us today!
Questions?