SlideShare a Scribd company logo

Webinar Slides: Payment Card Industry Data Security Standards – PCI-DSS Update

MHM (Mayer Hoffman McCann P.C.)
MHM (Mayer Hoffman McCann P.C.)

Original air date: March 24, 2016 Recording available at http://www.mhmcpa.com. Due to growing concerns with credit card fraud, the Payment Card Industry (PCI) has established data security standards (DSS) to protect customers and merchants involved in payment card transactions. Although more commonly associated with the commercial sector, PCI compliance plays an important role in nonprofits as well. Donors increasingly rely on credit cards to make their contributions. Complying with the PCI DSS can help reduce the risk of a data breach and instill trust in your donors that your organization can keep their valuable data secure. Join us as we discuss the notable requirements and clarifications that have been introduced in the most recent PCI DSS. Our presenter will also provide best practices for how you can protect your organization from further risk.

Economy & Finance
1 of 45
Download to read offline
#cbizmhmwebinar 1 CBIZ & MHM Executive Education Series™ Payment Card Industry Data Security Standards – PCI-DSS Update Karen Cassella & Brenda Brigman March 24 & March 29, 2016
#cbizmhmwebinar 2 Before We Get Started… • To view this webinar in full screen mode, click on view options in the upper right hand corner. • Click the Support tab for technical assistance. • If you have a question during the presentation, please use the Q&A feature at the bottom of your screen.
#cbizmhmwebinar 3 CPE Credit This webinar is eligible for CPE credit. To receive credit, you will need to answer periodic participation markers throughout the webinar. External participants will receive their CPE certificate via email immediately following the webinar.
#cbizmhmwebinar 4 Disclaimer The information in this Executive Education Series course is a brief summary and may not include all the details relevant to your situation. Please contact your service provider to further discuss the impact on your business.
#cbizmhmwebinar 5 Karen Cassella is a Managing Director in the CBIZ Risk & Advisory Services practice and has more than 20 years experience performing internal and external audits, fraud investigations, SOX-404 compliance, PCI compliance and various regulatory audit and consulting services in the public and private sectors. Karen led the effort for CBIZ to become a certified Qualified Security Assessor (QSA) Company that is certified and approved by the Payment Card Industry (PCI) Security Standards Council. Her team performs PCI audits for merchants and service providers in the public and private sectors at all levels. 901.842.2859 • kcassella@cbiz.com KAREN CASSELLA, CICA Managing Director Presenters
#cbizmhmwebinar 6 Presenters Brenda is the National PCI Practice Leader for CBIZ Security & Advisory Services. She has over 15 years of experience in Information Technology Management and over 10 years of experience in Information Technology Auditing, including internal audit and risk management. She has served as an Engagement Manager on multiple Level 1 PCI engagements and her industry experience includes in IT, manufacturing, financial services, healthcare, insurance, hospitality, nonprofit and government. Prior to joining CBIZ, Brenda has experience with KPMG as a Manager in their Risk Assurance Services practice and served over 20 years with Federal Express. 901.685.5575 •bbrigman@cbiz.com BRENDA BRIGMAN, QSA, PCIP, CCSK, CISA, CISSP PCI National Practice Leader
#cbizmhmwebinar 7 Agenda PCI-DSS Introduction – The Basics 02 01 03 04 Anatomy of a Breach Cost of Noncompliance Building a Robust PCI Compliance Program 05 Questions
#cbizmhmwebinar 8 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS THE BASICS
#cbizmhmwebinar 9 Who Must Comply? All organizations, including merchants and service providers, that store, process and/or transmit cardholder data must validate that they are compliant with PCI DSS and provide proof of compliance to their acquirer once every year.
#cbizmhmwebinar 10 What is PCI-DSS? Payment Card Industry Data Security Standard (PCI DSS) is a set of technical and operational requirements designed to protect credit card data. The credit card brands enforce the requirements which include an annual validation.
#cbizmhmwebinar 11 Payment Card Industry Security Standards Council – Brief History
#cbizmhmwebinar 12 What is Payment Card Data?
#cbizmhmwebinar 13 Six Objectives and 12 Requirements Goals Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel
#cbizmhmwebinar 14 Merchant Levels (VISA) Level Merchant Criteria 1 Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year or any merchant that has suffered a data breach. 2 Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year. 3 Any merchant processing 20,000 to 1,000,000 e-commerce transactions per year. 4 Any merchant processing fewer than 20,000 e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 transactions per year.
#cbizmhmwebinar 15 Merchant Validation Requirements (VISA) Level Validation Requirements 1 • Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) if signed by officer of the company • Quarterly network scan by Approved Scan Vendor (ASV) • Attestation of Compliance Form (AOC) 2 • Annual Self-Assessment Questionnaire (SAQ) • Quarterly network scan by ASV •AOC 3 • Annual SAQ • Quarterly network scan by ASV •AOC 4 • Annual SAQ • Quarterly network scan by ASVif applicable • Compliance validation requirements set by merchant bank
#cbizmhmwebinar 16 Payment Methods & Validation Requirements SAQ Validation Type Merchant Payment Method A Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS validated third party service providers with no electronic storage, processing or transmission of any cardholder data on the merchant’s systems or premised. A-EP E-commerce merchants who outsource all payment processing to PCI DSS validated third parties and who have a website(s) that does not directly receive cardholder data but can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchants systems or premises. B Merchants using only imprint machines with no electronic cardholder storage and/or standalone, analog dial-out terminals with no electronic cardholder data storage. B-IP Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage. www.pcisecuritystandards.org
#cbizmhmwebinar 17 Payment Methods & Validation Requirements SAQ Validation Type Merchant Payment Method C-VT Merchant manually entering a single transaction at a time through a keyboard into an internet-based virtual payment terminal solution that is provided and hosted by a PCI-DSS validated third party service provider, no electronic cardholder data storage. C Merchants with payment application systems connected to the internet, no electronic cardholder data storage. P2PE Merchants using only hardware payment terminals that are included in and managed via a validated, PCI SSC-listed P2PE solution, with no cardholder data storage. D Merchants - all merchants not included in descriptions for the above SAQ types. Service Providers - all Service Providers defined by a payment brand as eligible to complete SAQ. www.pcisecuritystandards.org
#cbizmhmwebinar 18 Questions for PCI DSS BASICS • Who must validate compliance annually: A. Only merchants and service providers that have had a data breach B. All merchants that store, process or transmit cardholder data. C. All merchants and service providers that store, process or transmit cardholder data regardless of the number of transactions. D. Only Merchants and service providers that process more than 20,000 transactions per year. • If I need help understanding whether I can self-assess and which self- assessment form to use, my best course of action is to: A. Obtain the forms from www.pcisecuritystandards.org B. Seek the assistance of a Qualified Security Assessor (QSA) C. Ignore the requirement because no one will ever know D. Both A and B
#cbizmhmwebinar 19 PCI DATA SECURITY STANDARDS ANATOMY OF A BREACH
#cbizmhmwebinar 20 What is a Breach?
#cbizmhmwebinar 21 2015 Breaches by Industry 53% 19% 12% 8% 8% 2015 Business Sector Government & Non-Profit Medical Unknown Education Source: Security Affairs: DATA BREACH QUICKVIEW
#cbizmhmwebinar 22 2015 US State Rankings Risk Based Security – 2015 Data Breach Trends
#cbizmhmwebinar 23 Data Breach - Methods of Intrusion Method Percentage Weak remote access security 28% Weak passwords 28% Weak or non existent validation 15% Unpatched vulnerability 15% Misconfiguration 8% Malicious Insider 6%
#cbizmhmwebinar 24 Anatomy of a Breach
#cbizmhmwebinar 25 Data Security Observation – RISK! “Some organizations will be a target regardless of what they do, but most become a target because of what they do.”
#cbizmhmwebinar 26 Questions for Anatomy of a Breach? • If I do not validate PCI DSS compliance annually: A. the acquirer can revoke my right to accept credit cards B. I am at greater risk for a data breach C. All merchants and service providers D. Both A and B • I do not have to worry about a data breach because I have cyber security insurance. A. True or False • I do not have to worry about a data breach because I process very few transactions. A. True or False
#cbizmhmwebinar 27 PCI DATA SECURITY STANDARDS COST OF NON-COMPLIANCE
#cbizmhmwebinar 28 PCI Non-Compliance Merchants and service providers that do not submit proof of compliance to their acquirer can be subject to the following: • Penalties and fines for non-compliance (breach of contract) • Fines from card brands passed on seen in increased processing fees • The ability to accept credit card payments can be revoked • Failure to implement PCI DSS requirements can lead to data breach
#cbizmhmwebinar 29 Data Breach Costs The merchant can incur or be held liable for the following costs associated with a data breach: • Cost to notify victims and provide credit monitoring • Cost to replace payment cards (credit, debit, HSA, gift) • Cost associated with fraudulent transactions • Forensic investigations • Increasing validation requirements and frequency • Incurring expense associated with revalidation by a QSA Once a merchant has been breached, the merchant can no longer self-assess
#cbizmhmwebinar 30 What’s at Stake for Nonprofits and Public Sector? • Significant risk to reputation • Donor’s trust • Credit card data stored for recurring membership or donations payments are at risk • Funding can be difficult to obtain or allocate for internal projects • Mobile payments at conferences or events pose a greater risk
#cbizmhmwebinar 31 Data Breach Response
#cbizmhmwebinar 32 Questions for Cost of Non Compliance ? • If I do not validate PCI DSS compliance annually: A. the acquirer can assess costly fines and penalties B. I am at greater risk for a data breach C. the ability to accept credit cards can be revoked D. All the above • My acquirer has not requested proof of compliance for me so I do not have to validate my compliance. A. True or False
#cbizmhmwebinar 33 PCI DATA SECURITY STANDARDS BUILD A ROBUST PCI COMPLIANCE PROGRAM
#cbizmhmwebinar 34 Six Objectives and Twelve Requirements Goals Requirements Build and Maintain a Secure Network 1. Install and Maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel https://www.pcisecuritystandards.org
#cbizmhmwebinar 35 Robust PCI DSS Compliance Program • Executive commitment and oversight • Scoped accurate • Controls and control tests must be objective, valid, reliable and economical • Report annually • Monitor and nurture PCI sustainment program
#cbizmhmwebinar 36 Cardholder Data Environment Scoped Accurately
#cbizmhmwebinar 37 Controls, Test and Evidence Clearly Defined • Objective • Test must be fair • Valid • Must consistently measure a specific ability • Reliable • Sufficient evidence and clear understanding of accountable individuals • Economical • Design control tests to be efficient and cost conscious
#cbizmhmwebinar 38 Report Annually • File your Attestation of Compliance (AOC) with your acquirer on an annual basis. • Inform your acquirer if your assessment results will be delayed. • Maintain evidence with the report for at least two years (or in accordance with your company data retention policy).
#cbizmhmwebinar 39 Monitor and Nurture PCI Sustainment Program • Define a test schedule for the year and monitor controls throughout the year. • Monitor and report the status of control testing on a consistent basis. • Ensure that any control failures are remediated and retested in a timely manner.
#cbizmhmwebinar 40 Questions for Building a Robust PCI Compliance Program • True or False: Scoping is one of the most important functions of the annual PCI compliance assessment. • True or False: The best PCI DSS Compliance Programs have a champion to promote security and build a strong security culture.
#cbizmhmwebinar 41 Marketability of your PCI Compliance Once your organization is PCI compliant, publish this stamp on your website.
#cbizmhmwebinar 42 ? QUESTIONS
#cbizmhmwebinar 43 If You Enjoyed This Webinar… Upcoming Courses: • 3/31: Building an Actionable and Easy-to-Implement Business Continuity Plan • 4/5 & 4/19: Leasing Unleashed - A Deep Dive into the New Standard • 4/13 & 4/20: First Quarter Accounting and Financial Reporting Issues Update • 4/28 & 5/17: Top Lessons Learned from the First Year of the Uniform Grant Guidance Implementation Recent Publications: • Report Asks for 501(c)(3) Application Improvements • Managing Underwater Endowments for Not-for-Profit Organizations • Does Your Not-for-Profit Need an Audit of Its Marketing, Fundraising Streams and Advertising?
#cbizmhmwebinar 44 Connect with Us linkedin.com/company/ mayer-hoffman-mccann-p.c. @mhm_pc youtube.com/ mayerhoffmanmccann slideshare.net/mhmpc linkedin.com/company/ cbiz-mhm-llc @cbizmhm youtube.com/ BizTipsVideos slideshare.net/CBIZInc MHM CBIZ
#cbizmhmwebinar 45 THANK YOU CBIZ Security & Advisory Services , LLC cbizmhmwebinars@cbiz.com

Recommended

PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance ReadinessAl Abbas, PMP, CISSP, MBA, MSc
 
Payment Industry Trends for 2016
Payment Industry Trends for 2016Payment Industry Trends for 2016
Payment Industry Trends for 2016First American Payment Systems
 
Payment industry trends and opportunity
Payment industry trends and opportunityPayment industry trends and opportunity
Payment industry trends and opportunityDebasis Chakraborty
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
Transformation of the Electronic Payments Industry - Strategies for Growth
Transformation of the Electronic Payments Industry - Strategies for GrowthTransformation of the Electronic Payments Industry - Strategies for Growth
Transformation of the Electronic Payments Industry - Strategies for Growthfrancisfoo
 
Drupal在電子商務上的演進史
Drupal在電子商務上的演進史Drupal在電子商務上的演進史
Drupal在電子商務上的演進史James Liu
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 

Recommended

PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance ReadinessAl Abbas, PMP, CISSP, MBA, MSc
 
Payment Industry Trends for 2016
Payment Industry Trends for 2016Payment Industry Trends for 2016
Payment Industry Trends for 2016First American Payment Systems
 
Payment industry trends and opportunity
Payment industry trends and opportunityPayment industry trends and opportunity
Payment industry trends and opportunityDebasis Chakraborty
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
Transformation of the Electronic Payments Industry - Strategies for Growth
Transformation of the Electronic Payments Industry - Strategies for GrowthTransformation of the Electronic Payments Industry - Strategies for Growth
Transformation of the Electronic Payments Industry - Strategies for Growthfrancisfoo
 
Drupal在電子商務上的演進史
Drupal在電子商務上的演進史Drupal在電子商務上的演進史
Drupal在電子商務上的演進史James Liu
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
破壞所有遊戲規則的智慧型手機時代
破壞所有遊戲規則的智慧型手機時代破壞所有遊戲規則的智慧型手機時代
破壞所有遊戲規則的智慧型手機時代G-so Tseng
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)Amazon Web Services
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Global Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
Global Value Chain (GVC) Analysis of Mobile Financing Industry in BangladeshGlobal Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
Global Value Chain (GVC) Analysis of Mobile Financing Industry in BangladeshMaleeha Tarannum
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsDevSecCon
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
RoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDRoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDFranklin Mosley
 
DevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOpsSg
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Canturk Isci
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessSeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardWebinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardMHM (Mayer Hoffman McCann P.C.)
 
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateMHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardWebinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardMHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing StandardsWebinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing StandardsMHM (Mayer Hoffman McCann P.C.)
 

More Related Content

Viewers also liked

破壞所有遊戲規則的智慧型手機時代
破壞所有遊戲規則的智慧型手機時代破壞所有遊戲規則的智慧型手機時代
破壞所有遊戲規則的智慧型手機時代G-so Tseng
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)Amazon Web Services
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Global Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
Global Value Chain (GVC) Analysis of Mobile Financing Industry in BangladeshGlobal Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
Global Value Chain (GVC) Analysis of Mobile Financing Industry in BangladeshMaleeha Tarannum
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsDevSecCon
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
RoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDRoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDFranklin Mosley
 
DevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOpsSg
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Canturk Isci
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessSeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 

Viewers also liked (16)

破壞所有遊戲規則的智慧型手機時代
破壞所有遊戲規則的智慧型手機時代破壞所有遊戲規則的智慧型手機時代
破壞所有遊戲規則的智慧型手機時代
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
AWS re:Invent 2016: The Effective AWS CLI User (DEV402)
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Global Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
Global Value Chain (GVC) Analysis of Mobile Financing Industry in BangladeshGlobal Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
Global Value Chain (GVC) Analysis of Mobile Financing Industry in Bangladesh
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment security
 
RoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CDRoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CD
 
DevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August MeetupDevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August Meetup
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 

More from MHM (Mayer Hoffman McCann P.C.)

Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardWebinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardMHM (Mayer Hoffman McCann P.C.)
 
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateMHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardWebinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardMHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018MHM (Mayer Hoffman McCann P.C.)
 
Public Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard UpdatePublic Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard UpdateMHM (Mayer Hoffman McCann P.C.)
 
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues UpdateMHM (Mayer Hoffman McCann P.C.)
 
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...MHM (Mayer Hoffman McCann P.C.)
 
FASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based CompensationFASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based CompensationMHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit RulesWebinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit RulesMHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments DebriefWebinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments DebriefMHM (Mayer Hoffman McCann P.C.)
 

More from MHM (Mayer Hoffman McCann P.C.) (20)

Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardWebinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
 
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
 
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
 
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardWebinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
 
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
 
Webinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing StandardsWebinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing Standards
 
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
 
Public Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard UpdatePublic Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard Update
 
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
 
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
 
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
 
FASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based CompensationFASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based Compensation
 
Changes Coming to Consolidation Guidance
Changes Coming to Consolidation GuidanceChanges Coming to Consolidation Guidance
Changes Coming to Consolidation Guidance
 
Webinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax ConsiderationsWebinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax Considerations
 
Webinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit RulesWebinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit Rules
 
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
 
Characteristics of an Effective Audit Committee
Characteristics of an Effective Audit CommitteeCharacteristics of an Effective Audit Committee
Characteristics of an Effective Audit Committee
 
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments DebriefWebinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
 

Recently uploaded

《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》rnrncn29
 
SBP-Market-Operations and market managment
SBP-Market-Operations and market managmentSBP-Market-Operations and market managment
SBP-Market-Operations and market managmentfactical
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGeckoCoinGecko
 
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...Amil baba
 
Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)ECTIJ
 
Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...
Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...
Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...First NO1 World Amil baba in Faisalabad
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfHenry Tapper
 
Tenets of Physiocracy History of Economic
Tenets of Physiocracy History of EconomicTenets of Physiocracy History of Economic
Tenets of Physiocracy History of Economiccinemoviesu
 
Quantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector CompaniesQuantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector Companiesprashantbhati354
 
212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technologyz xss
 
(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)twfkn8xj
 
Stock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdfStock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdfMichael Silva
 
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证jdkhjh
 
Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]Commonwealth
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHenry Tapper
 
NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...
NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...
NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...Amil baba
 
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办fqiuho152
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...Amil Baba Dawood bangali
 
原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证
原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证
原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证rjrjkk
 

Recently uploaded (20)

《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
 
SBP-Market-Operations and market managment
SBP-Market-Operations and market managmentSBP-Market-Operations and market managment
SBP-Market-Operations and market managment
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko
 
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
 
Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)
 
Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...
Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...
Authentic No 1 Amil Baba In Pakistan Authentic No 1 Amil Baba In Karachi No 1...
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
 
Tenets of Physiocracy History of Economic
Tenets of Physiocracy History of EconomicTenets of Physiocracy History of Economic
Tenets of Physiocracy History of Economic
 
Quantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector CompaniesQuantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector Companies
 
212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology
 
(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)
 
Stock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdfStock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdf
 
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
 
Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview document
 
NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...
NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...
NO1 Certified Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Ami...
 
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
 
原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证
原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证
原版1:1复刻温哥华岛大学毕业证Vancouver毕业证留信学历认证
 

Webinar Slides: Payment Card Industry Data Security Standards – PCI-DSS Update

  • 1. #cbizmhmwebinar 1 CBIZ & MHM Executive Education Series™ Payment Card Industry Data Security Standards – PCI-DSS Update Karen Cassella & Brenda Brigman March 24 & March 29, 2016
  • 2. #cbizmhmwebinar 2 Before We Get Started… • To view this webinar in full screen mode, click on view options in the upper right hand corner. • Click the Support tab for technical assistance. • If you have a question during the presentation, please use the Q&A feature at the bottom of your screen.
  • 3. #cbizmhmwebinar 3 CPE Credit This webinar is eligible for CPE credit. To receive credit, you will need to answer periodic participation markers throughout the webinar. External participants will receive their CPE certificate via email immediately following the webinar.
  • 4. #cbizmhmwebinar 4 Disclaimer The information in this Executive Education Series course is a brief summary and may not include all the details relevant to your situation. Please contact your service provider to further discuss the impact on your business.
  • 5. #cbizmhmwebinar 5 Karen Cassella is a Managing Director in the CBIZ Risk & Advisory Services practice and has more than 20 years experience performing internal and external audits, fraud investigations, SOX-404 compliance, PCI compliance and various regulatory audit and consulting services in the public and private sectors. Karen led the effort for CBIZ to become a certified Qualified Security Assessor (QSA) Company that is certified and approved by the Payment Card Industry (PCI) Security Standards Council. Her team performs PCI audits for merchants and service providers in the public and private sectors at all levels. 901.842.2859 • kcassella@cbiz.com KAREN CASSELLA, CICA Managing Director Presenters
  • 6. #cbizmhmwebinar 6 Presenters Brenda is the National PCI Practice Leader for CBIZ Security & Advisory Services. She has over 15 years of experience in Information Technology Management and over 10 years of experience in Information Technology Auditing, including internal audit and risk management. She has served as an Engagement Manager on multiple Level 1 PCI engagements and her industry experience includes in IT, manufacturing, financial services, healthcare, insurance, hospitality, nonprofit and government. Prior to joining CBIZ, Brenda has experience with KPMG as a Manager in their Risk Assurance Services practice and served over 20 years with Federal Express. 901.685.5575 •bbrigman@cbiz.com BRENDA BRIGMAN, QSA, PCIP, CCSK, CISA, CISSP PCI National Practice Leader
  • 7. #cbizmhmwebinar 7 Agenda PCI-DSS Introduction – The Basics 02 01 03 04 Anatomy of a Breach Cost of Noncompliance Building a Robust PCI Compliance Program 05 Questions
  • 8. #cbizmhmwebinar 8 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS THE BASICS
  • 9. #cbizmhmwebinar 9 Who Must Comply? All organizations, including merchants and service providers, that store, process and/or transmit cardholder data must validate that they are compliant with PCI DSS and provide proof of compliance to their acquirer once every year.
  • 10. #cbizmhmwebinar 10 What is PCI-DSS? Payment Card Industry Data Security Standard (PCI DSS) is a set of technical and operational requirements designed to protect credit card data. The credit card brands enforce the requirements which include an annual validation.
  • 11. #cbizmhmwebinar 11 Payment Card Industry Security Standards Council – Brief History
  • 12. #cbizmhmwebinar 12 What is Payment Card Data?
  • 13. #cbizmhmwebinar 13 Six Objectives and 12 Requirements Goals Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel
  • 14. #cbizmhmwebinar 14 Merchant Levels (VISA) Level Merchant Criteria 1 Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year or any merchant that has suffered a data breach. 2 Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year. 3 Any merchant processing 20,000 to 1,000,000 e-commerce transactions per year. 4 Any merchant processing fewer than 20,000 e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 transactions per year.
  • 15. #cbizmhmwebinar 15 Merchant Validation Requirements (VISA) Level Validation Requirements 1 • Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) if signed by officer of the company • Quarterly network scan by Approved Scan Vendor (ASV) • Attestation of Compliance Form (AOC) 2 • Annual Self-Assessment Questionnaire (SAQ) • Quarterly network scan by ASV •AOC 3 • Annual SAQ • Quarterly network scan by ASV •AOC 4 • Annual SAQ • Quarterly network scan by ASVif applicable • Compliance validation requirements set by merchant bank
  • 16. #cbizmhmwebinar 16 Payment Methods & Validation Requirements SAQ Validation Type Merchant Payment Method A Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS validated third party service providers with no electronic storage, processing or transmission of any cardholder data on the merchant’s systems or premised. A-EP E-commerce merchants who outsource all payment processing to PCI DSS validated third parties and who have a website(s) that does not directly receive cardholder data but can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchants systems or premises. B Merchants using only imprint machines with no electronic cardholder storage and/or standalone, analog dial-out terminals with no electronic cardholder data storage. B-IP Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage. www.pcisecuritystandards.org
  • 17. #cbizmhmwebinar 17 Payment Methods & Validation Requirements SAQ Validation Type Merchant Payment Method C-VT Merchant manually entering a single transaction at a time through a keyboard into an internet-based virtual payment terminal solution that is provided and hosted by a PCI-DSS validated third party service provider, no electronic cardholder data storage. C Merchants with payment application systems connected to the internet, no electronic cardholder data storage. P2PE Merchants using only hardware payment terminals that are included in and managed via a validated, PCI SSC-listed P2PE solution, with no cardholder data storage. D Merchants - all merchants not included in descriptions for the above SAQ types. Service Providers - all Service Providers defined by a payment brand as eligible to complete SAQ. www.pcisecuritystandards.org
  • 18. #cbizmhmwebinar 18 Questions for PCI DSS BASICS • Who must validate compliance annually: A. Only merchants and service providers that have had a data breach B. All merchants that store, process or transmit cardholder data. C. All merchants and service providers that store, process or transmit cardholder data regardless of the number of transactions. D. Only Merchants and service providers that process more than 20,000 transactions per year. • If I need help understanding whether I can self-assess and which self- assessment form to use, my best course of action is to: A. Obtain the forms from www.pcisecuritystandards.org B. Seek the assistance of a Qualified Security Assessor (QSA) C. Ignore the requirement because no one will ever know D. Both A and B
  • 19. #cbizmhmwebinar 19 PCI DATA SECURITY STANDARDS ANATOMY OF A BREACH
  • 21. #cbizmhmwebinar 21 2015 Breaches by Industry 53% 19% 12% 8% 8% 2015 Business Sector Government & Non-Profit Medical Unknown Education Source: Security Affairs: DATA BREACH QUICKVIEW
  • 22. #cbizmhmwebinar 22 2015 US State Rankings Risk Based Security – 2015 Data Breach Trends
  • 23. #cbizmhmwebinar 23 Data Breach - Methods of Intrusion Method Percentage Weak remote access security 28% Weak passwords 28% Weak or non existent validation 15% Unpatched vulnerability 15% Misconfiguration 8% Malicious Insider 6%
  • 25. #cbizmhmwebinar 25 Data Security Observation – RISK! “Some organizations will be a target regardless of what they do, but most become a target because of what they do.”
  • 26. #cbizmhmwebinar 26 Questions for Anatomy of a Breach? • If I do not validate PCI DSS compliance annually: A. the acquirer can revoke my right to accept credit cards B. I am at greater risk for a data breach C. All merchants and service providers D. Both A and B • I do not have to worry about a data breach because I have cyber security insurance. A. True or False • I do not have to worry about a data breach because I process very few transactions. A. True or False
  • 27. #cbizmhmwebinar 27 PCI DATA SECURITY STANDARDS COST OF NON-COMPLIANCE
  • 28. #cbizmhmwebinar 28 PCI Non-Compliance Merchants and service providers that do not submit proof of compliance to their acquirer can be subject to the following: • Penalties and fines for non-compliance (breach of contract) • Fines from card brands passed on seen in increased processing fees • The ability to accept credit card payments can be revoked • Failure to implement PCI DSS requirements can lead to data breach
  • 29. #cbizmhmwebinar 29 Data Breach Costs The merchant can incur or be held liable for the following costs associated with a data breach: • Cost to notify victims and provide credit monitoring • Cost to replace payment cards (credit, debit, HSA, gift) • Cost associated with fraudulent transactions • Forensic investigations • Increasing validation requirements and frequency • Incurring expense associated with revalidation by a QSA Once a merchant has been breached, the merchant can no longer self-assess
  • 30. #cbizmhmwebinar 30 What’s at Stake for Nonprofits and Public Sector? • Significant risk to reputation • Donor’s trust • Credit card data stored for recurring membership or donations payments are at risk • Funding can be difficult to obtain or allocate for internal projects • Mobile payments at conferences or events pose a greater risk
  • 32. #cbizmhmwebinar 32 Questions for Cost of Non Compliance ? • If I do not validate PCI DSS compliance annually: A. the acquirer can assess costly fines and penalties B. I am at greater risk for a data breach C. the ability to accept credit cards can be revoked D. All the above • My acquirer has not requested proof of compliance for me so I do not have to validate my compliance. A. True or False
  • 33. #cbizmhmwebinar 33 PCI DATA SECURITY STANDARDS BUILD A ROBUST PCI COMPLIANCE PROGRAM
  • 34. #cbizmhmwebinar 34 Six Objectives and Twelve Requirements Goals Requirements Build and Maintain a Secure Network 1. Install and Maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel https://www.pcisecuritystandards.org
  • 35. #cbizmhmwebinar 35 Robust PCI DSS Compliance Program • Executive commitment and oversight • Scoped accurate • Controls and control tests must be objective, valid, reliable and economical • Report annually • Monitor and nurture PCI sustainment program
  • 36. #cbizmhmwebinar 36 Cardholder Data Environment Scoped Accurately
  • 37. #cbizmhmwebinar 37 Controls, Test and Evidence Clearly Defined • Objective • Test must be fair • Valid • Must consistently measure a specific ability • Reliable • Sufficient evidence and clear understanding of accountable individuals • Economical • Design control tests to be efficient and cost conscious
  • 38. #cbizmhmwebinar 38 Report Annually • File your Attestation of Compliance (AOC) with your acquirer on an annual basis. • Inform your acquirer if your assessment results will be delayed. • Maintain evidence with the report for at least two years (or in accordance with your company data retention policy).
  • 39. #cbizmhmwebinar 39 Monitor and Nurture PCI Sustainment Program • Define a test schedule for the year and monitor controls throughout the year. • Monitor and report the status of control testing on a consistent basis. • Ensure that any control failures are remediated and retested in a timely manner.
  • 40. #cbizmhmwebinar 40 Questions for Building a Robust PCI Compliance Program • True or False: Scoping is one of the most important functions of the annual PCI compliance assessment. • True or False: The best PCI DSS Compliance Programs have a champion to promote security and build a strong security culture.
  • 41. #cbizmhmwebinar 41 Marketability of your PCI Compliance Once your organization is PCI compliant, publish this stamp on your website.
  • 43. #cbizmhmwebinar 43 If You Enjoyed This Webinar… Upcoming Courses: • 3/31: Building an Actionable and Easy-to-Implement Business Continuity Plan • 4/5 & 4/19: Leasing Unleashed - A Deep Dive into the New Standard • 4/13 & 4/20: First Quarter Accounting and Financial Reporting Issues Update • 4/28 & 5/17: Top Lessons Learned from the First Year of the Uniform Grant Guidance Implementation Recent Publications: • Report Asks for 501(c)(3) Application Improvements • Managing Underwater Endowments for Not-for-Profit Organizations • Does Your Not-for-Profit Need an Audit of Its Marketing, Fundraising Streams and Advertising?
  • 44. #cbizmhmwebinar 44 Connect with Us linkedin.com/company/ mayer-hoffman-mccann-p.c. @mhm_pc youtube.com/ mayerhoffmanmccann slideshare.net/mhmpc linkedin.com/company/ cbiz-mhm-llc @cbizmhm youtube.com/ BizTipsVideos slideshare.net/CBIZInc MHM CBIZ
  • 45. #cbizmhmwebinar 45 THANK YOU CBIZ Security & Advisory Services , LLC cbizmhmwebinars@cbiz.com