Continuous PCI and GDPR Compliance With Data-Centric Security describes how to develop a data security environment that is GDPR and/or PCI DSS compliant by utilizing tokenisation to pseudonymize sensitive data. Contact: Sales@tokenex.com
Best Practices for PCI Scope Reduction - TokenEx & KyteTokenEx
Best practices for PCI Scope Reduction includes some common misconceptions, important definitions, and an overview of technologies such as tokenization and encryption to help reduce PCI DSS scope and achieve compliance.
PCI Descoping: How to Reduce Controls and Streamline ComplianceTokenEx
Descoping a data environment by decreasing the amount of PCI traversing it is one of the simplest and most effective ways of complying with the PCI DSS. By outsourcing the handling of sensitive payment information to security experts, organizations can reduce compliance and operational costs while minimizing the risk and liability associated with a potential data breach. Tokenization is especially effective at this due to its ability to remove sensitive data from an environment and store it in a secure, cloud-based token vault.
In this deck you will learn:
PCI controls for organizations that handle card information
Which controls can be removed from scope
How cloud-based tokenization outsources PCI compliance to a tokenization provider
Additional strategies and best practices for achieving PCI compliance
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)TokenEx
Achieving and maintaining compliance with the PCI DSS (Payment Card Industry Data Security Standard) is a complex and painful process that can vary widely across different industries and businesses. PCI scope reduction can simplify and reduce the pain of compliance for many organizations.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
This webinar discusses techniques for reducing an organization's cardholder data footprint to simplify PCI DSS compliance. It covers tokenization, which replaces sensitive card data with random tokens that have no value. Tokenization stores the original data in a secure vault and allows transactions to use tokens instead of real card numbers, reducing the scope of systems and data in scope for PCI compliance. Other techniques discussed include network segmentation, point-to-point encryption, and outsourcing services to PCI-compliant vendors. Reducing an organization's cardholder data footprint lowers the cost and effort of compliance while also preventing data breaches and theft.
Isaca new delhi india privacy and big dataUlf Mattsson
This document summarizes Ulf Mattsson's presentation on bridging the gap between privacy and big data. Some key points:
- Ulf Mattsson is the CTO of Protegrity and has over 20 years of experience in encryption, tokenization, and data security.
- Big data and cloud computing are driving needs for data security due to regulations, expanding threats, and the desire to gain insights from sensitive data. However, emerging technologies also introduce new vulnerabilities.
- Regulations like PCI DSS and various privacy laws mandate protecting sensitive data. Compliance is important as non-compliance results in fines.
- Threats are also expanding as cyber criminals target valuable data and insiders remain
The document discusses best practices for PCI compliance and data protection. It introduces new PCI-DSS requirements and how they apply to merchants, service providers and hosting companies. It emphasizes using data discovery tools, limiting data access and retention, and implementing strong access controls, encryption, monitoring and auditing. The document recommends moving beyond point solutions to a layered data defense approach that protects data from unauthorized access and exfiltration across different systems.
This document provides an overview of new technologies for data protection presented by Ulf Mattsson, Chief Security Strategist at Protegrity. It discusses several emerging technologies like homomorphic encryption, differential privacy, and secure multi-party computation that can be used to enable secure data sharing and analytics while preserving privacy. It also provides examples of how these technologies can be applied in domains like healthcare, financial services, and retail to derive insights from sensitive data in a privacy-preserving manner and in compliance with regulations.
Best Practices for PCI Scope Reduction - TokenEx & KyteTokenEx
Best practices for PCI Scope Reduction includes some common misconceptions, important definitions, and an overview of technologies such as tokenization and encryption to help reduce PCI DSS scope and achieve compliance.
PCI Descoping: How to Reduce Controls and Streamline ComplianceTokenEx
Descoping a data environment by decreasing the amount of PCI traversing it is one of the simplest and most effective ways of complying with the PCI DSS. By outsourcing the handling of sensitive payment information to security experts, organizations can reduce compliance and operational costs while minimizing the risk and liability associated with a potential data breach. Tokenization is especially effective at this due to its ability to remove sensitive data from an environment and store it in a secure, cloud-based token vault.
In this deck you will learn:
PCI controls for organizations that handle card information
Which controls can be removed from scope
How cloud-based tokenization outsources PCI compliance to a tokenization provider
Additional strategies and best practices for achieving PCI compliance
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)TokenEx
Achieving and maintaining compliance with the PCI DSS (Payment Card Industry Data Security Standard) is a complex and painful process that can vary widely across different industries and businesses. PCI scope reduction can simplify and reduce the pain of compliance for many organizations.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
This webinar discusses techniques for reducing an organization's cardholder data footprint to simplify PCI DSS compliance. It covers tokenization, which replaces sensitive card data with random tokens that have no value. Tokenization stores the original data in a secure vault and allows transactions to use tokens instead of real card numbers, reducing the scope of systems and data in scope for PCI compliance. Other techniques discussed include network segmentation, point-to-point encryption, and outsourcing services to PCI-compliant vendors. Reducing an organization's cardholder data footprint lowers the cost and effort of compliance while also preventing data breaches and theft.
Isaca new delhi india privacy and big dataUlf Mattsson
This document summarizes Ulf Mattsson's presentation on bridging the gap between privacy and big data. Some key points:
- Ulf Mattsson is the CTO of Protegrity and has over 20 years of experience in encryption, tokenization, and data security.
- Big data and cloud computing are driving needs for data security due to regulations, expanding threats, and the desire to gain insights from sensitive data. However, emerging technologies also introduce new vulnerabilities.
- Regulations like PCI DSS and various privacy laws mandate protecting sensitive data. Compliance is important as non-compliance results in fines.
- Threats are also expanding as cyber criminals target valuable data and insiders remain
The document discusses best practices for PCI compliance and data protection. It introduces new PCI-DSS requirements and how they apply to merchants, service providers and hosting companies. It emphasizes using data discovery tools, limiting data access and retention, and implementing strong access controls, encryption, monitoring and auditing. The document recommends moving beyond point solutions to a layered data defense approach that protects data from unauthorized access and exfiltration across different systems.
This document provides an overview of new technologies for data protection presented by Ulf Mattsson, Chief Security Strategist at Protegrity. It discusses several emerging technologies like homomorphic encryption, differential privacy, and secure multi-party computation that can be used to enable secure data sharing and analytics while preserving privacy. It also provides examples of how these technologies can be applied in domains like healthcare, financial services, and retail to derive insights from sensitive data in a privacy-preserving manner and in compliance with regulations.
Securing data today and in the future - Oracle NYCUlf Mattsson
NYOUG - New York Oracle Users Group:
- Risks Associated with Cloud Computing
- Data Tokens in a Cloud Environment
- Data Tokenization at the Gateway Layer
- Data Tokenization at the Database Layer
- Risk Management and PCI
This document summarizes the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 from May 2018. It provides an overview of the 12 requirements of the PCI DSS, which are aimed at building and maintaining secure networks, protecting cardholder data, maintaining vulnerability management, implementing strong access control, monitoring networks regularly, and maintaining information security policies. It also provides context on the applicability of the PCI DSS and relationship with the Payment Application Data Security Standard. The document defines what payment card and authentication data are in scope to be protected and provides guidance on the scope of system components covered by the PCI DSS requirements.
In this 45 minute webinar ControlCase will discuss the following in the context of PCI DSS and PA DSS
- Network Segmentation
- Card Data Discovery
- Vulnerability Scanning and Penetration Testing
- Card Data Storage in Memory
- Q&A
Data Virtualization for Accelerated Digital Transformation in Banking and Fin...Denodo
This document discusses a case study of a regional community bank that improved business process efficiency using a logical data warehouse from Denodo. The bank used Denodo to aggregate data from multiple cloud and on-premise sources, which it then used to power self-service reports, dashboards, and real-time operations. This improved reporting turnaround times from 2-3 days to 2 hours and allowed loan processing to be done in real-time. Denodo provided a centralized data platform that was flexible enough to easily incorporate new data sources from acquisitions.
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
The document discusses the rise of data ethics and security. It begins with an introduction of the speaker and their background. It then covers various topics related to data ethics including the data lifecycle, implementation of data ethics through vision, strategy, governance and more. Big data security is also discussed as it relates to data governance, challenges, and approaches to building a security program. Regulatory requirements and their impact on data scientists is covered as it relates to privacy. Techniques for privacy control like data masking and tokenization in ETL processes are presented.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
Big Data systems like Hadoop provide analysis of massive amounts of data to open up “Big Answers”, identifying trends and new business opportunities. The massive scalability and economical storage also provides the opportunity to monetize collected data by selling it to a third party.
However, the biggest issue with Big Data remains security. Like any other system, the data must be protected according to regulatory mandates, such as PCI, HIPAA and Privacy laws; from both external and internal threats – including privileged users.
So how can we bridge the gap between access to vast amounts of data, and security of more and more types of data, in this rapidly evolving new environment?
In this webinar, Ulf Mattsson explores the issues and provide solutions to bring together data insight and security in Big Data. With deep knowledge in advanced data security technologies, Ulf explains the best practices in order to safely unlock the power of Big Data.
Spirit of PCI DSS by Dr. Anton Chuvakin
PCI compliance is seen by many merchants as “a checklist exercise” which is disconnected from reducing their fraud costs, security risks and other losses. It is sometimes perceived as a painful exercise in futility, enforced by some “higher powers” who don’t care about merchants. This presentation will discuss how to bring back the real spirit of PCI DSS, the spirit of data security, risk reduction and trustworthy business transactions. It will discuss, in particular, how to use the controls of PCI DSS to protect your business from online threats and highly damaging hacker attacks. Moreover, focusing on the spirit of PCI DSS will help merchants to both simplify compliance and improve security, while protecting their customers and their sensitive data and keeping acquirers and brands happy.
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
Complying with the PCI standard is a normal part of doing business in today’s credit-centric world. But, PCI applies to multiple platforms.
The challenge becomes how to map the general PCI requirements to a specific platform, such as IBM i. And, more importantly, how can you maintain—and prove—compliance?
This slideshow will help you understand:
- How PCI requirements relate to IBM i systems
- IBM i-specific barriers to compliance
-How PowerTech security solutions help you fulfill PCI requirements, meet compliance guidelines, and satisfy auditors
You’ll have the knowledge and confidence you need to evaluate PCI compliance requirements and prepare your IBM i system for today’s regulatory challenges.
The past, present, and future of big data securityUlf Mattsson
ONE OF THE BIGGEST REMAINING CONCERNS REGARDING HADOOP, PERHAPS SECOND ONLY TO ROI, IS SECURITY.
The Past, Present, and Future of Big Data SecurityWhile Apache Hadoop and the craze around Big Data seem to have exploded out into the market, there are still a lot more questions than answers about this new environment.
Hadoop is an environment with limited structure, high ingestion volume, massive scalability and redundancy, designed for access to a vast pool of multi-structured data. What’s been missing is new security tools to match.
Read more in this article by Ulf Mattsson, Protegrity CTO, originally published by Help Net Security’s (IN)SECURE Magazine.
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
The document summarizes information about PCI certification and compliance. It discusses the evolution of PCI standards over time from various card brand initiatives in 2000 to the agreed PCI DSS standard in 2004. It outlines validation requirements and requirements of the standard. It also discusses top reasons for audit failures, such as logging of track data and lack of policies. Risk reduction strategies like data elimination and tokenization are mentioned. Actions organizations can take to ensure compliance and reduce risk are provided.
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, a company that provides data security solutions through encryption, tokenization, and policy-driven approaches. He has over 20 years of experience in data security research. This presentation discusses evolving data security risks and reviews options for enterprise data protection strategies. It examines studies on implementing protection in real-world scenarios and recommends balancing performance, security, and compliance when choosing defenses for sensitive data across different systems and storage locations. The presentation also introduces Protegrity's centralized risk-adjusted platform for securing data throughout its lifecycle.
This document provides a quick reference guide to understanding the Payment Card Industry Data Security Standard version 3.1. It contains an overview of PCI requirements including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access controls, regularly monitoring networks, and maintaining an information security policy. It also provides security controls and processes for each PCI DSS requirement to help entities protect payment card data.
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
The document provides an overview of enterprise data protection options and strategies. It discusses the changing threat landscape, including increasingly sophisticated attackers and the need for preventative controls. Regarding payment card industry data security standards (PCI DSS), it notes there are 12 rules and 4 approved ways to render credit card numbers unreadable. A case study is presented of a large retail chain that used tokenization to simplify PCI compliance, achieving benefits like faster audits, lower costs, and better security. Different data security methods like hashing, encryption, and tokenization are compared in terms of how they can be applied at the application, database, and storage levels. Best practices for tokenization and evaluating various approaches are also covered.
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
To ensure their compliance with the PCI Data Security Standard, many businesses have turned to SafeNet technology for a solution. To meet these demands, SafeNet offers a range
of products, proprietary and through partner alliance. SafeNet, a global leader in information security, provides the industry’s most comprehensive range of solutions to help companies achieve compliance with the PCI Data Security Standard. Through its own proven set of products, along with an extensive partner network, SafeNet can provide merchants with the assurance that sensitive and valuable cardholder information is protected from all types of threats, and that regulatory compliance is not only being met, but
exceeded.
A detailed analysis on the Security Standard goals and requirements. Examples of companies that failed to comply, with emphasis on which part of the security standards they violated and the fines that resulted as a result of their non-compliance.
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
PCI DSS Security Standards have for long been a hot topic of discussion in the industry. It may seem quite confusing and intimidating, as many organizations fail to understand its requirements and area of application.
The document provides an overview of cloud infrastructure architecture and security. It discusses key cloud security concepts like the shared responsibility model between cloud providers and customers. It also covers common cloud security categories such as identity and access management, data security, compliance with regulations, and security best practices and frameworks.
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...TokenEx
At PCI London 2018, TokenEx Solutions Architect John Noltensmeyer presented modern strategies and methodologies for using cloud-based tokenisation and pseudonymization to ease GDPR burdens. For more information visit www.tokenex.com or contact sales@tokenex.com.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Securing data today and in the future - Oracle NYCUlf Mattsson
NYOUG - New York Oracle Users Group:
- Risks Associated with Cloud Computing
- Data Tokens in a Cloud Environment
- Data Tokenization at the Gateway Layer
- Data Tokenization at the Database Layer
- Risk Management and PCI
This document summarizes the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 from May 2018. It provides an overview of the 12 requirements of the PCI DSS, which are aimed at building and maintaining secure networks, protecting cardholder data, maintaining vulnerability management, implementing strong access control, monitoring networks regularly, and maintaining information security policies. It also provides context on the applicability of the PCI DSS and relationship with the Payment Application Data Security Standard. The document defines what payment card and authentication data are in scope to be protected and provides guidance on the scope of system components covered by the PCI DSS requirements.
In this 45 minute webinar ControlCase will discuss the following in the context of PCI DSS and PA DSS
- Network Segmentation
- Card Data Discovery
- Vulnerability Scanning and Penetration Testing
- Card Data Storage in Memory
- Q&A
Data Virtualization for Accelerated Digital Transformation in Banking and Fin...Denodo
This document discusses a case study of a regional community bank that improved business process efficiency using a logical data warehouse from Denodo. The bank used Denodo to aggregate data from multiple cloud and on-premise sources, which it then used to power self-service reports, dashboards, and real-time operations. This improved reporting turnaround times from 2-3 days to 2 hours and allowed loan processing to be done in real-time. Denodo provided a centralized data platform that was flexible enough to easily incorporate new data sources from acquisitions.
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
The document discusses the rise of data ethics and security. It begins with an introduction of the speaker and their background. It then covers various topics related to data ethics including the data lifecycle, implementation of data ethics through vision, strategy, governance and more. Big data security is also discussed as it relates to data governance, challenges, and approaches to building a security program. Regulatory requirements and their impact on data scientists is covered as it relates to privacy. Techniques for privacy control like data masking and tokenization in ETL processes are presented.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
Big Data systems like Hadoop provide analysis of massive amounts of data to open up “Big Answers”, identifying trends and new business opportunities. The massive scalability and economical storage also provides the opportunity to monetize collected data by selling it to a third party.
However, the biggest issue with Big Data remains security. Like any other system, the data must be protected according to regulatory mandates, such as PCI, HIPAA and Privacy laws; from both external and internal threats – including privileged users.
So how can we bridge the gap between access to vast amounts of data, and security of more and more types of data, in this rapidly evolving new environment?
In this webinar, Ulf Mattsson explores the issues and provide solutions to bring together data insight and security in Big Data. With deep knowledge in advanced data security technologies, Ulf explains the best practices in order to safely unlock the power of Big Data.
Spirit of PCI DSS by Dr. Anton Chuvakin
PCI compliance is seen by many merchants as “a checklist exercise” which is disconnected from reducing their fraud costs, security risks and other losses. It is sometimes perceived as a painful exercise in futility, enforced by some “higher powers” who don’t care about merchants. This presentation will discuss how to bring back the real spirit of PCI DSS, the spirit of data security, risk reduction and trustworthy business transactions. It will discuss, in particular, how to use the controls of PCI DSS to protect your business from online threats and highly damaging hacker attacks. Moreover, focusing on the spirit of PCI DSS will help merchants to both simplify compliance and improve security, while protecting their customers and their sensitive data and keeping acquirers and brands happy.
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
Complying with the PCI standard is a normal part of doing business in today’s credit-centric world. But, PCI applies to multiple platforms.
The challenge becomes how to map the general PCI requirements to a specific platform, such as IBM i. And, more importantly, how can you maintain—and prove—compliance?
This slideshow will help you understand:
- How PCI requirements relate to IBM i systems
- IBM i-specific barriers to compliance
-How PowerTech security solutions help you fulfill PCI requirements, meet compliance guidelines, and satisfy auditors
You’ll have the knowledge and confidence you need to evaluate PCI compliance requirements and prepare your IBM i system for today’s regulatory challenges.
The past, present, and future of big data securityUlf Mattsson
ONE OF THE BIGGEST REMAINING CONCERNS REGARDING HADOOP, PERHAPS SECOND ONLY TO ROI, IS SECURITY.
The Past, Present, and Future of Big Data SecurityWhile Apache Hadoop and the craze around Big Data seem to have exploded out into the market, there are still a lot more questions than answers about this new environment.
Hadoop is an environment with limited structure, high ingestion volume, massive scalability and redundancy, designed for access to a vast pool of multi-structured data. What’s been missing is new security tools to match.
Read more in this article by Ulf Mattsson, Protegrity CTO, originally published by Help Net Security’s (IN)SECURE Magazine.
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
The document summarizes information about PCI certification and compliance. It discusses the evolution of PCI standards over time from various card brand initiatives in 2000 to the agreed PCI DSS standard in 2004. It outlines validation requirements and requirements of the standard. It also discusses top reasons for audit failures, such as logging of track data and lack of policies. Risk reduction strategies like data elimination and tokenization are mentioned. Actions organizations can take to ensure compliance and reduce risk are provided.
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, a company that provides data security solutions through encryption, tokenization, and policy-driven approaches. He has over 20 years of experience in data security research. This presentation discusses evolving data security risks and reviews options for enterprise data protection strategies. It examines studies on implementing protection in real-world scenarios and recommends balancing performance, security, and compliance when choosing defenses for sensitive data across different systems and storage locations. The presentation also introduces Protegrity's centralized risk-adjusted platform for securing data throughout its lifecycle.
This document provides a quick reference guide to understanding the Payment Card Industry Data Security Standard version 3.1. It contains an overview of PCI requirements including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access controls, regularly monitoring networks, and maintaining an information security policy. It also provides security controls and processes for each PCI DSS requirement to help entities protect payment card data.
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
The document provides an overview of enterprise data protection options and strategies. It discusses the changing threat landscape, including increasingly sophisticated attackers and the need for preventative controls. Regarding payment card industry data security standards (PCI DSS), it notes there are 12 rules and 4 approved ways to render credit card numbers unreadable. A case study is presented of a large retail chain that used tokenization to simplify PCI compliance, achieving benefits like faster audits, lower costs, and better security. Different data security methods like hashing, encryption, and tokenization are compared in terms of how they can be applied at the application, database, and storage levels. Best practices for tokenization and evaluating various approaches are also covered.
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
To ensure their compliance with the PCI Data Security Standard, many businesses have turned to SafeNet technology for a solution. To meet these demands, SafeNet offers a range
of products, proprietary and through partner alliance. SafeNet, a global leader in information security, provides the industry’s most comprehensive range of solutions to help companies achieve compliance with the PCI Data Security Standard. Through its own proven set of products, along with an extensive partner network, SafeNet can provide merchants with the assurance that sensitive and valuable cardholder information is protected from all types of threats, and that regulatory compliance is not only being met, but
exceeded.
A detailed analysis on the Security Standard goals and requirements. Examples of companies that failed to comply, with emphasis on which part of the security standards they violated and the fines that resulted as a result of their non-compliance.
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
PCI DSS Security Standards have for long been a hot topic of discussion in the industry. It may seem quite confusing and intimidating, as many organizations fail to understand its requirements and area of application.
The document provides an overview of cloud infrastructure architecture and security. It discusses key cloud security concepts like the shared responsibility model between cloud providers and customers. It also covers common cloud security categories such as identity and access management, data security, compliance with regulations, and security best practices and frameworks.
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...TokenEx
At PCI London 2018, TokenEx Solutions Architect John Noltensmeyer presented modern strategies and methodologies for using cloud-based tokenisation and pseudonymization to ease GDPR burdens. For more information visit www.tokenex.com or contact sales@tokenex.com.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, with over 20 years of experience in research and development and global services at IBM. He has been involved in developing encryption, tokenization, and intrusion prevention technologies. The document discusses cross-border offshoring and outsourcing of privacy sensitive data in the cloud. It notes that cloud services are often provided by third parties and can involve data being stored in multiple locations. Regulations like PCI DSS and national privacy laws apply when data crosses borders or is outsourced. Sensitive data needs to be protected to comply with regulations and address threats while also enabling useful insights from the data. Methods like de-identification through tokenization and encryption can protect identifiable data
Isaca atlanta - practical data security and privacyUlf Mattsson
1. The document discusses various data security and privacy techniques such as tokenization, encryption, anonymization models, and standards. It provides examples of how these techniques can be applied on-premises and in cloud environments.
2. Major privacy regulations and standards discussed include the GDPR, CCPA, and ISO privacy standards. Key requirements around encryption, tokenization, and data mapping are examined.
3. Different data techniques are compared including differential privacy, homomorphic encryption, k-anonymity models, and their applications in analytics and machine learning.
Webcast title : GDPR: Protecting Your Data
Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process.
Specifically, we will cover:
What is considered "Personal Data" and why it needs to be "protected"
The Legal Aspects of Data Protection under GDPR.
The technical ways to protect/pseudonymization
In this Session you will learn from the leading experts:
- Ulf Mattsson: The father of database Encryption.
- Martyn Hope: The Co-Founder of the GDPR Institut.
- Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit.
Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris
GDPR and evolving international privacy regulationsUlf Mattsson
The document discusses evolving international privacy regulations, focusing on the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). It notes that many countries are passing new privacy laws influenced by GDPR. Technologies like data tokenization, encryption, and anonymization play an important role in complying with these regulations by protecting personal data throughout its lifecycle. The document provides examples of how technologies can be deployed across on-premises and cloud environments to ensure consistent privacy protection of data.
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
Isaca new delhi india - privacy and big dataUlf Mattsson
Ulf Mattsson presented on bridging the gap between privacy and big data. He discussed the evolution of data security methods from coarse-grained to fine-grained approaches like field encryption, masking, and tokenization. Mattsson also covered key drivers for data security like regulations, expanding threats, and enabling data insight while maintaining privacy. Examples of data de-identification methods like tokenization and encryption were provided to protect identifiable information.
How MongoDB can accelerate a path to GDPR complianceMongoDB
The timeline for compliance with the European Union’s General Data Protection Regulation (GDPR) is fast approaching. To help you ensure you’re prepared, we’re hosting an online discussion in advance of May 25th (when the regulation goes into effect). We’ll cover:
The specific requirements of GDPR
How these map to required database capabilities
How MongoDB can provide the core technology foundations to help organizations accelerate their path to compliance
Privacy by Design - taking in account the state of the artJames Mulhern
Establishing transparency and building trust provide an opportunity to develop greater, more meaningful relationships with data subjects i.e people, customers, colleagues... in turn this can lead to more effective and valuable services that help transform organisations.
A "Privacy by design" approach can help achieve this but it doesn't happen by accident and transformation doesn't occur over night. So a deliberate approach that looks beyond May 2018 and compliance is required.
Presentation to representatives from the technology and Local Government sectors at TechUK, the UK's trade association for the technology.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.
This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.
Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
BrightTALK webinar January 14 2015
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
The document provides an overview of GDPR and information security issues. It highlights key topics such as appropriate security, data protection by design and by default, security of processing, personal data breaches, and the differences between DPO and CISO roles. The document contains recommendations for technical and organizational security measures organizations should implement to comply with GDPR principles and ensure an appropriate level of data security. These include implementing privacy by design principles, conducting risk assessments, access management, encryption, backups, and incident response processes.
The document summarizes key aspects of the upcoming EU General Data Protection Regulation (GDPR) as it relates to software development:
- The GDPR defines what organizations must do with personal data, but not how to implement it technically. Guidelines provide high-level principles like "privacy by design" but not specific tools or processes.
- To comply, developers must consider privacy throughout the design process using methods like data minimization, access controls, and encryption. Organizations must also be able to demonstrate and ensure ongoing compliance, such as through documentation and audits.
- The GDPR places new obligations on data controllers and processors around security, impact assessments, subcontractors, access requests, and accountability. While
This document summarizes several techniques for privacy preserving data mining. It begins by introducing the concepts of data mining and privacy preserving data mining. It then discusses specific techniques such as greedy-based transaction insertion to hide sensitive itemsets, a heuristic approach using pattern-based algorithms, and genetic algorithm-based transaction deletion. It also covers blocking-based techniques that replace sensitive values with unknown values. Overall, the document provides an overview of different privacy preserving data mining methods for modifying databases to hide sensitive information while maintaining data utility.
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
In this GDPR Compliance presentation, you can learn more about the key steps to take for GDPR Compliance, including:
- What are data management processes and how to identify them at small and medium sized businesses
- What is personal data under the GDPR and how to establish a record of processing activities to map personal data
- How does encryption help with safeguarding personal data and ensuring GDPR compliance
- What your business should do to get ready for the new General Data Protection regulation on time
Similar to Continuous PCI and GDPR Compliance With Data-Centric Security (20)
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Continuous PCI and GDPR Compliance With Data-Centric Security
1. PCI London
24 January 2019
John Noltensmeyer
ISA, CISSP, CIPP/E/US
Privacy & Compliance Solutions
TokenEx
jnoltensmeyer@tokenex.com
2. I NTR ODU C TI ON
Continuous PCI and GDPR Compliance
With Data-Centric Security
3. S ETTI NG TH E S TAG E
Compliance Climate
Compliance Challenges
Data-Centric Strategies
Data Protection Technologies
Tokenisation Versus Encryption
Pseudonymisation Defined
Continuous Compliance
5. C OMP LI ANC E C H ALLENG ES
Rationalizing Data Protection Requirements
6. DATA-C ENTR I C S TR AT E G Y
• Focusing on traditional perimeter strategies for data security does not work unless these
systems perform correctly 100% of the time.
• Focus on the data first.
• A data-centric strategy consists of
multiple components:
• Minimisation – you don’t have to protect
what you don’t collect or store
• Deidentification (pseudonymisation)
or devaluation
• Encryption
DATA
APPLICATION
ENDPOINT
NETWORK
PERIMETER
7. DATA P R OTEC TI ON TEC H NOLOG I ES
Minimisation Devaluation/Pseudonymisation
Data Hashing/Masking Encryption
DataUtility
Data Protection
Max
Utility
Min
Utility
Min
Protection
Max
Protection
8. TOKENI S ATI ON
Tokenisation, replacing a sensitive data element such as a credit card PAN with a non-sensitive equivalent, is a common
approach to devaluing cardholder data.
Tokenisation Reduces PCI Scope
• Tokens are not in scope for PCI DSS
• Network segmentation can be difficult and expensive
• Increases the likelihood of maintaining PCI compliance
between annual assessments
Tokens Are Flexible
• Length/format preserving
• No key management like encryption
• Enables business as usual processes
Tokenisation Does Not
• Take you completely out of PCI DSS scope
• Make you less responsible for your data
• Help with data availability
• Stop network breaches
9. ENC R Y P TI ON V S . TOKE NI S AT I ON
What is the difference?
• Encryption - A data security measure using
mathematic algorithms to generate rule-
based values in place of original data
• Tokenisation - A data security measure
using mathematic algorithms to generate
randomized values in place of original data
Encryption alone is not a full solution
• With encryption, sensitive data remains in
business systems. With tokenisation,
sensitive data is removed completely from
business systems and securely vaulted.
Tokens are versatile
• Format-preserving tokens can be utilised
where masked CC information or masked
PII is required
10. P S EU DONY MI S ATI ON
Pseudonymisation Under the GDPR
Within the text of the GDPR, there are multiple references
to pseudonymisation as an appropriate mechanism for
protecting personal data.
Pseudonymisation—replacing identifying or sensitive data
with pseudonyms, is synonymous with tokenisation—
replacing identifying or sensitive data with tokens.
Article 4 – Definitions
• (1) ‘personal data’ means any information relating to an
identified or identifiable natural person (‘data subject’);
…such as a name, an identification number, location
data, an online identifier…
• (5) ‘pseudonymisation’ means the processing personal
data in such a manner that the data can no longer be
attributed to a specific data subject without the use of
additional information, provided that such additional
information is kept separately…
11. P S EU DONY MI S ATI ON
Using Tokenisation for Pseudonymisation
12. P S EU DONY MI S ATI ON
GDPR Article How Tokenisation Can Help
Article 6 – Lawfulness of processing
6(4)(e) – “the existence of appropriate
safeguards, which may include encryption or
pseudonymisation."
If you are a data controller who has a valid reason--other than consent from the
data subject--for the processing of his or her personal data “for a purpose other
than that for which the personal data have been collected”, Article 6(4)(e)
obligates you to use “appropriate safeguards, which may include encryption or
pseudonymisation."
Article 17 – Right to erasure (‘right to be
forgotten’)
“The data subject shall have the right to
obtain from the controller the erasure of
personal data concerning him or her without
undue delay…”
Article 17 allows a data subject to request a controller delete his or her personal
data. Under Article 12(2), pseudonymization of data may provide some relief
regarding Article 17 compliance.
Article 12(2) states that, “The controller shall facilitate the exercise of data
subject rights under Articles 15 to 22… unless the controller demonstrates that it
is not in a position to identify the data subject.”
Article 25 – Data protection by design and
by default
“…the controller shall, both at the time of the
determination of the means for processing
and at the time of the processing itself,
implement appropriate technical and
organisational measures, such as
pseudonymisation, which are designed to
implement data-protection principles....”
The GDPR requires “data protection by design and by default.” Article 25(1)
specifically obligates controllers to “…implement appropriate technical and
organisational measures, such as pseudonymisation.”
Pseudonymised personal data presents a lower risk, thus possibly reducing the
number of additional security measures required to meet this obligation.
Full Solution Partial Solution
13. P S EU DONY MI S ATI ON
GDPR Article How Tokenisation Can Help
Article 32 – Security of processing
“Taking into account the state of the art,
the costs of implementation and the nature,
scope, context and purposes of processing
as well as the risk of varying likelihood and
severity for the rights and freedoms of
natural persons, the controller and the
processor shall implement appropriate
technical and organisational measures…
Article 32(1) obligates controllers as well as processors to “implement
appropriate technical and organizational measures to ensure a level of security
appropriate to the risk,” including pseudonymization of personal data.
Article 33 – Notification of a personal data
breach to the supervisory authority
Article 34 – Communication of a personal
data breach to the data subject
The GDPR specifies requirements for notification in the event of a breach of
personal data. Under Article 33(1), a controller is required to notify supervisory
authorities of a breach within 72 hours unless “the personal data breach is unlikely
to result in a risk to the rights and freedoms of natural persons.” Similarly, Article
34(1) stipulates that data subjects must be notified “when the personal data
breach is likely to result in a high risk to the rights and freedoms of natural
persons…”
When evaluating the risk posed by the data breach, the level of pseudonymization
of the data will certainly play a role. Pseudonymised data likely presents a lower
risk thus, reducing the number of additional measures required to meet this
obligation.
Full Solution Partial Solution
14. C ONTI NU OU S C OMP LI ANC E
• Support all data sets within your environment
• Completely removes sensitive data from your
systems where possible
• Maximizes compliance scope reduction
• Enables “business as usual “ processes
• Supports all your data acceptance channels
• Supports sharing data with third parties
Compliance doesn’t end with an assessment or audit. Select solutions that:
16. C U S TOMER S U C C ES S : TH E OR V I S C OMP ANY
Customer Profile
• Multi-Channel Retailer
• UK – 18 Retail
• US – 69 Retail, 10 Outlet
• 500 Dealers Worldwide
Landscape
• Payment Card Data (PCI)
• Privacy Data (GDPR/PII)
• Europay, Mastercard, and
Visa (EMV)
• CNP Fraud Prevention
Environment
• Omni-Channel Retailer
• Multiple Data Sets
• Multiple Vendor/Partners
• Employees in both UK/US
• Multiple Facilities
Lessons Learned
• Understood Compliance/Control Landscape
• Engaged Professionals/Experts Early & Often
• Developed Long-Term Compliance/Fraud Strategy
• Prioritised Technology Deployment
• Phased Tokenisation Implementation