SlideShare a Scribd company logo

Pymnts BlueFin Webinar

Download as PPTX, PDF
Romana Hai
Romana Hai

1. PCI-validated point-to-point encryption (P2PE) solutions have grown 700% in the past 4 years and can reduce the number of PCI requirements a merchant must comply with from 329 to 33. 2. P2PE provides a substantial return on investment (ROI) of 1,500% according to a recent white paper analysis. 3. Merchants now have more options for implementing PCI-validated P2PE, including working with a processor's validated solution, using a merchant-managed approach by selecting from over 75 validated P2PE components, or going through a P2PE "connected" provider like Bluefin's Decryptx product.

Business
1 of 17
bluefin.com What We Will Discuss Today 1 PCI-Validated P2PE Is Trending The number of available PCI-validated P2PE solutions has grown 700% in the past 4 years Scope Reduction Up to 90% for Many Merchants You can manage 329 PCI Requirements throughout your organization or you can lower that to 33 requirements with PCI P2PE The ROI is Substantial A recent white paper analysis done by Coalfire Systems Inc. demonstrated a 1,500% ROI for PCI P2PE
bluefin.com You Can’t Escape Data Breaches Data Breaches: 2007-2016 2 Why the escalation? Hackers want payment and personal data to resell on the black market for fraudulent use. Average cost per breached record Healthcare: $355 Education: $300 Retail: $172 Transportation: $129 0 200 400 600 800 1000 1200 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Industry Sectors: % of Overall Breaches Data Breach Statistics provided by the Identity Threat Resource Center (ITRC) Data Breach Costs provided by the Ponemon/IBM 2016 Cost of Data Breach Study Average Cost of a Data Breach: $4M, up 29% since 2013
bluefin.com Malware Defined Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware The Evolution of Breach Techniques
bluefin.com The attackers backed their way into Target's corporate network by compromising a third-party vendor – Fazio Mechanical, a refrigeration contractor. Malware, code-named Trojan.POSRAM, was used to infect Target's POS system. The "RAM-scraping" portion of the POS malware grabbed card information from the memory of POS- devices as cards were swiped. A phishing email duped at least one Fazio employee, allowing Citadel, a variant of the Zeus banking trojan, to be installed on Fazio computers. The attackers waited until the malware offered Fazio Mechanical's login credentials. Once the credit/debit card information was secure on a dump server, the POS malware sent a special ICMP (ping) packet to a remote server. The packet indicated that data resided on the dump server. The attackers then moved the stolen data to off-site FTP servers and sold the card information on the digital black market. Malware in Action at the POS – The Target Breach What have we learned?
bluefin.com There are Two Choices: Defend the Data or Devalue the Data 5 Implement more firewalls Implement more network perimeters Implement more monitoring systems Hire additional security staff Encrypt the data so if the hackers do get into the system – they get nothing VS
bluefin.com PC-Validated Point-to-Point Encryption (P2PE), which differs from end-to-end encryption, is a payment security solution introduced by the PCI SSC in 2011 that encrypts cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Hardware Security Module (HSM). PCI-Validated P2PE Devalues the Data
bluefin.com Holistic Payment Security P2PE EMV Tokenization Protects Card Data in Motion Authenticates the Card Protects Card Data at Rest P2PE’s Role in the Holistic Payment Security Approach 7
bluefin.com The Major Differences Between PCI- Validated and Non-Validated P2PE 8 PCI-Validated P2PE Non-Validated P2PE PCI Scope Reduction X Certified Device Key Injection X Device Chain of Custody X Tamper Proof Terminals X Online Device Management System X PCI P2PE solutions encrypt card data immediately upon card entry, preventing RAM scraping and thus preventing any clear-text data from entering the POS Only PCI-validated P2PE solutions have been certified to have the necessary device and security controls in place to reduce PCI scope and allow merchants and enterprises to qualify for the 33 question P2PE SAQ-HW
bluefin.com From 4 Validated Solutions in 2014 to 28 Today What to Look For in the Listings Listed solutions are found at https://www.pcisecuritystandards.org/assessors_and_solutions/po int_to_point_encryption_solutions
bluefin.com Processor P2PE The processor (or gateway) has received validation for their P2PE solution. You must be processing with the company to get P2PE. Examples include FreedomPay and CardConnect. You do not need to be processing with the PCI-validated provider to get P2PE. An example is Bluefin’s Decryptx Solution. These solutions are software based and provided through a SaaS company with processing. Examples include Instamed for healthcare. P2PE “Connected” Integrated P2PE The New Options for PCI P2PE: Processor, “Connected”, Merchant-Managed and Integrated Merchant- Managed P2PE Merchants can build their own custom P2PE solution from a list of PCI-validated P2PE component providers.
bluefin.com P2PE “Connected”: Bluefin’s Decryptx The only solution that enables acquirers, processors and gateways to offer PCI-validated P2PE via their platform and direct to their merchants
bluefin.com Merchant Managed P2PE Enables Merchants to Manage Their Own P2PE Solution Rather Than Being Locked Into a Processor’s Solution Device Chain of CustodyChoose your Vendors (must be certified by PCI SSC for P2PE) Current component providers can be found at https://www.pcisecuritystandards.org/assessors_and_solutions/point_to_point_encryption_components#tab-abc Certification/Registration Authorities Decryption Management Services Key Injection Facilities Encryption Management Services MMS
bluefin.com New in 2.0 – Remote Key Injection • The majority of merchants have purchased new hardware for EMV; all new terminals are also PCI-validated for P2PE acceptance • Previously, the only option for merchants that wanted PCI P2PE but had already purchased terminals was to take the terminals out of service and ship them to a certified Key Injection Facility (KIF) for P2PE key injection • Remote Key Injection (RKI) solves this problem by enabling the keys to be injected at the POS through a remote server – RKI is currently only available through a handful of PCI P2PE providers with more being added
bluefin.com 01 02 03 04 05 06 07 Example: Bluefin Management and Reporting Authorized merchant representative places order P2PE validated terminal is injected at KIF KIF ships terminal to merchant under strict controls Authorized merchant representative confirms receipt of terminal Merchant records terminal custody transfer in the P2PE Manager All transactions confirmed to originate from approved device Annual PCI Chain of Custody report generated from P2PE Manager P2PE Implementation Should be Plug and Play 14
bluefin.com PCI-Validated P2PE Reduces PCI Scope….. 15 The PCI SSC states that ONLY PCI-validated P2PE Solutions can reduce a merchants SAQ scope down to 29 questions 0 50 100 150 200 250 300 350 Non P2PE Merchants P2PE Merchants 329 Questions in the PCI SAQ D or ROC To 33 Questions for P2PE Merchants
bluefin.com ….And Provides a Significant ROI The detailed calculations are found in Section 3 of our Coalfire white paper, The Impact of PCI-Validated P2PE, released January 2017. Download the paper at https://www.bluefin.com/about/resources/ TCO = Visible Costs + Hidden Costs TCOcurrent = $22,400 + ($27,800 x 10) TCOcurrent = $22,400 + $278,000 TCOcurrent = $300,400 TCOP2PE = ($7,200 + $9,650) + [($4,200 + $13,450) x 10] TCOP2PE = $16,850 + $176,500 TCOP2PE = $193,350 ReturnP2PE = (Initial Cost Savings) + (Annual Cost Savings x 10) ReturnP2PE = ($22,400 - $9,650) + [($27,800 - $13,450 - $4,200) x 10] ReturnP2PE = ($12,750) + [($10,150) x 10] ReturnP2PE = ($12,750) + ($101,500) ReturnP2PE = $114,250 ROIP2PE = [(Return - Cost of Investment) / Cost of Investment] x 100 ROIP2PE = [($114,250 - $7,200) / $7,200] x 100 ROIP2PE = 1,487% ROI over ten years Return on Investment (ROI) and Total Cost of Ownership (TCO) Analysis Conducted by P2PE QSA Coalfire, Inc.
bluefin.com Final Thoughts • PCI-validated P2PE is alive and growing with version 2.0 • Remote P2PE Key Injection (RKI) will simplify deployments • Merchants can now access PCI P2PE by: • Designing P2PE Solutions from more than 75 available PCI- validated Applications & Components • Selecting from 28 Validated P2PE Solutions • Selecting from 23 P2PE-connected Payment Gateways and Software Providers through Decryptx • Download or ask for a copy of our P2PE Whitepaper by Coalfire, The Impact of PCI-Validated P2PE

Recommended

The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment SecurityTom Cooley
 
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...Visa
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230Shivlal Mewada
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
fidelity national information 2005 ar
fidelity national information 2005 arfidelity national information 2005 ar
fidelity national information 2005 arfinance48
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...Ingenico Group
 
FreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityFreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityJeff Vogel
 
PCI DSS Compliance. Shop Direct; A Case Study.
PCI DSS Compliance. Shop Direct; A Case Study. PCI DSS Compliance. Shop Direct; A Case Study.
PCI DSS Compliance. Shop Direct; A Case Study. Compliance3
 

Recommended

The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment SecurityTom Cooley
 
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...Visa
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230Shivlal Mewada
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
fidelity national information 2005 ar
fidelity national information 2005 arfidelity national information 2005 ar
fidelity national information 2005 arfinance48
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...Ingenico Group
 
FreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityFreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityJeff Vogel
 
PCI DSS Compliance. Shop Direct; A Case Study.
PCI DSS Compliance. Shop Direct; A Case Study. PCI DSS Compliance. Shop Direct; A Case Study.
PCI DSS Compliance. Shop Direct; A Case Study. Compliance3
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Aaron Nasseh - ISO & Agent Partner Programs
Aaron Nasseh - ISO & Agent Partner ProgramsAaron Nasseh - ISO & Agent Partner Programs
Aaron Nasseh - ISO & Agent Partner ProgramsAaron Nasseh
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonFares Sharif
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1Amanda Squires@Pod1
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliancepcidss14s
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)Greg Naderi
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)Greg Naderi
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
Selecting the Right Payment Technology Partner for Your Software Business
Selecting the Right Payment Technology Partner for Your Software BusinessSelecting the Right Payment Technology Partner for Your Software Business
Selecting the Right Payment Technology Partner for Your Software BusinessConstellation Payments
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS CertificationDigital Security
 
PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesControlCase
 
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Sutedjo Tjahjadi
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
DigiChain Blockhain on HyperLedger
DigiChain Blockhain on HyperLedgerDigiChain Blockhain on HyperLedger
DigiChain Blockhain on HyperLedgerRubayat Zahir, CISSP, CISM, CISA, CHFI, CEH
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance ReportHolly Vega
 
Masterclass Sample
Masterclass SampleMasterclass Sample
Masterclass SampleRomana Hai
 
Payology module 4 por
Payology module 4 porPayology module 4 por
Payology module 4 porRomana Hai
 

More Related Content

Similar to Pymnts BlueFin Webinar

Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Aaron Nasseh - ISO & Agent Partner Programs
Aaron Nasseh - ISO & Agent Partner ProgramsAaron Nasseh - ISO & Agent Partner Programs
Aaron Nasseh - ISO & Agent Partner ProgramsAaron Nasseh
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonFares Sharif
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliancepcidss14s
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)Greg Naderi
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)Greg Naderi
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
Selecting the Right Payment Technology Partner for Your Software Business
Selecting the Right Payment Technology Partner for Your Software BusinessSelecting the Right Payment Technology Partner for Your Software Business
Selecting the Right Payment Technology Partner for Your Software BusinessConstellation Payments
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS CertificationDigital Security
 
PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesControlCase
 
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Sutedjo Tjahjadi
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance ReportHolly Vega
 

Similar to Pymnts BlueFin Webinar (20)

Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Aaron Nasseh - ISO & Agent Partner Programs
Aaron Nasseh - ISO & Agent Partner ProgramsAaron Nasseh - ISO & Agent Partner Programs
Aaron Nasseh - ISO & Agent Partner Programs
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliance
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCI
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
Selecting the Right Payment Technology Partner for Your Software Business
Selecting the Right Payment Technology Partner for Your Software BusinessSelecting the Right Payment Technology Partner for Your Software Business
Selecting the Right Payment Technology Partner for Your Software Business
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS Certification
 
PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related Updates
 
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
DigiChain Blockhain on HyperLedger
DigiChain Blockhain on HyperLedgerDigiChain Blockhain on HyperLedger
DigiChain Blockhain on HyperLedger
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
 

More from Romana Hai

Masterclass Sample
Masterclass SampleMasterclass Sample
Masterclass SampleRomana Hai
 
Payology module 4 por
Payology module 4 porPayology module 4 por
Payology module 4 porRomana Hai
 
Payology Module 3 por
Payology Module 3 por Payology Module 3 por
Payology Module 3 por Romana Hai
 
payology module 2 por
payology module 2 por payology module 2 por
payology module 2 por Romana Hai
 
payology module por
payology module porpayology module por
payology module porRomana Hai
 
HOW WE WILL PAY
HOW WE WILL PAYHOW WE WILL PAY
HOW WE WILL PAYRomana Hai
 
Nokia On Analyzing, With Wisdom, The Cognition Of The Crowd
Nokia On Analyzing, With Wisdom, The Cognition Of The CrowdNokia On Analyzing, With Wisdom, The Cognition Of The Crowd
Nokia On Analyzing, With Wisdom, The Cognition Of The CrowdRomana Hai
 

More from Romana Hai (7)

Masterclass Sample
Masterclass SampleMasterclass Sample
Masterclass Sample
 
Payology module 4 por
Payology module 4 porPayology module 4 por
Payology module 4 por
 
Payology Module 3 por
Payology Module 3 por Payology Module 3 por
Payology Module 3 por
 
payology module 2 por
payology module 2 por payology module 2 por
payology module 2 por
 
payology module por
payology module porpayology module por
payology module por
 
HOW WE WILL PAY
HOW WE WILL PAYHOW WE WILL PAY
HOW WE WILL PAY
 
Nokia On Analyzing, With Wisdom, The Cognition Of The Crowd
Nokia On Analyzing, With Wisdom, The Cognition Of The CrowdNokia On Analyzing, With Wisdom, The Cognition Of The Crowd
Nokia On Analyzing, With Wisdom, The Cognition Of The Crowd
 

Recently uploaded

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...lizamodels9
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876dlhescort
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 

Recently uploaded (20)

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 

Pymnts BlueFin Webinar

  • 1. bluefin.com What We Will Discuss Today 1 PCI-Validated P2PE Is Trending The number of available PCI-validated P2PE solutions has grown 700% in the past 4 years Scope Reduction Up to 90% for Many Merchants You can manage 329 PCI Requirements throughout your organization or you can lower that to 33 requirements with PCI P2PE The ROI is Substantial A recent white paper analysis done by Coalfire Systems Inc. demonstrated a 1,500% ROI for PCI P2PE
  • 2. bluefin.com You Can’t Escape Data Breaches Data Breaches: 2007-2016 2 Why the escalation? Hackers want payment and personal data to resell on the black market for fraudulent use. Average cost per breached record Healthcare: $355 Education: $300 Retail: $172 Transportation: $129 0 200 400 600 800 1000 1200 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Industry Sectors: % of Overall Breaches Data Breach Statistics provided by the Identity Threat Resource Center (ITRC) Data Breach Costs provided by the Ponemon/IBM 2016 Cost of Data Breach Study Average Cost of a Data Breach: $4M, up 29% since 2013
  • 3. bluefin.com Malware Defined Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware The Evolution of Breach Techniques
  • 4. bluefin.com The attackers backed their way into Target's corporate network by compromising a third-party vendor – Fazio Mechanical, a refrigeration contractor. Malware, code-named Trojan.POSRAM, was used to infect Target's POS system. The "RAM-scraping" portion of the POS malware grabbed card information from the memory of POS- devices as cards were swiped. A phishing email duped at least one Fazio employee, allowing Citadel, a variant of the Zeus banking trojan, to be installed on Fazio computers. The attackers waited until the malware offered Fazio Mechanical's login credentials. Once the credit/debit card information was secure on a dump server, the POS malware sent a special ICMP (ping) packet to a remote server. The packet indicated that data resided on the dump server. The attackers then moved the stolen data to off-site FTP servers and sold the card information on the digital black market. Malware in Action at the POS – The Target Breach What have we learned?
  • 5. bluefin.com There are Two Choices: Defend the Data or Devalue the Data 5 Implement more firewalls Implement more network perimeters Implement more monitoring systems Hire additional security staff Encrypt the data so if the hackers do get into the system – they get nothing VS
  • 6. bluefin.com PC-Validated Point-to-Point Encryption (P2PE), which differs from end-to-end encryption, is a payment security solution introduced by the PCI SSC in 2011 that encrypts cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Hardware Security Module (HSM). PCI-Validated P2PE Devalues the Data
  • 7. bluefin.com Holistic Payment Security P2PE EMV Tokenization Protects Card Data in Motion Authenticates the Card Protects Card Data at Rest P2PE’s Role in the Holistic Payment Security Approach 7
  • 8. bluefin.com The Major Differences Between PCI- Validated and Non-Validated P2PE 8 PCI-Validated P2PE Non-Validated P2PE PCI Scope Reduction X Certified Device Key Injection X Device Chain of Custody X Tamper Proof Terminals X Online Device Management System X PCI P2PE solutions encrypt card data immediately upon card entry, preventing RAM scraping and thus preventing any clear-text data from entering the POS Only PCI-validated P2PE solutions have been certified to have the necessary device and security controls in place to reduce PCI scope and allow merchants and enterprises to qualify for the 33 question P2PE SAQ-HW
  • 9. bluefin.com From 4 Validated Solutions in 2014 to 28 Today What to Look For in the Listings Listed solutions are found at https://www.pcisecuritystandards.org/assessors_and_solutions/po int_to_point_encryption_solutions
  • 10. bluefin.com Processor P2PE The processor (or gateway) has received validation for their P2PE solution. You must be processing with the company to get P2PE. Examples include FreedomPay and CardConnect. You do not need to be processing with the PCI-validated provider to get P2PE. An example is Bluefin’s Decryptx Solution. These solutions are software based and provided through a SaaS company with processing. Examples include Instamed for healthcare. P2PE “Connected” Integrated P2PE The New Options for PCI P2PE: Processor, “Connected”, Merchant-Managed and Integrated Merchant- Managed P2PE Merchants can build their own custom P2PE solution from a list of PCI-validated P2PE component providers.
  • 11. bluefin.com P2PE “Connected”: Bluefin’s Decryptx The only solution that enables acquirers, processors and gateways to offer PCI-validated P2PE via their platform and direct to their merchants
  • 12. bluefin.com Merchant Managed P2PE Enables Merchants to Manage Their Own P2PE Solution Rather Than Being Locked Into a Processor’s Solution Device Chain of CustodyChoose your Vendors (must be certified by PCI SSC for P2PE) Current component providers can be found at https://www.pcisecuritystandards.org/assessors_and_solutions/point_to_point_encryption_components#tab-abc Certification/Registration Authorities Decryption Management Services Key Injection Facilities Encryption Management Services MMS
  • 13. bluefin.com New in 2.0 – Remote Key Injection • The majority of merchants have purchased new hardware for EMV; all new terminals are also PCI-validated for P2PE acceptance • Previously, the only option for merchants that wanted PCI P2PE but had already purchased terminals was to take the terminals out of service and ship them to a certified Key Injection Facility (KIF) for P2PE key injection • Remote Key Injection (RKI) solves this problem by enabling the keys to be injected at the POS through a remote server – RKI is currently only available through a handful of PCI P2PE providers with more being added
  • 14. bluefin.com 01 02 03 04 05 06 07 Example: Bluefin Management and Reporting Authorized merchant representative places order P2PE validated terminal is injected at KIF KIF ships terminal to merchant under strict controls Authorized merchant representative confirms receipt of terminal Merchant records terminal custody transfer in the P2PE Manager All transactions confirmed to originate from approved device Annual PCI Chain of Custody report generated from P2PE Manager P2PE Implementation Should be Plug and Play 14
  • 15. bluefin.com PCI-Validated P2PE Reduces PCI Scope….. 15 The PCI SSC states that ONLY PCI-validated P2PE Solutions can reduce a merchants SAQ scope down to 29 questions 0 50 100 150 200 250 300 350 Non P2PE Merchants P2PE Merchants 329 Questions in the PCI SAQ D or ROC To 33 Questions for P2PE Merchants
  • 16. bluefin.com ….And Provides a Significant ROI The detailed calculations are found in Section 3 of our Coalfire white paper, The Impact of PCI-Validated P2PE, released January 2017. Download the paper at https://www.bluefin.com/about/resources/ TCO = Visible Costs + Hidden Costs TCOcurrent = $22,400 + ($27,800 x 10) TCOcurrent = $22,400 + $278,000 TCOcurrent = $300,400 TCOP2PE = ($7,200 + $9,650) + [($4,200 + $13,450) x 10] TCOP2PE = $16,850 + $176,500 TCOP2PE = $193,350 ReturnP2PE = (Initial Cost Savings) + (Annual Cost Savings x 10) ReturnP2PE = ($22,400 - $9,650) + [($27,800 - $13,450 - $4,200) x 10] ReturnP2PE = ($12,750) + [($10,150) x 10] ReturnP2PE = ($12,750) + ($101,500) ReturnP2PE = $114,250 ROIP2PE = [(Return - Cost of Investment) / Cost of Investment] x 100 ROIP2PE = [($114,250 - $7,200) / $7,200] x 100 ROIP2PE = 1,487% ROI over ten years Return on Investment (ROI) and Total Cost of Ownership (TCO) Analysis Conducted by P2PE QSA Coalfire, Inc.
  • 17. bluefin.com Final Thoughts • PCI-validated P2PE is alive and growing with version 2.0 • Remote P2PE Key Injection (RKI) will simplify deployments • Merchants can now access PCI P2PE by: • Designing P2PE Solutions from more than 75 available PCI- validated Applications & Components • Selecting from 28 Validated P2PE Solutions • Selecting from 23 P2PE-connected Payment Gateways and Software Providers through Decryptx • Download or ask for a copy of our P2PE Whitepaper by Coalfire, The Impact of PCI-Validated P2PE