Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Card fraud and compliance training


Published on

Published in: Economy & Finance, Business
  • Be the first to comment

  • Be the first to like this

Card fraud and compliance training

  1. 1. CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING Three (3) - Day Course On Card Fraud Prevention & PCI DSS Compliance Training For Executives of CBN, Banks, EFT Switches, NIBSS And Payment Service Providers Organized By Ethnos IT Solutions Ltd, Lagos And Mindset Resource Consulting, UK Facilitated By Trustwave Ltd, South AfricaSouth AfricaAugust 27- 29, 2012 1
  2. 2. CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAININGDate: August 27-29, 2012Venue: Trustwave Academy, Regus, 2nd Floor, West Tower, Maude Street, Nelson MandelaSquare, Sandton, Johannesburg 2196, South AfricaCourse Fee: NGN250,000 Per Participant (Excluding airfare, hotel accommodation andfeeding)Keynote Address by Mr. Dipo Fatokun, Director, Banking & Payments System Department,Central Bank of NigeriaCourse Introduction:In view of the growing concern by the Central Bank of Nigeria and the stakeholders in theelectronic payment industry to combat card fraud and ensure integrity and sustainability ofthe on-going cash-lite initiative, we propose to hold a 3-day intensive training workshop onPreventing Card Fraud and PCI DSS Compliance Certification and Management.The electronic means of payment for goods and services has gone on to become one of themajor contributors to economic growth; it brings enormous value into the global financialservices and has made business transactions all over the world effortless. In Nigeria, the CBNhas recently introduced the cashless policy which will go a long way to position Nigeria as aseriously developing economy.However, reports available shows that on-line fraud in Nigeria is on the increase and posinga threat to the success of the cashless policy and on the long run could cripple the nobleintension of the apex bank.Given that Nigeria is a grossly unregulated economy, the need for the apex bank to inculcatea holistic approach to help securing the electronic payment system is urgently requiredjudging from the alarming rate of intentional and non-intentional threats and attacks,sophisticated cybercrimes locally as well as globally.We therefore recommend that the central bank of Nigeria has to be on top of its game interms of providing the regulatory oversight to strengthen the policy implementation, bearingin mind that customers are already expressing apathy on the meaningful implementation ofthe cashless policy.The course will cover critical component of security compliance program designed toeducate attendees on general overview of the PCI DSS regulatory environment, payment cardthreats, and an in-depth review of the gains and pains of compliance and noncompliance.The training program provides an overview of the PCI DSS regulatory environment, cardprocessing vulnerabilities and threats, and an in-depth review of each requirement to helpbuild an organizational PCI DSS understanding and implement a methodology for thecompliance process. 2
  3. 3. CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAININGCourse DescriptionThe Course consists of three sessions held over three days. The first session highlights cardfraud & data compromise as well as payment card acceptance mechanisms and provides anoverview of the PCI regulatory environment. The second session sheds light on the inherentvulnerabilities and threats to payment card processing. This session also focuses on the PCIDSS validation process and the preparation of a PCI DSS Report on Compliance (ROC). Thethird session is devoted to the 12 requirements of the PCI DSS. Each PCI DSS requirement isreviewed in depth, enabling participants to gain a better understanding of PCI DSScompliance validation requirements and regulatory processes.This Course is tailored to meet the needs of a global audience, and will be delivered by a teamof QSAs that have regional experience and expertise. Regional differences in PCI DSScompliance monitoring and validation will be addressed based on audience need. Acquiringbanks, global merchants, service providers, enterprise corporations, will benefit from a betterunderstanding of the role they play in enforcing and adhering to the PCI DSS.AudienceThese sessions offer a practical and procedural overview of the PCI and the requirements ofthe PCI DSS to the following: • Executives that play a role in the processing, storage, availability and protection of payment card data will benefit most from the full series. • Senior executives, security consultants, project managers and internal auditors who play a role in the PCI DSS compliance validation process within their organizations will also benefit from the first half-day session. • Banking & Payment Systems Department of CBN and others involved in supervising and regulating the payment services.Topics/Course ScheduleDay OneCard Fraud & Data Compromise:  Attack vectors  Elements of a successful attack  Understanding the attackers mindset  Social engineering  Real vs perceived security  Security procedures impact on real risk  Systemic fraud  Typical attacks  Race condition attack  Data acquisition as part of well organised attack  How to recognize attack patterns for zero-day attack approach,Day TwoIntroduction to the PCI Regulatory Environment: 3
  4. 4. CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING • Identify the PCI regulatory bodies and stakeholders • Describe PCI transactions and security vulnerabilities • Identify merchant PCI DSS compliance obligations and workflow • Describe the PCI DSS 6 goals and 12 requirements Protecting Payment Card Data and Managing Compliance (half day session): • Describe the inherent and increasing value of payment card data • Identify PCI data risks and threats • Describe common strategies for segmenting data networks, protecting data at risk and controlling validation scope • Plan and manage a PCI DSS assessment engagement • Describe the sections of a PCI DSS compliant ROCDay ThreeInterpreting the PCI DSS Requirements: • Describe each PCI DSS security requirement • Interpret the intent of each requirement • Identify the accepted minimum controls to meet each requirement • Managing PCI DSS program • Sustaining ComplianceAbout TrustwaveTrustwave is a global leader in security and compliance, and are the experts when it comes tohelping organisations comply with the Payment Card Industry Data Security Standard (PCIDSS). Utilizing this specialized knowledge, Trustwave developed the PCI DSS trainingcourse that provides a technical overview of the Payment Card Industry (PCI), itsstakeholders and the security measures taken to guarantee the security of payment card dataglobally.Participants in this series will go away with the knowledge necessary to understand the PCIDSS and how it impacts their respective organizations, as well as how to implement a fullcompliance validation and maintenance program.Trustwave has the largest, most experienced team of QSAs, with more than 100 ofTrustwave’s data security experts certified by the PCI Security Standards Council as QSAs.This certification enables QSAs to conduct on-site data security assessments for PCI DSScompliance. These experts are held to the highest standards, and QSAs must recertify everyyear by attending training and passing an exam.Drawing on this wealth of global experience and insight into the PCI, Trustwave designedthe PCI DSS Course Series to help organizations fulfil their PCI compliance obligations andbuild trust with their customers while empowering regulators with knowledge and capacityto support the stakeholders in securing customer card holder data. 4
  5. 5. CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAININGContact Details:For more information concerning this training course, please contact:Peter Ejiofor - President/CEOEthnos IT Solutions Ltd+234 (0)1 8447001, Cell: 08084074763pe@ethnosit.netwww.ethnosit.netVictor Ekpu -Managing Consultant/CEOMindset Resource Consulting UKTel: +44 (0) 141 959 3189 | Mobile: +44 (0) 794 733 can register online thru: or our office: 15, KusenlaRoad, Ikate Elegushi, Lekki Victoria Island Lagos. 01-8447001, 08084074763,mail@ethnosit.netPaymentYou can either pay in the office or directly to the bank account that will be provided toyou after registration.ACCOUNT NAME: ETHNOS IT SOLUTIONS LTDAccount Numbers: 1012898672Bank: Zenith Bank PlcBranch: Idumagbo Branch, 82 Enu-Owa Street, Idumagbo, LagosBranh Sort Code: 057150039Bank Swift Code: ZEIBNGLAVisa (If required)We would issue you Trustwave will send you invitation letter after registration with fullpaymentAny Other Information:Please contact: Peter Ejiofor - 15, Kusenla Road, Ikate Elegushi, Lekki Victoria Island Lagos.01-8447001, 08084074763, 5