Your SlideShare is downloading. ×
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
James lee's pci guide  3 steps protecting your business what every merchants must know
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

James lee's pci guide 3 steps protecting your business what every merchants must know

186

Published on

3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business-Every Merchant Must Know. …

3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business-Every Merchant Must Know.
You Do Not Want Your Business In Danger, Don’t You? Then Take A Time To Read Until You Know 3steps Protecting Your Business Which Enables You To Protect Your Business.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
186
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business-Every Merchant Must Know! Being A PCI Compliant, Protecting Your Business The Sooner, The Better! Welcome Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 2. You Do Not Want Your Business In Danger, Don’t You? Then Take A Time To Read Until You Know 3steps Protecting Your Business Which Enables You To Protect Your Business. Step One. Aware Your Business Is Not Safe At All From The Data Breach That May Result In The Loss Of Your Business Small- and medium-sized businesses have become data thieves’ primary targets ** In 2011, there were 174 million compromised records - up from 4 million in 2010. The average total cost per reporting company was more than $6.3 million per breach and ranged form $225,000 to almost $35million. Step 2. Know How Protect Your Business From The Data Breach And Related Non-compliance Fine : Up To $500,000 1. What is PCI Compliance Guide? 2. Why you should be a PCI Compliant? 3. What you should do to be a PCI Compliant? 4. 3 of Key factors to be a PCI Compliant - At least you need to meet below 3 of Key factors to be a PCI Compliant  Having PCI Program  Pass SAQ Test one a year  Be an Equipment Compliant Step3: Start to secure your business with James Lee Sign up for free PCI Consultation to have The key benefits with James Lee’s Free PCI Consultation. Cost of Data Breach May Result in Closing Your Business Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation. The Real Cost of Data Breach (It’s more than you think—and you’re more at risk than you know.) Jan 3, 2013 – The HHS' Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations ... 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business-Every Merchant Must Know Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 3. 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business Step One. Aware Your Business Is Not Safe At All From The Data Breach That May Result In The Loss Of Your Business Being A PCI Compliant, Protecting Your Business The Sooner, The Better! James Lee-Your Reliable Payment Processing Consultant M. 917.930.3945 email: AplusMerchants@gamil.com www.facebook.com/bestprocessingsolutions 1
  • 4. Part1. Aware we are unsafe world - No Business Is Safe From The Data Breach Small- and medium-sized businesses have become data thieves’ primary targets ** In 2011, there were 174 million compromised records - up from 4 million in 2010. The average total cost per reporting company was more than $6.3 million per breach and ranged form $225,000 to almost $35million. • Retailer Gets Hacked 4.2 Million Credit Cards Identity Theft Protection • Boston Restaurant Group Fined $110,000 Over Data Breach • Credit Card Data Breach at Barnes & Noble Stores • Four Romanian nationals indicted for hacking Subway and 50 other merchants’ POS systems The nightmare of a security breach at your small business has become more of a possibility in recent years. Despite that trend, a majority of small businesses are not taking steps to try to prevent a data or security breach, new research has found. According to the Verizon 2011 Data Breach Investigations Report, organizations with between 11 and 100 employees reported 436 data breaches last year – almost six times as many as organizations with between 101 and 1,000 employees . • A CompletePCI Compliance • Advance Security Program • Free Identity Waver Up To $30,000- $100,000 • Free PCI CompliantTerminal WorldPay Security Program offers Learn More, Contact James Lee at 1-917-930-3945 James.Lee@WorldPay.us James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business Your Reliable Payment Processing Consultant Step One. Aware Your Business Is Not Safe At All From The Data Breach That May Result In The Loss Of Your Business No Business Is Safe From The Data Breach MasterCard, Visa Confirm 'Major' Breach-Global Payment Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 5. Step One. Aware Your Business Also Is Not Safe From The Data Breach That May Result In The Loss Of Your Business That number, however, does not scare small business owners. Eighty-five percent of them said in a new survey, conducted for investment and insurance company The Hartford, that they believe a data breach is unlikely to happen to them. A majority of those business owners also said they are unlikely to put any measures in place to prevent such an attack. "Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted," said Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford. "As cybercriminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach." Six in 10 small business owners acknowledge that a data breach would compromise relationships with customers. Additionally, 38 percent said they would have a negative opinion of companies that responded poorly to a breach. Cicero's wages legal battle over allegations of data breach. Hackers Shift Attacks to Small Firms Joe Angelastri, owner of City Newsstand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system Please Take a look “Data Breach Report” published identity Theft Resource Center 2012 will be the year of skimming. Devices put on a dial terminal can steal cardholder information without a business knowing it. A teenager just went to jail for putting a skimming devise on a McDonald's terminal. 3 Delta is a very well know software provider for POS systems. The CEO and founder states, “It's not a matter of if you get a data breach; it's just a matter of when.” He offers tips to keep your network safe. Now You agree your business is not safe from the cyber attacks, Don’t you? You should aware the cost of data breach could hurt your Business seriously. Cost of Data Breach-Best Resource 2010 Annual Study: U.S. Cost of a Data Breach • A CompletePCI Compliance • Advance Security Program WorldPay Security Program offersJames Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101 Your Reliable Payment Processing Consultant 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 6. WorldPay Security Program Helps Protect Your Business From The Data Breach Fines For Non-compliance With The PCI Standard Up To $500,000 Cost of Data Breach May Result in Closing Your Business Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation. The Real Cost of Data Breach (It’s more than you think—and you’re more at risk than you know.) Jan 3, 2013 – The HHS' Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations ... The Real Cost of Data Breach for Level 4 Merchant (It’s more than you think—and you’re more at risk than you know.) The average- $36,000 and can be as high as $50,000 (or more). In other words, more than enough to cripple—or even destroy—a small business. Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation Q1. What is Fine for Non PCI Compliance ? In order to address the threats to credit card information, the PCI Security Standards Council was formed in September, 2006. The PCI Security Standards Council has developed two primary standards that concern you: PCI DSS: The Payment Card Industry Data Security Standard outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your restaurants, you are responsible to comply with this standard. PA-DSS: Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data – such as full magnetic stripe, credit card security code, or PIN data – is not stored. PA-DSS compliance can only be accurately verified by a qualified Part 2. Aware Cost of Data Breach May Result in Closing Your Business Cost of Data Breach-Best Resource 2010 Annual Study: U.S. Cost of a Data Breach • Forensic investigation of your POS system = $10,000-$20,000 • Reimbursement for purchases made using stolen cards • Replacement for stolen credit cards = $20-$30 per card. (Just 1,000 cards means $20,000- $30,000) • A nearly priceless loss of Brand Equity • Fines for Non-compliance with the PCI standard. Fine Up to $500,000 with VISA and up to $200,000 with MasterCard The Components of Data Breach Cost The Biggest Portion of Data Breach Cost is The Fine for Non PCI Compliance Fines for Non-compliance with the PCI standard is the most heaviest fine for data breach what you need to avoid by being a PCI Compliant. To Be a PCI Compliant, You need to meet the requirement of PCI Compliance and PA DSS-Payment Application Data Security Standard 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business What is the cost of data breach? A CompletePCI ComplianceAdvance Security Program James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101 Your Reliable Payment Processing Consultant
  • 7. WorldPay Security Program Helps Protect Your Business From The Data Breach Fines For Non-compliance With The PCI Standard Up To $500,000 Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation. The Real Cost of Data Breach (It’s more than you think—and you’re more at risk than you know.) Jan 3, 2013 – The HHS' Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations ... The Real Cost of Data Breach for Level 4 Merchant (It’s more than you think—and you’re more at risk than you know.) The average- $36,000 and can be as high as $50,000 (or more). In other words, more than enough to cripple—or even destroy—a small business. Small businesses can go bankrupt if a security breech or data breach occurs because of a compromise with their client records. Small businesses will spend a small fortune trying to correct the violation and still may be sued in civil litigation Q1. What is Fine for Non PCI Compliance ? In order to address the threats to credit card information, the PCI Security Standards Council was formed in September, 2006. The PCI Security Standards Council has developed two primary standards that concern you: PCI DSS: The Payment Card Industry Data Security Standard outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your restaurants, you are responsible to comply with this standard. PA-DSS: Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data – such as full magnetic stripe, credit card security code, or PIN data – is not stored. PA-DSS compliance can only be accurately verified by a qualified Part 2. Aware Cost of Data Breach May Result in Closing Your Business Cost of Data Breach-Best Resource 2010 Annual Study: U.S. Cost of a Data Breach 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business A CompletePCI ComplianceAdvance Security Program James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101 Your Reliable Payment Processing Consultant • Fines for Non-compliance with the PCI standard. Fine Up to $500,000 with VISA and up to $200,000 with MasterCard • Forensic investigation of your POS system = $10,000-$20,000 • Reimbursement for purchases made using stolen cards • Replacement for stolen credit cards = $20-$30 per card. (Just 1,000 cards means $20,000- $30,000) • A nearly priceless loss of Brand Equity The Components of Data Breach Cost WHAT IS THE COST OF DATA BREACH? The Biggest Portion of Data Breach Cost is The Fine for Non PCI Compliance Fines for Non-compliance with the PCI standard is the most heaviest fine for data breach what you need to avoid by being a PCI Compliant. To Be a PCI Compliant, You need to meet the requirement of PCI Compliance and PA DSS-Payment Application Data Security Standard
  • 8. ID# Business disruption Productivity loss Revenue loss Fines, penalties & settlement costs Total 1 1,894,201 886,772 2,506,798 2,504,853 7,792,624 2 2,530,352 2,961,739 3,254,316 2,451,421 11,197,829 3 3,510,825 3,522,002 2,521,616 978,761 10,533,203 4 7,655,995 1,719,063 2,225,011 707,799 12,307,868 5 6,067,953 4,591,037 3,996,297 811,886 15,467,173 6 530,415 - 546,622 309,721 1,386,758 7 7,712,747 5,402,988 700,438 310,856 14,127,029 8 1,399,309 3,401,988 3,157,199 1,666,473 9,624,969 9 4,747,903 1,663,583 1,606,138 191,044 8,208,668 10 3,804,836 5,150,215 4,552,824 1,938,156 15,446,031 11 465,637 423,498 710,214 704,687 2,304,036 12 3,117,942 3,111,298 1,767,796 80,384 8,077,420 13 535,602 652,483 346,224 383,742 1,918,051 14 - 1,384,147 741,359 799,265 2,924,771 15 765,450 - 540,296 1,763,402 3,069,148 16 16,552,877 53,154 6,538,555 1,344,968 24,489,553 17 1,613,945 2,229,318 1,756,673 1,972,003 7,571,939 18 709,556 1,049,803 1,315,445 1,065,976 4,140,781 19 6,020,835 748,078 1,899,101 2,383,793 11,051,807 20 - 4,501,598 1,571,536 2,390,360 8,463,494 21 2,663,217 6,446,758 2,513,763 3,431,797 15,055,534 22 1,805,479 2,841,799 1,526,188 579,088 6,752,554 23 5,078,817 4,014,515 2,790,129 427,940 12,311,402 24 4,359,921 3,898,962 2,637,710 668,455 11,565,048 25 2,539,821 - 2,444,529 1,382,552 6,366,902 26 2,285,952 2,175,764 4,288,741 2,810,190 11,560,647 27 630,284 1,613,219 2,498,983 2,103,072 6,845,558 28 10,610,045 5,174,955 4,696,161 7,493,699 27,974,860 29 3,878,864 3,135,708 2,067,828 2,841,451 11,923,852 30 2,236,557 3,849,895 3,882,527 1,831,169 11,800,148 31 3,683,109 2,763,377 3,044,502 885,412 10,376,400 32 3,386,634 2,420,115 2,666,676 1,085,278 9,558,703 33 2,178,924 2,158,495 1,726,303 1,809,951 7,873,673 34 5,424,731 1,420,338 2,123,134 1,888,016 10,856,219 35 1,532,994 1,721,369 1,668,480 700,800 5,623,643 36 2,152,478 469,623 1,387,055 526,313 4,535,469 37 1,393,876 - 154,675 146,806 1,695,357 38 328,189 - 557,464 671,041 1,556,694 39 1,955,264 3,536,600 1,304,047 2,689,848 9,485,760 40 2,333,900 3,800,776 1,763,831 869,986 8,768,492 41 1,621,980 5,697,483 2,539,403 795,896 10,654,763 42 6,413,603 3,550,955 3,178,774 147,334 13,290,666 43 3,035,969 204,740 1,478,622 798,862 5,518,192 44 3,383,818 2,603,496 1,201,703 1,997,390 9,186,408 45 2,076,828 1,761,714 2,320,328 1,369,728 7,528,597 46 5,063,475 3,425,150 1,608,866 2,077,943 12,175,433 Part 2 Cost of Data Breach SUMMARIZED NON-COMPLIANCE COST DATA FOR 46 BENCHMARKED ORGANIZATIONS 30 The True Cost of Compliance | Benchmark Study of Multinational Organizations | Ponemon Institute | January 2011 2010 Annual Study: U.S. Cost of a Data Breach • A CompletePCI Compliance • Advance Security Program WorldPay Security Program offers James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101 Your Reliable Payment Processing Consultant 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business
  • 9. Part 2 Cost of Data Breach Still The Cost of Data Breach dose not bring your attention? Then You should take look at below more reports • A CompletePCI Compliance • Advance Security Program WorldPay Security Program offers James Lee M. 917.930.3945 F. 718.661.0014 www.about.me/paymet101 Your Reliable Payment Processing Consultant 3steps Protecting Your Business From The Data Breach And Related Cost That May Result In The Loss Of Your Business Ponemon Cost of a Data Breach - SUMMARIZED NON- COMPLIANCE COST DATA FOR 46 BENCHMARKED ORGANIZATIONS 30 The True Cost of Compliance | Benchmark Study of Multinational Organizations | Ponemon Institute | January 2011 The Ponemon Institute proudly presents the 2010 U.S. Cost of a Data Breach, the sixth annual study concerning the cost of data breach incidents for U.S.-based companies sponsored by Symantec Corporation. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. The study also found that for the second straight year organizations’ need to respond rapidly to data breaches drove the associated costs higher. The sixth annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 51 U.S. companies from 15 different industry sectors. Resources •Press Release: Ponemon Study Indicates Organizational Data Breach Costs Hit $7.2 Million and Show No Sign of Leveling Off •Press Release: Data breach cost hits UK organizations for £1.9 million per incident in 2010 •2010 Annual Study: Global Cost of a Data Breach Report (PDF) •2010 Annual Study: U.S. Cost of a Data Breach Report (PDF) •2010 Annual Study: UK Cost of a Data Breach (PDF) •2010 Annual Study: Australia Cost of a Data Breach Report (PDF) •Infographic: Data Breach Costs Soar Even Higher (PDF) •Podcast: Ponemon Cost of a Data Breach Report •SlideShare: 2010 Annual Study: U.S. Cost of a Data Breach •Blog Post: In Defense of Data: Cost of a Data Breach Climbs Higher •Blog Post: How Much Would A Data Breach Cost Your SMB? •Data Breach Risk Calculator •Symantec’s Encryption Offerings •Symantec’s Data Loss Prevention Offerings Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 10. More on restaurants and credit card security: Pasta,Meatballs and Credit CardTheft (ABC News)SecureWorks reports on quantifying the cost of a breach What is the cost of a credit card breach EXCEPTING NON PCI COMPLIAN FINES? The Payment Card Industry (PCI) standards have been established to help you safeguard customer information—and protect your business. The basics of PCI are similar to the standard business practices you already use to safeguard your business: You lock your doors as a matter of course. To protect your customers’ information, you also need the proper “locks” on your POS system and network. Where to start? Read on to learn the key things you need to know about credit card security and PCI. What is the cost of a credit card breach EXCEPTING NON PCI COMPLIAN FINES? Estimating the cost of a data breach is not straightforward. In addition to the direct costs incurred in legal fees, security audits, fines, and penalties, there are also less tangible losses, such as brand damage, lost customers, and time spent dealing with the breach. industry such as food service, the cost can range from $155 to $305 for each customer record stolen. According to payment security consultant Trustwave, an average of 40,000 card numbers are compromised in a typical breach. But even in a breach involving less records, cost can escalate quickly and force small business to close doors. Forrester Research recently released survey data that estimated costs for low- and high-profile breaches. The graph below summarizes the firm’s findings: In a regulated Sign up for Consultation James Lee M. 917.930.3945 F.718.661.0014 AplusMerchant@gmail.com
  • 11. When you signed a merchant agreement withVisa or MasterCard, you agreed to comply with payment card industry security standards. Your Business Pay the Price Who’s more at risk of a cardholder data security breach? A large chain with a huge IT budget or an independent restaurant with little technical resources? of her system for nearly seven months before suspicious transactions were tracked to her restaurant. Global payment security consultant Trustwave reports that 9 of 10 cardholder data compromise incidents are aimed at small operators, such as restaurant and pub Spanky’s Marshside, in Brunswick, Georgia. Like many operators, Carla didn’t realize that her POS stored cardholder data, even though the information was no longer needed after the transaction has been authorized. “I didn’t think I was at risk,” Carla said. “I thought I had everything I needed because I had a brand new POS system and I thought that my software was compliant.” In August 2006, hackers broke into Spanky’s POS system. “Magnetic data was taken which I didn’t even know we were storing in the hard drive, and new cards were made and sold over the Internet,” said owner Carla Yarborough, in a video interview with the Retail Solutions Providers Association. Trustwave reports that in 60% of the cases where data is compromised, merchants are relying on outdated software that improperly handles sensitive cardholder data. “I just felt I had been blindsided because I was not aware it could even happen,” Carla said. She didn’t learn of the breach until February of the following year. Hackers had the run Buying and maintaining compliant equipment is a crucial step toward protecting your customers from theft and your business from liability. “I think you don’t have a choice,” Carla said. “You can take the risk if you want to, but I’m sitting here as a witness that it can happen. The damages far outweigh the cost of upgrading your system.” At the time of the interview, the breach at Carla’s restaurant had cost her $110,000 and counting. “The small business person is taking up the brunt of the whole thing,” Carla deplored. “We have to pay for it one way or the other, if not by closing our doors, then by having to pay out big sums of money.” How did you get to be liable? When you signed a merchant agreement with Visa or MasterCard, you agreed to comply with payment card industry security standards. It’s a single paragraph in the standard agreement that every merchant signs. But if a credit card breach is tracked to your restaurant, and you are unable to demonstrate compliance, that single paragraph could cost you more in fines and other penalties than your business can bear. James Lee M. 917.930.3945 F.718.661.0014 AplusMerchants@gmail.com Sign up for Consultation
  • 12. HOW TO AVOID OR REDUCE COST OF DATA BREACH Part 2. Cost of Data Breach Fines for Non-compliance with the PCI standard. Fine Up to $500,000 with VISA and up to $200,000 with MasterCard Don’t you decide to protect your business from the data breach and the High Cost of Data Breaches? You may still wonder:  Why merchants have to pay for the cost of data breach and Non PCI Compliance Fine?  How to avoid or Reduce this scary cost of data breach?  You will discoverthe answer at the next Ignoring The Potentials of Data Breach and Cost May Destroy Your Business Do You Aware the Heavy cost of data breach compromise can destroy your business? Learn More, Contact James Lee at 1-917-930-3945 AplusMerchants@gmail.com Your Business is not Secured….. Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 13. You know Your Business Is Not Safe From The Data Breach That May Result In The Loss Of Your Business How to Protect Your Business With PCI Compliance and Your Security Solutions Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 14. Learn How to Protects Your Business Learn About Payment Industry Security Compliance Sign Up For Free Consultation The Sooner, The Better! James Lee-Your Reliable Payment Processing Consultant M. 917.930.3945 email: AplusMerchants@gamil.com www.facebook.com/bestprocessingsolutions
  • 15. WorldPay Protects Your Business! HOW TO PROTECT YOUR BUSINESS FROM THE DATA BREACH AND THE FINE-AVERAGE $500.000 Answer: Businesses are required to implement all the Payment Card Industry Security requirements. Visa® , MasterCard® , Discover® , American Express® and JCB® created the PCI Security Standards Council. There are 12 requirements for PCI DSS and businesses agree to adhere to them, when they sign the credit card processing agreement regardless of credit card processor. Most business do not realize they signed and agreed to the requirements; worse they think by paying a fee, they are safe and compliant. The reality is that merchants are responsible for all fees and fines if they suffer a data breach. A data breach can cost merchant tens of thousands of dollars – enough to potentially put them out of business. Although a merchant may think that they are compliant because they are paying a monthly PCI fee, the reality is that they are likely paying a fee for non-compliance and not receiving anything in return for this fee.  Why merchants have to pay for the cost of data breach & Non PCI Compliance Fine  How to avoid or Reduce this scary cost of data breach? The Payment Application Data Security Standard (PA-DSS) covers all software applications used to store, process, or transmit cardholder data as part of authorization or settlement. On October 1, 2008,the PCI Council developed a new standard—PA-DSS— to replace the VISA PABP standard. The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data. PIN Entry Devices (PED The PCI Security Standards Council We would like the opportunity to educate you on the PCI requirements so you can determine if their current processor is actually providing the proper protection. We also would like to explain what products are available to them to protect the future of their business. In order to address the threats to credit card information, Question: Target PCI requirements-MANDATORY Why and How to Be A PCI Compliant? Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 16. WorldPay Protects Your Business! HOW TO PROTECT YOUR BUSINESS FROM THE DATA BREACH AND THE FINE-AVERAGE $500.000 PCI EPP Standard PCIDSS Standard Payment Terminals POS Terminals Merchant Card Acquirers Issuers Automated Fuel Dispensers Wireless Terminals Web Site Host Servers CORPORATE NETWORK Store Servers PCI PED Standard Visa is implementing a series of mandates to eliminate the use of non- secure paymentapplicationsfromthe Visapaymentsystem.  Ensure all new POS deployments are only with PA-DSS certified POS applications  Remove all known vulnerable applications from the network by October 2009  Replace or upgrade existing POS terminals with PA- DSS certified applications before the July 2010 deadline VisaismandatingthatattendedPINEntryDevice terminalsadheretoPCIPEDstandardsand implementTDESencryption  Ensure all new pin pads purchased are TDES-capable and PCI certified  Replace Pre-Visa PED Terminals with PCI PED Terminals by 7/1/2010 Need to Be PCI Compliant • PCI Program Provider • SAQ Certification • 12 Requirement PCI ProgramPCI Compliant Payment Equipment Why and How to Be A PCI Compliant? The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data. PA-DSS Standard You are now PCI Compliant who can protect your business from the crippling effects of data compromise and avoid the critical fine of non PCI Compliance. PCI Compliance at a glance Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 17. So how do you protect yourself? 3 • Forensic investigation of your POS system = $10,000-$20,000 • Reimbursement for purchases made using stolen cards • Replacement for stolen credit cards = $20- $30 per card. (Just 1,000 cards means $20,000-$30,000) • A nearly priceless loss of Brand Equity • Fines for Non-compliance with the PCI standard. Fine Up to $500,000 with VISA and up to $200,000 with MasterCard The Components of Data Breach Cost Ask us How We Can Helps Protect Your Business From The Data Breach Fines For Non-compliance With The PCI Standard Up To $500,000 WorldPay Protects Your Business! • Free PCI Compliance • Free Advance Security Program • Free Identity Waver Up To $30,000- $100,000 • Free PCI CompliantTerminal So how do you protect yourself? PROTECT YOUR BUSINESS FROM THE DATA BREACH AND THE FINE-AVERAGE $500.000 PCI-DSS requires that you use only PABP/PA-DSS compliant payment processing and POS systems. Check the list of compliant vendors and software. 2. The Payment Application Data Security Standard (PA-DSS) covers all software applications used to store, process, or transmit cardholder data as part of authorization or settlement. On October 1, 2008, the PCI Council developed a new standard—PA-DSS— to replace the VISA PABP standard. Start by educating yourself.The PCI Security Standards Council has developed standards to address the threats to credit card information. As a business operator, there are two key standards that affect you: 1. The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your business, you must comply with PCI-DSS. The Biggest Portion of Data Breach Cost is The Fine for Non PCI Compliance Fines for Non-compliance with the PCI standard is the most heaviest fine for data breach what you need to avoid by being a PCI Compliant. To Be a PCI Compliant, You need to meet the requirement of PCI Compliance and PA DSS-Payment Application Data Security Standard
  • 18. *Visa awarded WorldPay a 2011 Service Quality Performance Award for the Lowest Fraud Chargeback Rate and the Lowest Non-fraud Chargeback Rate Credit card data, personal information and other private data attacks are a big part of “white-collar crime”. Anonymity from the crime via internet provides a larger problem and possess bigger treats as the attacks can be launched from anywhere in the world, even from within your own organization. Business size and type has little to do these days with potential data breeches and attacks as some believe that “any data will do” no matter what size the organization or business. Plain and simple, PCI is not optional and should be considered a key business policy to practice compliance. The PCI Security requirements have been put in place to secure the data and everyone must become compliant. Non-compliancy brings about fines and penalties from the payment card industry and providers. Fines can include the following:  Fines of $500,000 per data security incident  Fines of $50,000 per day for non-compliance with published standards  Liability for all fraud losses incurred from compromised account numbers  Liability for the cost of re-issuing cards associated with the compromise  Suspension of merchant accounts Weight out your options... How important is your business, your livelihood and your personal and business information? Are you willing to take the risk of a data breech or attack? In addition to the fact that a single data breech can be devastating to you and your business, put you out-of-business and much worse, the fines and penalties can be just as massive. The above mentioned penalties are good indicators of what one can expect but they can get heftier and more expensive. It is simply not worth the risk and either a data breech or the fines and penalties can be devastating not to mention that you can lose your merchant account and will not be able to accept credit cards as payment. What happens if I am breached? Currently 38 states have enacted some sort of breach disclosure law. In general, most state laws follow the basic tenets of California's original law which was enacted in 2002. Companies who are breached must immediately disclose the data breach to customers, usually in writing. Companies must also notify their processor who will then notify the bank. At that point the processor or bank will initiate a PCI DSS audit on the merchant to see if the merchant was in fact PCI DSS compliant at the time of the breach. In case of a data breech you must report and disclose this to your customers, business partners, banks and providers. This is the law known as California SB 1386 which most states follow and adhere to. So, in essence, you have to make this public knowledge. The processor and PCI organization will then need to determine whether the business was or was not PCI complaint at the time of breech and will then determine which course of action to take. The merchant is obligated and expected to report any data breech and anything to the contrary can result in law suit and prosecution. WorldPay Protects Your Business! Learn About PCI Compliance PCI Compliance & Fines PCI compliance requires that any business that processes transactions, stores credit card or card holder data MUST be compliant with the PCI DSS (Payment Card Industry Data Security Standards) and PCI-PA DSS If you handle or accept credit card payments then this means you too. Non- compliance is not an option and the fines and consequences are hefty. In order to address the threats to credit card information, the PCI Security Standards Council was formed in September, 2006. The PCI Security Standards Council has developed two primary standards that concern you: PCI DSS The Payment Card Industry Data Security Standard outlines the requirements for all merchants that store, process, or transmit cardholder data. If you process credit cards in your restaurants, you are responsible to comply with this standard. PA-DSS Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data – such as full magnetic stripe, credit card security code, or PIN data – is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility. WorldPay Protects Your Business! HOW TOPROTECT YOUR BUSINESS FROM THE DATA BREACH AND THE FINE-AVERAGE $500.000
  • 19. Q2. Do I need to use a PA-DSS compliant point of sale equipment? If you accept credit cards, the answer is: yes. As of July 2010, merchants are required to use only PCI PA-DSS validated point of sale and payment applications. Financial institutions enforce the requirement for an annual PCI security self-assessment and quarterly network scans, and can levy fines for non-compliance. If your POS system is non-compliant, you will automatically fail your PCI assessment, and could lose the ability to accept credit cards. Q3. What if I choose not to comply with PCI standards? Aside from the penalties and liability associated with a credit card breach, the effect on your brand could be devastating: Not surprisingly, sixty percent of consumers in a recent poll said that they would never return to a business where their credit card information was stolen. And as the payment card industry continues to tighten its enforcement of the standard, you may also lose the privilege of accepting credit cards at all. Q5. What are the penalties for contravening the PCI standards? Card data theft is costly. If your business location is determined to be a common point of purchase for stolen card data, the card associations order a forensic audit. This can cost you in the neighborhood of $15,000. Then, depending on the number of cards affected, and whether you have taken the necessary steps toward PCI compliance, the card association(s) assess fines that can range from $50,000 and up. Moreover, 44 states to date have enacted privacy laws that require you to report any suspected breach to the FBI and personally notify every potentially affected cardholder. The cost of notification averages $30 to $50 per customer. In addition, following a breach, your restaurant is automatically re-classified as a Level 1 Merchant, subjecting you to the same rigorous audit requirements (and costs) as the largest retail companies in the country. Expect to pay $25,000 to $35,000 per year for a mandatory on-site audit. The Ponemon Institute, a research firm dedicated to privacy, data protection and information security, estimates that a breach costs between $90 and $305 per record. Many factors enter into such an estimate: in addition to the direct costs incurred in legal fees, security audits, fines, and penalties, there are also less tangible losses, such as brand damage, lost customers, and time spent dealing with the credit card breach. A feature article on RestaurantPartner.com, “Restaurants and Credit Cards – A Dangerous Combination,” related this example from a single Atlanta Bread Co. restaurant in Kansas City: “When a hacker compromised their credit card processing system it tallied up a bill of over $25,000 and counting. They were threatened with fines up to $1 million and had $16,000 pulled from their bank account without notice. This prohibited them from buying food for a period of time and then had to spend $7000 upgrading their POS system. Luckily, they were able to weather the storm and stay afloat. Unfortunately, many restaurants maintain a very tight cash flow and such a blow could easily put them out of business.” Q4. What happens when there is a credit card breach? Outlines a typical breach scenario: The fraud department of the credit card company that suspects a breach will contact the restaurant owner to discuss the irregular credit card transactions. The store will be submitted to an internal credit card security audit, which cost from $8,000 to $15,000. The business owner has to select a pre-approved forensic audit firm from a list provided. With little or no notice, the card processing company may begin withholding funds to pay for the projected fines and penalties. After the forensic audit is completed, the owner, auditor, and credit card company representative(s) will hold a conference call to review the findings and outline what steps the merchant must take to remedy the credit card breach. Failure to comply with remediation steps results in additional fines and the loss of credit card processing privileges. The merchant must pay all fines, penalties, and assessments that arose as a result of the breach. *Visa awarded WorldPay a 2011 Service Quality Performance Award for the Lowest Fraud Chargeback Rate and the Lowest Non-fraud Chargeback Rate CONTACT JAMES LEE M. 917.930.3945 E-mail: AplusMerchants@gmail.com WorldPay Protects Your Business! HOW TOPROTECT YOUR BUSINESS FROM THE DATA BREACH AND THE FINE-AVERAGE $500.000 Learn About PCI Compliance
  • 20. What are the keys to compliance? •Contents •For merchants and organizations that store, process or transmit cardholder data •Introduction •Overview ofPCI Requirements •SecurityControls andProcessesforPCI DSS Requirements •PCI Quick Reference Guide •How to Comply With PCIDSS • Understanding the Payment Card Industry Data Security Standard version 1.2 •Web Resources •About the PCI Security Standards Council Refer to this great guide put together by the PCI Security Council for more detailed information in an easy-to-follow format. Ask us for copies of their PCI Implementation Guide. The PCI Data Security Standard outlines 12 key requirements for compliance: Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need- to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security •The PCI Data Security Standard outlines 12 key requirements for compliance. PCIDSS Standard Need to Be PCI Compliant • PCI Program • SAQ Certification • 12 Key Requirement The Payment Card Industry Data Security Standard (PCI-DSS) outlines the requirements for all merchants that store, process, or transmit cardholder data. HOW TOPROTECT YOUR BUSINESS Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 21. Your point of sale Equipment is a key factor in safeguarding your business. One of the most important requirements of the PCI Data Security Standard is the use of point of sale Equipment-Hardware and payment applications at merchant locations by confirming sensitive cardholder Software that has been validated compliant. Why you should care: The risk to your business in the event of a breach, of course, is the #1 reason to be careful about choosing a PA-DSS validated point of sale application. But there’s another reason, too: As of July 2010,merchants are required to use only PCI-PA DSS validated point of sale and payment applications. Financial institutions enforce the requirement for an annual PCI security self-assessment and quarterly network scans, and can levy fines for non-compliance. If your POS Terminals or POS system is non- compliant, you will automatically fail your PCI assessment, and could lose the ability to accept credit cards. If a card data theft is traced back to your business, you are liable. Installing a PA-DSS-validated POS is insurance against this liability. So choose carefully. Q. *What is PA-DSS? A. Payment Application Data Security Standard (PA-DSS) is designed to help implement secure data – such as full magnetic stripe, credit card security code, or PIN data – is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility. CARD HOLDER DATA Processor Ongoing testing by third-party labs ensure that all payment applications follow these new standardsSTOREDSECURELY PrimaryAccountNumber Cardholder Name Expiration Date NOT STORED Full Magnetic Stripe Credit Card SecurityCode PIN Data** PA-DSS APPROVAL How does your POS Equipment factor into this? Why Equipment Compliance is Important? HOW TOPROTECT YOUR BUSINESS Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 22. PCI Good Business Practices Protecting your customers’ credit card information involves more than just using a PCI-compliant POS. It is important that you also review security management, policies and procedures in your restaurant. Restrict employee access to your system to what is strictly necessary to accomplish their job. Assign unique IDs and passwords to each user, and ensure old IDs and passwords no longer work. Restrict access to your router to prevent illicit tampering with your network connections. Keep all terminals in plain sight or under lock and key to prevent illicit use. You already have safety guidelines for staff. PCI-DSS says you also need to create protective policies for customers’ personal information. Likewise, defining IT best practices is really just an extension of your existing operating procedures. Got that covered? Then prepare a maintenance schedule for your POS like the one you follow for your oven to keep up to date. Add the annual PCI Self-Assessment Questionnaire to your regular insurance review. After all, handling credit card data without the proper controls is like running a business without insurance. Then take a few minutes to schedule your quarterly network scans.  Do routine vulnerability scans of your systems.*  Do security awareness training for all of your staff. Do audits of system access.  Do monitor your system activity logs.  Do remove access privileges of separated employees. Do install software patches.  Do take any threats seriously  Do have an incident response plan in place   Don’t store or archive whole credit card numbers. Don’t transmit credit card information PCI Do’s and Don’ts PCI Do’s unencrypted. PCI Don’ts It’s important to read and understand the PCI Data Security Standard, and take the necessary steps to comply. But limiting your liability ultimately comes down to these five key points: Never...EVER...store cardholder data after transaction authentication. 2. Use a PA-DSS validated POS Equipment. Complete an accurate PCI Self-Assessment Questionnaire each year. Schedule quarterly PCI network scans. Manage your credit card environment like your business depends on it. 1. Go to the source for complete details: The PCI Security Standards HOW TOPROTECT YOUR BUSINESS Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 23. Step Three: Sign Up For Free Consultation Your Business Protection The Sooner, The Better! Sign Up for Free Consultation And Become A PCI Compliant With A Complete Free PCI Program At The Top of The Best Benefits On Payment Processing Never Delivered From Others 3 Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 24. How does your POS Equipment factor into this? Do not operate NON-COMPLIANT AND KNOWN-COMPROMISED PIN ENTRY DEVICES. IT COULD BE THE REASON OF DATA BREACH and Non PCI Fines up $500.000 NON–COMPLIANT DEVICES POSSIBLE REPLACEMENT DEVICES Hypercom ICE 5500 VeriFone Vx510LE (3730LE) or Hypercom T4220 Ingenico eN-Crypt 100 PIN Pad VeriFone PP 1000SE PCI-PEDIVI Sentinel PIN Pad Lipman Nurit 2085 Terminal Add the external PIN Pad VeriFone PP 1000SE PCI-PEDLipman Nurit 2085+ Terminal Lipman Nurit 3000 Terminal VeriFone Vx510LE (3730LE) Lipman Nurit 3010 Terminal NCR 5945 PIN Pad VeriFone Mx830 or Vx850NCR 5991 PIN Pad NCR 5992 PIN Pad Thales Talento T-IPP Terminal VeriFone Vx510LE (3730LE) Thales Talento T-IPPS Terminal Thales T-Pad PIN Pad VeriFone Omni 3210 Terminal VeriFone Omni 470 Terminal VeriFone Omni 490 VeriFone Mx830 or Vx850 VeriFone PIN Pad 1000 VeriFone PP 1000SE PCI-PEDVeriFone PIN Pad 1000SE (160 Firmware) VeriFone PIN Pad 1000SE G-Site (160 Firmware) There is no PCI-PED- compliant device for G-Site Fuelman. VeriFone SC5000 PIN Pad (Pulsar and Stardust model) VeriFone SC5000 PCI-PED We strive to keep you informed about important compliance PCI-PA DSS mandates and regulations affecting your business. Current Card Association mandates require that all merchant acquirers and acquiring processors begin retirement of PIN Pad and terminal devices that are not PED compliant (non lab evaluated), are not TDES encrypted or that are on Visa’s known-compromised device list. Non-compliant devices must be removed from service no later than July 1, 2010, and known-compromised devices should be removed from service as soon as possible. NON-PED-COMPLIANT DEVICES: Are typically referred to as “non lab evaluated” or “vendor attested” devices Typically only support the less secure SDES and do not support the more robust TDES encryption KNOWN-COMPROMISED DEVICES: Appear on Visa’s known-compromised list Pose an elevated risk of breach of cardholder information Can subject merchants to a risk of fines up to $500,000 per incident from Visa® , MasterCard® or other Card Associations if cardholder information is compromised in any way James Lee is urging retailers to consider replacing these devices quickly to avoid the risk of being non-compliant. Our goal is to notify our merchants well ahead of the July 2010 mandate regarding PED-compliant replacements and upgrades. Please see the lists of known-compromised and non-compliant devices along with possible replacement devices: NON-COMPLIANT DEVICES Payment Processing Hardware Compliance Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 25. •• The PCI Security Standards Council (PCI-SSC) has officially announced a significant enhancement to payment security that has far-reaching operational consequences for all retailers with electronic payment transaction systems. The new mandate requires that most payment applications must now be audited under the new PA-DSS (Payment Application – Data Security Standard) on a continual basis, which will help merchants maintain PCI DSS compliance. Here, VeriFone answers common questions regarding the new security standard. “Security is a never-ending race against potential attackers. As a result, it is necessary to regularly review, update and improve the security requirements used to evaluate payment applications.” PCI PA-DSS Program Guide Payment Processing Hardware Compliance Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 26. Q. What is PA-DSS? A. Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data – such as full magnetic stripe, credit card security code, or PIN data – is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility. Q. Are my payment applications compliant? A. Managing data security can be a daunting task for merchants who do not have an onsite technical or security-related staff. VeriFone has alleviated this headache by obtaining PA-DSS approval for all payment applications that operate on VeriFone terminals and providing you the necessary supporting documentation to ensure your compliance.* VeriFone is committed to delivering the highest level of security by being the first to offer a full suite of PA-DSS approved payment applications. Q. What happens if I’m non-compliant and compromised? A. Merchants are responsible for maintaining site compliance based upon PCI DSS standards. Non-compliance and/or site compromise can lead to: Fines from financial institution Reimbursement of forensic audit files Litigation fees Loss of reputation and customers 92% of security compromises were Level 4 merchants (mom-and-pop companies). Losses associated with breaches increased to $197 per card compromised.** For more information visit www.verifone.com/padss www.verifone.com/security www.pcisecuritystandards.org/security_standards/pa_dss. www.pcisecuritystandards.org/security_standards/pci_dss. * Please consult your payment service provider to find out when your application will be available. ** March 2008 Global Compromise Statistics – review of 350 breaches by industry-leading security firm Trustwave. Q. What are my responsibilities? A. • Implementing a PA-DSS compliant payment application into a PCI DSS compliant environment Configuring the payment application (where configuration options are provided) according to the PA-DSS Implementation Guide provided by the vendor Configuring the application in a PCI DSS compliant manner Maintaining the PCI DSS compliant status for both the environment and the application configuration Merchants should complete the PCI DSS Self-Assessment Questionnaire and Attestation of Compliance document as a statement of compliance. VeriFone’s PA-DSS approved applications enable merchants to fulfill all of these responsibilities and achieve PCI DSS compliance. CARDHOLDER DATA Processor Ongoing testing by third-party labs ensure that all payment applications follow these new standards STOREDSECURELY PrimaryAccount Number Cardholder Name Expiration Date NOT STORED Full Magnetic Stripe Credit CardSecurity CodePIN Data** PA-DSS APPROVAL w w w . v e r i f o n e . c o m © 2009 VeriFone. All rights reserved. VeriFone and the VeriFone logo are either trademarks or registered trademarks of VeriFone in the United States and/or other countries. All features and specifications are subject to change without notice. 01/09 45694 Rev B 0/FS The PCI Security Standards Council (PCI-SSC) has officially announced a significant enhancement to payment security that has far-reaching operational consequences for all retailers with electronic payment transaction systems. The new mandate requires that most payment applications must now be audited under the new PA-DSS (Payment Application – Data Security Standard) on a continual basis, which will help merchants maintain PCI DSS compliance. Payment Processing Hardware Compliance
  • 27. As of July 2010,merchants are required to use only PCI-PA DSS validated point of sale and payment applications. Q. *What is PA-DSS? A. Payment Application Data Security Standard (PA-DSS) is designed to help implement secure payment applications at merchant locations by confirming sensitive cardholder data – such as full magnetic stripe, credit card security code, or PIN data – is not stored. PA-DSS compliance can only be accurately verified by a qualified application audit facility. CARD HOLDER DATA Processor Ongoing testing by third-party labs ensure that all payment applications follow these new standards STOREDSECURELY Primary Account Number Cardholder Name Expiration Date NOT STORED PA-DSS APPROVAL SIGN UP A CONSULTATION TO UPGRADE TO PCI APPROVED PAYMENT PROCESSING EQUIPMENTS FIT YOUR BUSINESS. AS OF JULY 2010, MERCHANTS ARE REQUIRED TO USE ONLY *PCI PA-DSS VALIDATED POINT OF SALE AND PAYMENT APPLICATIONS. NON PCI COMPLIANT TERMINALS MUST BE REMOVED 7/10/2010. Nearly Half Of The Data Breaches That Occur Are Through Point Of Sale (POS) Terminals That Are Out Of Compliance such terminals Listed Credit Above, No Longer PCI Complaints. These Credit Card Terminals also do not qualify credit cards correctly resulting in higher fees and surcharges. Financial institutions enforce the requirement for an annual PCI security self-assessment, Quarterly network scans and use only PCI PA-DSS validated point of sale and payment applications and can levy fines for non-compliance. If your POS Equipment is non-compliant, you will automatically FAIL YOUR PCI ASSESSMENT, and could lose the ability to accept credit cards. Also you’re putting your customer information and possibly your entire business in jeopardy. Businesses that use noncompliant credit card processing equipment are at high risk for a data security breach. A data breach while out of compliance could result in • Forensic investigation of your POS system = $10,000-$20,000 • Reimbursement for purchases made using stolen cards • Replacement for stolen credit cards = $20-$30 per card. (Just 1,000 cards means $20,000-$30,000) • A nearly priceless loss of Brand Equity • Fines for Non-compliance with the PCI standard. Fine Up to $500,000 with VISA and up to $200,000 with MasterCard Even if you do not suffer a data breach, noncompliant credit card processing terminals can cause major headaches including slower  . STOP TO OPERATE NON PCI COMPLIANT TERMINAL OR MAY RESULT IN FINES UP TO$500,000 Upgrade PCI Compliant Processing Equipment NO LONGER PCI COMPLIANT TERMINALS STOP TO USE NON PCI COMPLIANT TERMINALS ABOVE OR MAY RESULT IN FINES UP TO $500,000. Full Magnetic Stripe CreditCardSecurityCode PINData** You will get the right buyer’s guide: • How to Select type of Equipment POS System, Stand alone Terminal, Virtual Terminal, Mobile Payment with Card Reader Payment Software or Quick Book Integrated Payment Software: etc • The best meadow of payment and pricing guide: Free with Condition, Install Payment or pay all at onetime. Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 28. Step Three: Sign Up for Free Consultation And Become A PCI Compliant With A Complete Free PCI Program At The Top of The Best Benefits On Payment Processing Never Delivered From Others 3 There is nothing more important than Your Business Protection The Sooner, The Better! Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home
  • 29. Since 1998, James Lee has been serving a free consulting services and provided the most reliable business payment solutions to around 5,000 US merchants. Just asking him what your business needs on payment processing, you will get the best answer from James Lee-your reliable payment processing consultant. If you have the pain on payment processing, just ask him so that you get an instant resolution without the waste of time and mistreatment. You are sick and tired of hidden surcharges eating your profits every single sales, are you? You do not have to stay on it. We will show you how to stop your loss and help your business more profitable when we talk together. Time is money. The more delaying , The more loss of your profits. Sign up for Free Consultation Not to Miss Your Business Total Advantages These copies were created by James Lee and opinions expressed here are the personal opinions of James Lee, an account execut ive of Clearent. Content published here is not monitored or approved by Clearent before it is posted and does not necessarily represent the views and opinions of Clearent. • To Set up Merchant Account without set up cost at the condition of no cancellation fee • To have the perfect payment solutions you have been looking for.. • To prevent your damages from the bad choice for the processing services provider, equipment's and service plan: etc • To Stop your loss profits on hidden surcharges on payment processing service fee. • To protect your business from the damages from the failing of payment processing mandatories such as PCI Compliance • Visit my business page – James Lee’s Free Payment Processing Consultation and Thumbs Up then You will get the further merchant guide Be connected at Social Connections: LinkedIn Twitter Facebook James Lee's reliable payment processing consultation helps you: More Resource Ask About Merchant Services James Lee M. 917.930.3945 AplusPayments@gmail.com http://b2breferral.wix.com/home

×