National Bank of Dominica Ltd 2011 Merchant Seminar Facilitator Janiere Frank Fraud amp Compliance Analyst June 16 2011 Legal Disclosure These materials are provided for informational purposes only and should not be relied upon for marketing le ID: 725147
Download Presentation The PPT/PDF document "The Caribbean Credit Card Corporation Lt..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
The Caribbean Credit Card Corporation Ltd.
National Bank of Dominica Ltd. 2011 Merchant Seminar
Facilitator:
Janiere
Frank
Fraud & Compliance
Analyst
June
16, 2011.Slide2
Legal Disclosure
These materials are provided for informational purposes only and should not be relied upon for marketing, legal, regulatory or other advice. You should independently evaluate all content and recommendations in light of your specific business needs, operations and policies as well as any applicable laws and regulations. Caribbean Credit Card Corporation Ltd. is not responsible for your use of these materials, including errors of any kind, or any assumptions or conclusions you might draw from their use.
Use of the following information is the sole and exclusive responsibility of the user.Slide3
Payment Card Industry Data Security Standard (PCI DSS)
A brief review of the Payment Card Data Security Standards Requirements and RelevanceSlide4
What is PCI DSS?
PCI DSS is:A set of requirements established by the Payment Card Industry Security Standards Council (PCI SSC) to protect cardholder data.
The founders of the PCI SSC:
Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services and JCB International Slide5
What is PCI DSS?
There are six (6) main goals and twelve (12) basic requirements of the PCI DSS. Slide6
Is PCI DSS relevant to me?
Compliance with the PCI data security standards is mandatory for
ALL entities that store, process or transmit cardholder data.This includes merchants, acquirers, processors and other participants in the industry.
Slide7
Why Comply?
Benefits of compliance:Helps to create a secure environment for customers
Increased customer confidenceGreater Market LeverageSlide8
Why Comply?
Consequences of non-compliance:
Fines and penaltiesTermination of ability to accept payment cardsLost confidence, so customers go to other merchantsLost sales
Cost of reissuing new payment cards
Legal costs, settlements and judgments
Fraud losses
Higher subsequent costs of compliance
Going out of business
www.pcisecuritystandards.orgSlide9
What do I need to protect?
PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 2.0, October 2010Slide10
What do I need to protect?
PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 2.0, October 2010Slide11
What do I need to protect?
Points from which cardholder data can be stolen:Compromised card reader
Paper stored in a filing cabinetData in a payment system databaseHidden camera recording entry of authentication dataSecret tap into your store’s wireless or wired network
www.pcisecuritystandards.orgSlide12
PCI DSS: An Ongoing Process
Assess – take an inventory of IT systems and business processes to identify cardholder data and determine vulnerabilities.
Remediate – fix vulnerabilities; don’t store card data unless needed.*Report – submit compliance reports to your bank.Slide13
Common Myths of PCI DSS
Myth 5 – PCI DSS is unreasonable; it requires too much
Myth 7 – We don’t take enough credit cards to be compliantPCI DSS compliance is required for any business that accepts payment cards –
even if the quantity of transactions is just one.
Myth 8
– We completed a SAQ so we’re compliantSlide14
QUESTIONS