Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

New technology, revolutionising the same old motives

321 views

Published on

A talk at the Jisc security conference 2019 by Matt Ball, chairman, PCI DSS Special Interest Group.

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

New technology, revolutionising the same old motives

  1. 1. New technology... ....revolutionising the same old motives 6th November 2019
  2. 2. Technology expanding card payments.... 1950 -10,000 cards 2017 – 20.48 billion cards
  3. 3. Payment Security the continual need
  4. 4. Card fraud facts • 2017: £565.4 million (UK Issued cards) • 2018: £671.4 million (UK Issued cards) • 2018: £1.21 billion card fraud stopped by banks/card companies (up 14% from 2017) £6.27 in every £10 of attempted card fraud prevented Card fraud needs a continual supply of card data..... We process a lot of cards...
  5. 5. The “Die Hard” guide to common attacks Physical Attack Physical Network Compromise Remote Cyber Attack
  6. 6. Payment Security Perspectives • Essential Business as Usual activity • Integrates into payment processing • It’s the “silent service” your payers expect • It’s the “silent service” that your organisation thinks it has • Success is achieved via cross departmental partnership
  7. 7. PCI DSS Perspectives PCI-DSS: Payment Card Industry Data Security Standard. “ A standard designed with the aim of protecting the customer’s card holder data when it’s received, used, transmitted or stored within the merchant’s organisation.”
  8. 8. PCI DSS Perspectives • PCI DSS is the minimum data security standard • PCI DSS compliance evidences card payment security • PCI DSS compliance is a contractual obligation • PCI DSS is not a tick box exercise • Payment Security & PCI DSS is continuous • Success is achieved via cross departmental partnership
  9. 9. Security vs. Compliance Security Compliance Keeping the safe locked 24/7 Something we do every day • Customer Expectation • Business Expectation • Acquirer Expectation Reporting the safe was locked on the day we checked it A point in time view
  10. 10. Take card payments? – You have a CDE
  11. 11. The CDE: Card Data Environment What is it? The people, processes and technology that store, process, or transmit cardholder data or sensitive authentication data. CDE and supporting services impact payment security CDE and supporting services will be your PCI Scope
  12. 12. Merchant ID(MID): Heart of the CDE Merchant ID • Links to Acquirer (supplied under contract) • Accountable business owner • Essential to take a card payment Payment Service • Face to Face • MOTO / Cardholder not present • Online Supporting Services • Networks - Voice & Data • IT Support & support services • Physical Services / Facilities
  13. 13. When payment security comes off the rails...
  14. 14. Recognising value shapes our payment security approach Misunderstanding value
  15. 15. Convenience trumps security It’s only a post-it note......it’s not like the world will see it....
  16. 16. Other common causes • Lack of accountability and ownership (actual or perceived) • Training shortfall (not enough, not relevant, not understood) • Business demands (lack of time/resources/pressures) • Documentation (incomplete / out of date / just missing) • Complacency (“It’s never been a problem before”) • Resistance to change (“We’ve always done it this way”)
  17. 17. PCI DSS SIG • www.pcidsssig.org.uk • twitter.com/pcidsssig

×