Our numbers speak for themselves. Not many out there can match our track record of success. You see that on the bottom left, w 300 Million Donated Online to FirstGiving since 2003….
Security & PCI ComplianceWhat You Should KnowPresented By:Stephanie Wagner, Director of Business Development
FrontStream Payments, a front runner in the payments industry, specializesin empowering businesses to accept payments anytime, anywhere, any way.As a trusted integrated partner with Frazer Computing, FrontStream ispleased to offer an interactive 30-minute session on theimportant details of PCI Compliance.
What We Will Discuss….• What is PCI Compliance?• Why is PCI Compliance so important?• Who should be concerned with PCI Compliance?• Where and when is PCI Compliance Applicable?
What is PCI Compliance?Payment Card Industry Data Security Standard (PCI DSS)• A proprietary information security standard for organizations that handlecardholder information for the major debit, credit, prepaid, e-purse, ATMand POS cards developed by the Payment Card Industry SecurityStandards Council (joint creation of Visa, MasterCard, Discover andAmerican Express)• Created to increase controls around cardholder data to reduce credit cardfraud• Must be validated annually by an external Qualified Security Assessor(QSA) who creates a Report on Compliance (ROC) for any organization thatprocesses a large volume of transactions, or by Self-AssessmentQuestionnaire (SAQ) for companies who handle small volumes oftransactions
Why Is PCI Compliance Important?• Protect your business from data security breaches• Protect your customers’ personal/financial information• Ensure your business is not fined as much as $500,000 per data securitybreach incident• Maintain your right to accept credit as payment• Protect your brand and business from incriminating lawsuits
712 Steps to PCI Compliance1. Install and maintain a firewall configuration to protect data2. Do not use vendor-supplied defaults for system passwords and other securityparameters3. Protect stored data4. Encrypt the transmission of cardholder data and sensitive information acrosspublic networks5. Use and regularly update antivirus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that addresses information security
Benefits of Frazer / FrontStream Integration in relation to PCICompliance• All credit card and ACH transactions supported through yourexisting Frazer interface• Able to process one-time payments, recurring payments,and future payments• Potential errors caused by redundant entry eliminated• Automatic batching decreases reconciliation time and savesemployee hours• No more countertop terminals• In-house customer and technical support for one-call resolution• Dedicated in-house PCI Compliance team• Breach protection program offered to all clients
Breach Protection – What FSP DoesFrontStream Payments has partnered with Royal Group Services to offer ourmerchants a high impact security breach protection program.What this means to your business:• $50,000 coverage per breach incident per Merchant ID• If you have more than one Merchant ID, $500,000 cap per incident• As long as you’re not involved in the breach or suspected breach, you’reprotected from loss in three ways:1) Forensic audit when a data breach is suspected2) Card replacement costs3) Assessments and fines• As a merchant, you’re not required to be PCI DSS compliant certified toparticipate, but fines specific to non-compliance are not covered• This program is offered regardless of credit card processor or sponsoring bank
To Be EXTRA Sure You are PCI Compliant• Do not store credit card numbers in a digital format• Do not store any paper copies of CVV2 security codes• Destroy and purge any unnecessary data• Any paper documents with credit card information must be kept in alocked filing area with restricted access• Check yourself – make sure your security is strong and follow your policy• Visit the PCI DSS website at www.pcisecuritystandards.org/merchantsand complete the appropriate survey for your business and send it toyour merchant services provider