On IDC Adriatic Security Summit, held from 16th-17th April 2018 in Belgrade, Serbia, our Jasna Fumagalli, Compliance, Security and Risk Management Director hold a presentation "How to talk business" and gave her thoughts and expertise on security measures within business.
How to talk business on IDC Adriatic Security Summit 2018
1. IDC ADRIATIC SECURITY
SUMMIT 2018
HOW TO TALK BUSINESS
Jasna Fumagalli, Director of Compliance, Safety and Risk Management
Belgrade, April 2018
2. 22
Jasna Fumagalli
Director of Compliance, Safety and Risk Management
Graduated and magistered Law Degree from the University of
Zagreb at the Faculty of Law.
Worked in the banking industry from the beginning of career.
Extensive experience in the financial industry gained by
working in several banks and performing jobs that include all
segments of banking business.
In Mercury Processing Services International responsible for
the area of regulatory compliance in the widest sense. A special
focus is a segment of information security and the maintenance
of world certifications that the company has achieved and which
are a guarantee of the company’s focus on safe business
operations and customer data protection
Member of the professional association of ISACA, Croatian
Chamber.
NORMAL
3. ABOUT US
NORMAL
Mercury Processing Services International is a provider of payment solutions, dedicated to developing and
managing its payment business on an international level. Company was established in 2009.
Located in Croatia and Slovenia, we serve clients from the financial and banking sectors across Central & Eastern Europe
and North Africa. Our portfolio is tailored to meet regional, local market or individual client requirements and business
strategy.
Technological expertise is the main driver of enhancing and enriching our existing business relations, as well as the main
source for innovations we provide in the payment industry.
The foundations of Mercury Processing Services International rely on complementary strengths of the two strongest cards
businesses, Banka Koper and Privredna banka Zagreb, and their transition from local companies into a fully international
organization.
3
4. 4
We are committed to our
clients and their customers
Because our business depends
on the accuracy and security
with which we perform our
operations, we aim for
excellence in everything we
undertake.
But our job is more than just
running payments, but being
adaptable and anticipating the
needs of our clients, and
developing new services to
meet those needs and our
clients' specific institutional
context.
And take great pride in the
quality of our work
In today’s world, everything
has to be quick and easy to
use, and it’s the same with
payments. As all else in the life
of consumers, paying for
goods or a service needs to be
a simple, quick and secure
experience.
That's why our aim is to ensure
that payment process adapts
seamlessly to the lives of the
customers, and not the other
way around.
Together with the people who
make it happen
A vital part of our every success
is our team and their expertize,
so it’s imperative we keep an
open environment where all of
us can exchange ideas and
knowledge.
Equally important, where our
employees have the freedom
and support to grow as
individuals, team members and
team leaders.
ABOUT US
NORMAL
5. 5
OUR KEY PILLARS
SECURITY AND COMPLIANCE
WE FOCUS ON TRUST AND COMPLIANCE
• In-house development of Fraud Management solution
for detecting payment card fraud
• Acting as compliant guardian for banks
• Creating the most innovative and modern disaster
recovery solution
INNOVATION
WE STAY AHEAD OF TRENDS AND PROVIDE
INNOVATIVE SOLUTIONS
• Development of proximity payment solutions
• Implementation of new technologies and introduction
of modern services and functionalities
• Providing multi-payment schemes
INTERNATIONAL SPIRIT
WE ADAPT ACCORDING TO DIFFERENT MARKETS
• Meeting regional, local market or individual client
requirements and business strategy
• All employees are fluent in English
• The company is located in Croatia and Slovenia
OPERATIONAL EXCELLENCE
WE BRING EFFICIENCY AND PRODUCTIVITY
• Assuring high availability of service and operational
performance
• Implementations of improvement methodologies to
advance our products and services
NORMAL
6. Operating in
11 different markets
IN EUROPE, MIDDLE EAST
AND AFRICA
With more than
300 employees
IN OUR EVER GROWING
TEAM
Average processing
1,5 million transactions
A DAY
Processing
87 transactions
PER SECOND IN PEAK
TIMES
Managing cardholder data for
5,6 million accounts
WORLDWIDE
FACTS IN FIGURES
NORMAL 7
7. • Cardholder and Card
Management
• Issuer Authorization
Service
• Transaction Processing
• Proximity Payments
• POS Solutions
• ATM Solutions
• E-Commerce
• Reporting
• Call Center
• Dispute and Chargeback
Management
• Strong Authentication
• Fraud Detection
• Advanced Risk Modelling
• Loyalty Programs
ISSUING
SOLUTIONS
ACQUIRING
SOLUTIONS
VALUE ADDED
SERVICES
OUR SERVICES
NORMAL 8
8. WHY WE NEED TO TALK?
If business (revenue) is a king, than security is his
queen.
Only aligned business and security strategies can
lead to successful and prospective (secure) future.
Without mutual understanding (listening) it is almost
impossible to win the game.
In the end, goal(s) are the same for queen and for
the king.
NORMAL 9
9. 9
WHAT ARE THE CHALLENGES?
There is never enough time
Calculating ROI (especially if no
incident occurred)
We speak different languages
Different tactical needs and priorities
based on the assigned role
Resistance to change
Achieving risk awareness
NORMAL
10. 10
WHAT WE AIM TO ACHIEVE?
ALIGNED VISION
We need to look in the same direction prior to
getting there.
COMMUNICATION
Life is much easier if we better understand each
other
TRAVEL TOGETHER
There is more fun to travel together, than to
meet at the end.
INTEGRATE
Achieving security often means integration of
security elements within each business process
CORPORATE CULTURE
Avoid obstruction by converting corporate
culture into security enabler
PEACE OF MIND
Security aware employees, layered security
defense and properly addressed risks to
guarantee good night sleep.
NORMAL
11. IN PRACTICE…
11
• Security performs risk assessment and identifies risks above Company’s appetite
• Security proposes risk mitigation steps to reduce risks
• Business plan (e.g. lean canvas, cost-benefit analysis) for risk mitigation is presented
to Business…Communication breaks..
We can’t
do it.
No
budget!
This is
stupid.
This is not
priority. We don’t
want to do
it..
We will have
incidents..
We will lose
clients
We must
do it..
I am getting
too old for
this..
We will lose
license/
certificate We will
pay fees
NORMAL
12. WHAT CAN WE DO?
12
• Try to understand the impact of security measures on
business
• Be open to non-security topics
• Use simple language
• Use analogies for spreading information security messages
(e.g. https://theanalogiesproject.org/)
• Be open to comments
• Use real incident cases when presenting risks
• Be patient and willing to repeat yourself
• Get everyone on board by understanding what motivates
them
• Try to understand the security risk
• Be open to non-business topics
• Listen carefully
• Propagate security by your own example
• Learn from others, rather than on your own mistakes and
losses
• Focus on the right things - you are probably not properly
equipped to challenge security requirements, but you can
make your life easier if you understand the objective and are
engaged in finding proper solution
BUSINESS SECURITY
NORMAL