SlideShare a Scribd company logo

PCI compliance and fraud prevention for non profits

NetSquared Vancouver
NetSquared Vancouver

Are you trying to wrap your head around PCI security requirements, how to securely manage payment card data and what types of credit card fraud to watch out for? This session is for you! Learn more about the implications of PCI-DSS requirements, best practices around securely storing credit card data and how to put tools in place to prevent costly (and frustrating) credit card fraud at your organization. Be prepared, get informed and don’t let the bad guys win! PRESENTER Patricia O'Connor – Partner Account Manager iATS Payments (@iATSPayments) provides payment processing products and services to over 10,000 nonprofit organizations around the world. It 's not one of the things we do - it's the only thing we do

Government & Nonprofit
1 of 21
Download to read offline
Patricia O’Connor, Partner Account Manager patricia.oconnor@iatspayments.com PCI Compliance & Fraud Prevention for Nonprofits Don’t let the bad guys win!
Agenda • The Harsh Reality: Fraudsters • First Step: PCI Compliance • Tools for Fraud Prevention • Resources
Who are they?
The Harsh Reality: Fraudsters • Fraudsters are smart and dedicated • Data breach vs. payment fraud • Attack vulnerable websites • Nonprofits have weaker security • Nonprofits can lose both money and reputation as a result of fraud
What do they do? • Testing stolen card numbers – $1.00 donations • Card number tumbling • Name tumbling • Refund scam • Creation of clone charities
Ways to STOP them • Velocity checking • Address verification (AVS) • CVV2 capability • IP blocking (high risk countries) • Minimum transaction limit • Payment Form – iFrame (least risk) – Direct Post (medium risk)
Fraud Tools I
Quick Case Study
What is PCI? • Payment Card Industry Data Security Standard (PCI-DSS) • All merchants (regardless of size) must meet established standards of security relating to how credit card data is stored, processed, and transmitted
How PCI Helps • Creates an actionable framework to protect both nonprofits and donors • Enables prevention, detection, and mitigation of incidents • Maintaining PCI certification helps build donors’ trust
Becoming Compliant • Identify level of compliance you need • Complete either: – Self Assessment Questionnaire (SAQ) – Report on Compliance (ROC) • Different types depending on systems and processes • Hire a security assessor
Compliance Levels Level Description 1 Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa network 2 Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year 3 Any merchant processing 20K to 1M Visa ecommerce transactions per year 4 Any merchant processing fewer than 20K Visa ecommerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.
SAQ Types SAQ Description A Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. A-EP* E-commerce merchants who outsource all payment processing to PCI DSS third parties and who have a website that doesn’t directly receive cardholder data but can impact the security of the transaction. B Imprint-only merchants with no electronic cardholder data storage, or standalone, dial-out terminal merchants with no electronic cardholder data storage B-IP* Merchants using only standalone, PTS-approved payment terminals with an IP connection to the processor and no electronic data storage. C-VT Merchants using only web-based virtual terminals, no electronic cardholder data storage C* Merchants with payment application systems connected to the Internet, no electronic cardholder data storage P2PE-HW Merchants using only hardware payment terminals that are included in/managed via a PCI SSC-listed P2PE solution. No card holder data storage. D* All other merchants not included in descriptions for SAQ types A through C above, and all service providers defined by a payment card brand as eligible to complete an SAQ
Where Are You?
What to do… • Achieve and maintain PCI compliance • Talk to your merchant provider – What tools are available? – How to implement? • Train your staff so they know what to look for – Refund policies, account patterns, etc.
Basic Strategy As much as possible to someone else Work hard to only need to follow SAQ-A or SAQ-EP Make sure you understand questions
But don’t totally avoid it • PCI encourage useful habits – Some of the policies are a good idea anyway. • Don’t sacrifice user experience – Don’t outsource to a platform your users will hate. That may cost you more than compliance.
What Professional Vendors Do • Scanning systems quarterly and annually • Securing/removing direct access (physical and software) to servers and networks • Completely locking down direct access to all platform APIs • Fully logging every action taken on every server and API • Creating 2 factor authentication to all systems used • Created strong internal processes and policies around password strength/maximum allowed age, SSL certificates, office access, and more…
Key Takeaways • You must own the process • PCI encourages useful habits • Create a sustainable culture • Don’t need to sacrifice user experience
Resources from iATS • White papers: Credit Card Fraud Prevention in Nonprofits Payment processing 101 • Infographic: Credit Card Fraud: How it impacts nonprofits • Infographic: Why PCI-DSS Compliance is a must have
General resources • DrupalPCICompliance.org • PCI Security standards – https://www.pcisecuritystandards.org/s ecurity_standards/documents.php

Recommended

Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Stephanie Gutowski
 
Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways
Sarujan Chandrakumaran
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Nyros Technologies
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Asif Hussain
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Killian Delaney
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service Business
Frank Steeneken
 
Payment Services in Kuwait
Payment Services in KuwaitPayment Services in Kuwait
Payment Services in Kuwait
Burhan Khalid
 

Recommended

Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Stephanie Gutowski
 
Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways
Sarujan Chandrakumaran
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Nyros Technologies
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Asif Hussain
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Killian Delaney
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service Business
Frank Steeneken
 
Payment Services in Kuwait
Payment Services in KuwaitPayment Services in Kuwait
Payment Services in Kuwait
Burhan Khalid
 
How to test payment gateway functionality
How to test payment gateway functionalityHow to test payment gateway functionality
How to test payment gateway functionality
Trupti Jethva
 
Netpay Presentation
Netpay PresentationNetpay Presentation
Netpay Presentationdanielledorit
 
Prepaid Payments License - Muds Management
Prepaid Payments License - Muds ManagementPrepaid Payments License - Muds Management
Prepaid Payments License - Muds Management
MUDS Management & Strategic Services
 
Online payment gateway provider
Online payment gateway providerOnline payment gateway provider
Online payment gateway provider
Payment Gateways
 
Pay Easy Solutions International
Pay Easy Solutions InternationalPay Easy Solutions International
Pay Easy Solutions Internationaljeanieaguilar
 
Trading Online – Getting started and how to grow your business
Trading Online – Getting started and how to grow your businessTrading Online – Getting started and how to grow your business
Trading Online – Getting started and how to grow your business
Secure Trading
 
PCI Compliance Process
PCI Compliance ProcessPCI Compliance Process
PCI Compliance Process
BluePayProcessing
 
Ccavenue presentation
Ccavenue presentationCcavenue presentation
Ccavenue presentation
Anurag Vikram
 
Accepting payments online with BancNet Internet Payment Gateway
Accepting payments online with BancNet Internet Payment GatewayAccepting payments online with BancNet Internet Payment Gateway
Accepting payments online with BancNet Internet Payment Gateway
Janette Toral
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
ShujaShah
 
How to Start Payment Gateway Business in India
How to Start Payment Gateway Business in IndiaHow to Start Payment Gateway Business in India
How to Start Payment Gateway Business in India
MyOnlineCA.in
 
Payment card for dummies
Payment card for dummiesPayment card for dummies
Payment card for dummies
Rafiqunnabi Nayan
 
Webpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanWebpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business Plan
Mufaddal Nullwala
 
Seamless payment integration with shopify (1)
Seamless payment integration with shopify (1)Seamless payment integration with shopify (1)
Seamless payment integration with shopify (1)
ThinkTanker Technosoft PVT LTD
 
Payments Testing @ Thinksoft
Payments Testing @ ThinksoftPayments Testing @ Thinksoft
Payments Testing @ ThinksoftThinksoft Global
 
Online Payment Transactions
Online Payment TransactionsOnline Payment Transactions
Online Payment Transactions
pcomo2009
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBSP Media Group
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Ingenico Group
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSteve Abrams
 
Innovation led Digital payments Seminar
Innovation led Digital payments Seminar Innovation led Digital payments Seminar
Innovation led Digital payments Seminar
TechXpla
 
PCI Compliance 101
PCI Compliance 101PCI Compliance 101
PCI Compliance 101
pgalletta
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
Melanie Beam
 

More Related Content

What's hot

How to test payment gateway functionality
How to test payment gateway functionalityHow to test payment gateway functionality
How to test payment gateway functionality
Trupti Jethva
 
Prepaid Payments License - Muds Management
Prepaid Payments License - Muds ManagementPrepaid Payments License - Muds Management
Prepaid Payments License - Muds Management
MUDS Management & Strategic Services
 
Online payment gateway provider
Online payment gateway providerOnline payment gateway provider
Online payment gateway provider
Payment Gateways
 
Pay Easy Solutions International
Pay Easy Solutions InternationalPay Easy Solutions International
Pay Easy Solutions Internationaljeanieaguilar
 
Trading Online – Getting started and how to grow your business
Trading Online – Getting started and how to grow your businessTrading Online – Getting started and how to grow your business
Trading Online – Getting started and how to grow your business
Secure Trading
 
PCI Compliance Process
PCI Compliance ProcessPCI Compliance Process
PCI Compliance Process
BluePayProcessing
 
Ccavenue presentation
Ccavenue presentationCcavenue presentation
Ccavenue presentation
Anurag Vikram
 
Accepting payments online with BancNet Internet Payment Gateway
Accepting payments online with BancNet Internet Payment GatewayAccepting payments online with BancNet Internet Payment Gateway
Accepting payments online with BancNet Internet Payment Gateway
Janette Toral
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
ShujaShah
 
How to Start Payment Gateway Business in India
How to Start Payment Gateway Business in IndiaHow to Start Payment Gateway Business in India
How to Start Payment Gateway Business in India
MyOnlineCA.in
 
Payment card for dummies
Payment card for dummiesPayment card for dummies
Payment card for dummies
Rafiqunnabi Nayan
 
Webpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanWebpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business Plan
Mufaddal Nullwala
 
Seamless payment integration with shopify (1)
Seamless payment integration with shopify (1)Seamless payment integration with shopify (1)
Seamless payment integration with shopify (1)
ThinkTanker Technosoft PVT LTD
 
Payments Testing @ Thinksoft
Payments Testing @ ThinksoftPayments Testing @ Thinksoft
Payments Testing @ ThinksoftThinksoft Global
 
Online Payment Transactions
Online Payment TransactionsOnline Payment Transactions
Online Payment Transactions
pcomo2009
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBSP Media Group
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Ingenico Group
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSteve Abrams
 
Innovation led Digital payments Seminar
Innovation led Digital payments Seminar Innovation led Digital payments Seminar
Innovation led Digital payments Seminar
TechXpla
 

What's hot (20)

How to test payment gateway functionality
How to test payment gateway functionalityHow to test payment gateway functionality
How to test payment gateway functionality
 
Netpay Presentation
Netpay PresentationNetpay Presentation
Netpay Presentation
 
Prepaid Payments License - Muds Management
Prepaid Payments License - Muds ManagementPrepaid Payments License - Muds Management
Prepaid Payments License - Muds Management
 
Online payment gateway provider
Online payment gateway providerOnline payment gateway provider
Online payment gateway provider
 
Pay Easy Solutions International
Pay Easy Solutions InternationalPay Easy Solutions International
Pay Easy Solutions International
 
Trading Online – Getting started and how to grow your business
Trading Online – Getting started and how to grow your businessTrading Online – Getting started and how to grow your business
Trading Online – Getting started and how to grow your business
 
PCI Compliance Process
PCI Compliance ProcessPCI Compliance Process
PCI Compliance Process
 
Ccavenue presentation
Ccavenue presentationCcavenue presentation
Ccavenue presentation
 
Accepting payments online with BancNet Internet Payment Gateway
Accepting payments online with BancNet Internet Payment GatewayAccepting payments online with BancNet Internet Payment Gateway
Accepting payments online with BancNet Internet Payment Gateway
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
How to Start Payment Gateway Business in India
How to Start Payment Gateway Business in IndiaHow to Start Payment Gateway Business in India
How to Start Payment Gateway Business in India
 
Payment card for dummies
Payment card for dummiesPayment card for dummies
Payment card for dummies
 
Webpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanWebpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business Plan
 
Seamless payment integration with shopify (1)
Seamless payment integration with shopify (1)Seamless payment integration with shopify (1)
Seamless payment integration with shopify (1)
 
Payments Testing @ Thinksoft
Payments Testing @ ThinksoftPayments Testing @ Thinksoft
Payments Testing @ Thinksoft
 
Online Payment Transactions
Online Payment TransactionsOnline Payment Transactions
Online Payment Transactions
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a reality
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_Payments
 
Innovation led Digital payments Seminar
Innovation led Digital payments Seminar Innovation led Digital payments Seminar
Innovation led Digital payments Seminar
 

Similar to PCI compliance and fraud prevention for non profits

PCI Compliance 101
PCI Compliance 101PCI Compliance 101
PCI Compliance 101
pgalletta
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
Melanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
eCommerce Merchants
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
Sean D. Goodwin
 
Payment Card Industry Compliance for Local Governments CSMFO 2009
Payment Card Industry Compliance for Local Governments CSMFO 2009Payment Card Industry Compliance for Local Governments CSMFO 2009
Payment Card Industry Compliance for Local Governments CSMFO 2009
Donald E. Hester
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
Adventures in PCI Wonderland
Adventures in PCI WonderlandAdventures in PCI Wonderland
Adventures in PCI Wonderland
Michele Chubirka
 
PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011
Donald E. Hester
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
Rochester Security Summit
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)Miminten
 
Payment Card Industry Introduction 2010
Payment Card Industry Introduction 2010Payment Card Industry Introduction 2010
Payment Card Industry Introduction 2010
Donald E. Hester
 
Introduction to PCI APR 2010
Introduction to PCI APR 2010Introduction to PCI APR 2010
Introduction to PCI APR 2010
Donald E. Hester
 
Icp Introduction To E Commerce Merchants September2009 Slide Share
Icp Introduction To E Commerce Merchants September2009 Slide ShareIcp Introduction To E Commerce Merchants September2009 Slide Share
Icp Introduction To E Commerce Merchants September2009 Slide Share
mattmullen
 
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Rapid7
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and Myths
BluePayProcessing
 
E commerce overview
E commerce overviewE commerce overview
E commerce overview
Woodridge Software
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010
Donald E. Hester
 

Similar to PCI compliance and fraud prevention for non profits (20)

PCI Compliance 101
PCI Compliance 101PCI Compliance 101
PCI Compliance 101
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
 
Payment Card Industry Compliance for Local Governments CSMFO 2009
Payment Card Industry Compliance for Local Governments CSMFO 2009Payment Card Industry Compliance for Local Governments CSMFO 2009
Payment Card Industry Compliance for Local Governments CSMFO 2009
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
 
Adventures in PCI Wonderland
Adventures in PCI WonderlandAdventures in PCI Wonderland
Adventures in PCI Wonderland
 
PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
 
Payment Card Industry Introduction 2010
Payment Card Industry Introduction 2010Payment Card Industry Introduction 2010
Payment Card Industry Introduction 2010
 
Introduction to PCI APR 2010
Introduction to PCI APR 2010Introduction to PCI APR 2010
Introduction to PCI APR 2010
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
Icp Introduction To E Commerce Merchants September2009 Slide Share
Icp Introduction To E Commerce Merchants September2009 Slide ShareIcp Introduction To E Commerce Merchants September2009 Slide Share
Icp Introduction To E Commerce Merchants September2009 Slide Share
 
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and Myths
 
E commerce overview
E commerce overviewE commerce overview
E commerce overview
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010
 

More from NetSquared Vancouver

TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
NetSquared Vancouver
 
How to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherHow to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even Further
NetSquared Vancouver
 
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact StoryShow, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
NetSquared Vancouver
 
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
NetSquared Vancouver
 
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime ValueWhat is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
NetSquared Vancouver
 
Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1
NetSquared Vancouver
 
Digital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdfDigital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdf
NetSquared Vancouver
 
Improve Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already WorksImprove Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already Works
NetSquared Vancouver
 
Jai Djwa — User Experience FTW
Jai Djwa — User Experience FTWJai Djwa — User Experience FTW
Jai Djwa — User Experience FTW
NetSquared Vancouver
 
Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022
NetSquared Vancouver
 
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
NetSquared Vancouver
 
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
NetSquared Vancouver
 
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled VolunteeringMeaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
NetSquared Vancouver
 
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food BanksDemo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
NetSquared Vancouver
 
Motivating Group Leaders
Motivating Group LeadersMotivating Group Leaders
Motivating Group Leaders
NetSquared Vancouver
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your Nonprofit
NetSquared Vancouver
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your Nonprofit
NetSquared Vancouver
 
How Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More WorkHow Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More Work
NetSquared Vancouver
 
Leah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheetLeah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheet
NetSquared Vancouver
 
Leah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sampleLeah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sample
NetSquared Vancouver
 

More from NetSquared Vancouver (20)

TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
 
How to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherHow to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even Further
 
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact StoryShow, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
 
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
 
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime ValueWhat is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
 
Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1
 
Digital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdfDigital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdf
 
Improve Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already WorksImprove Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already Works
 
Jai Djwa — User Experience FTW
Jai Djwa — User Experience FTWJai Djwa — User Experience FTW
Jai Djwa — User Experience FTW
 
Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022
 
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
 
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
 
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled VolunteeringMeaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
 
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food BanksDemo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
 
Motivating Group Leaders
Motivating Group LeadersMotivating Group Leaders
Motivating Group Leaders
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your Nonprofit
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your Nonprofit
 
How Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More WorkHow Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More Work
 
Leah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheetLeah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheet
 
Leah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sampleLeah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sample
 

Recently uploaded

一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
ehbuaw
 
Opinions on EVs: Metro Atlanta Speaks 2023
Opinions on EVs: Metro Atlanta Speaks 2023Opinions on EVs: Metro Atlanta Speaks 2023
Opinions on EVs: Metro Atlanta Speaks 2023
ARCResearch
 
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptxMHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
ILC- UK
 
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
ehbuaw
 
2024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 372024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 37
JSchaus & Associates
 
PPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933FPPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933F
ahcitycouncil
 
ZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdfZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdf
Saeed Al Dhaheri
 
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
ehbuaw
 
Understanding the Challenges of Street Children
Understanding the Challenges of Street ChildrenUnderstanding the Challenges of Street Children
Understanding the Challenges of Street Children
SERUDS INDIA
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
Antti Rautiainen
 
一比一原版(WSU毕业证)西悉尼大学毕业证成绩单
一比一原版(WSU毕业证)西悉尼大学毕业证成绩单一比一原版(WSU毕业证)西悉尼大学毕业证成绩单
一比一原版(WSU毕业证)西悉尼大学毕业证成绩单
evkovas
 
PPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way StopPPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way Stop
ahcitycouncil
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Congressional Budget Office
 
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
ukyewh
 
PPT Item # 5 - 5330 Broadway ARB Case # 930F
PPT Item # 5 - 5330 Broadway ARB Case # 930FPPT Item # 5 - 5330 Broadway ARB Case # 930F
PPT Item # 5 - 5330 Broadway ARB Case # 930F
ahcitycouncil
 
2024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 362024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 36
JSchaus & Associates
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
Get Government Grants
 
NHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdfNHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdf
AjayVejendla3
 
What is the point of small housing associations.pptx
What is the point of small housing associations.pptxWhat is the point of small housing associations.pptx
What is the point of small housing associations.pptx
Paul Smith
 
Many ways to support street children.pptx
Many ways to support street children.pptxMany ways to support street children.pptx
Many ways to support street children.pptx
SERUDS INDIA
 

Recently uploaded (20)

一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
一比一原版(UOW毕业证)伍伦贡大学毕业证成绩单
 
Opinions on EVs: Metro Atlanta Speaks 2023
Opinions on EVs: Metro Atlanta Speaks 2023Opinions on EVs: Metro Atlanta Speaks 2023
Opinions on EVs: Metro Atlanta Speaks 2023
 
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptxMHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
 
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
 
2024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 372024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 37
 
PPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933FPPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933F
 
ZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdfZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdf
 
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
 
Understanding the Challenges of Street Children
Understanding the Challenges of Street ChildrenUnderstanding the Challenges of Street Children
Understanding the Challenges of Street Children
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
 
一比一原版(WSU毕业证)西悉尼大学毕业证成绩单
一比一原版(WSU毕业证)西悉尼大学毕业证成绩单一比一原版(WSU毕业证)西悉尼大学毕业证成绩单
一比一原版(WSU毕业证)西悉尼大学毕业证成绩单
 
PPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way StopPPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way Stop
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
 
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
 
PPT Item # 5 - 5330 Broadway ARB Case # 930F
PPT Item # 5 - 5330 Broadway ARB Case # 930FPPT Item # 5 - 5330 Broadway ARB Case # 930F
PPT Item # 5 - 5330 Broadway ARB Case # 930F
 
2024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 362024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 36
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
 
NHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdfNHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdf
 
What is the point of small housing associations.pptx
What is the point of small housing associations.pptxWhat is the point of small housing associations.pptx
What is the point of small housing associations.pptx
 
Many ways to support street children.pptx
Many ways to support street children.pptxMany ways to support street children.pptx
Many ways to support street children.pptx
 

PCI compliance and fraud prevention for non profits

  • 1. Patricia O’Connor, Partner Account Manager patricia.oconnor@iatspayments.com PCI Compliance & Fraud Prevention for Nonprofits Don’t let the bad guys win!
  • 2. Agenda • The Harsh Reality: Fraudsters • First Step: PCI Compliance • Tools for Fraud Prevention • Resources
  • 4. The Harsh Reality: Fraudsters • Fraudsters are smart and dedicated • Data breach vs. payment fraud • Attack vulnerable websites • Nonprofits have weaker security • Nonprofits can lose both money and reputation as a result of fraud
  • 5. What do they do? • Testing stolen card numbers – $1.00 donations • Card number tumbling • Name tumbling • Refund scam • Creation of clone charities
  • 6. Ways to STOP them • Velocity checking • Address verification (AVS) • CVV2 capability • IP blocking (high risk countries) • Minimum transaction limit • Payment Form – iFrame (least risk) – Direct Post (medium risk)
  • 9. What is PCI? • Payment Card Industry Data Security Standard (PCI-DSS) • All merchants (regardless of size) must meet established standards of security relating to how credit card data is stored, processed, and transmitted
  • 10. How PCI Helps • Creates an actionable framework to protect both nonprofits and donors • Enables prevention, detection, and mitigation of incidents • Maintaining PCI certification helps build donors’ trust
  • 11. Becoming Compliant • Identify level of compliance you need • Complete either: – Self Assessment Questionnaire (SAQ) – Report on Compliance (ROC) • Different types depending on systems and processes • Hire a security assessor
  • 12. Compliance Levels Level Description 1 Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa network 2 Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year 3 Any merchant processing 20K to 1M Visa ecommerce transactions per year 4 Any merchant processing fewer than 20K Visa ecommerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.
  • 13. SAQ Types SAQ Description A Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. A-EP* E-commerce merchants who outsource all payment processing to PCI DSS third parties and who have a website that doesn’t directly receive cardholder data but can impact the security of the transaction. B Imprint-only merchants with no electronic cardholder data storage, or standalone, dial-out terminal merchants with no electronic cardholder data storage B-IP* Merchants using only standalone, PTS-approved payment terminals with an IP connection to the processor and no electronic data storage. C-VT Merchants using only web-based virtual terminals, no electronic cardholder data storage C* Merchants with payment application systems connected to the Internet, no electronic cardholder data storage P2PE-HW Merchants using only hardware payment terminals that are included in/managed via a PCI SSC-listed P2PE solution. No card holder data storage. D* All other merchants not included in descriptions for SAQ types A through C above, and all service providers defined by a payment card brand as eligible to complete an SAQ
  • 15. What to do… • Achieve and maintain PCI compliance • Talk to your merchant provider – What tools are available? – How to implement? • Train your staff so they know what to look for – Refund policies, account patterns, etc.
  • 16. Basic Strategy As much as possible to someone else Work hard to only need to follow SAQ-A or SAQ-EP Make sure you understand questions
  • 17. But don’t totally avoid it • PCI encourage useful habits – Some of the policies are a good idea anyway. • Don’t sacrifice user experience – Don’t outsource to a platform your users will hate. That may cost you more than compliance.
  • 18. What Professional Vendors Do • Scanning systems quarterly and annually • Securing/removing direct access (physical and software) to servers and networks • Completely locking down direct access to all platform APIs • Fully logging every action taken on every server and API • Creating 2 factor authentication to all systems used • Created strong internal processes and policies around password strength/maximum allowed age, SSL certificates, office access, and more…
  • 19. Key Takeaways • You must own the process • PCI encourages useful habits • Create a sustainable culture • Don’t need to sacrifice user experience
  • 20. Resources from iATS • White papers: Credit Card Fraud Prevention in Nonprofits Payment processing 101 • Infographic: Credit Card Fraud: How it impacts nonprofits • Infographic: Why PCI-DSS Compliance is a must have
  • 21. General resources • DrupalPCICompliance.org • PCI Security standards – https://www.pcisecuritystandards.org/s ecurity_standards/documents.php