1 / 14

The Caribbean Credit Card Corporation Ltd.

The Caribbean Credit Card Corporation Ltd. National Bank of Dominica Ltd. 2011 Merchant Seminar . Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011. Legal Disclosure.

idalee
Download Presentation

The Caribbean Credit Card Corporation Ltd.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Caribbean Credit Card Corporation Ltd. National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

  2. Legal Disclosure These materials are provided for informational purposes only and should not be relied upon for marketing, legal, regulatory or other advice. You should independently evaluate all content and recommendations in light of your specific business needs, operations and policies as well as any applicable laws and regulations. Caribbean Credit Card Corporation Ltd. is not responsible for your use of these materials, including errors of any kind, or any assumptions or conclusions you might draw from their use. Use of the following information is the sole and exclusive responsibility of the user.

  3. Payment Card Industry Data Security Standard (PCI DSS) A brief review of the Payment Card Data Security Standards Requirements and Relevance

  4. What is PCI DSS? • PCI DSS is: • A set of requirements established by the Payment Card Industry Security Standards Council (PCI SSC) to protect cardholder data. • The founders of the PCI SSC: • Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services and JCB International

  5. What is PCI DSS? • There are six (6) main goals and twelve (12) basic requirements of the PCI DSS.

  6. Is PCI DSS relevant to me? • Compliance with the PCI data security standards is mandatory for ALL entities that store, process or transmit cardholder data. • This includes merchants, acquirers, processors and other participants in the industry.

  7. Why Comply? • Benefits of compliance: • Helps to create a secure environment for customers • Increased customer confidence • Greater Market Leverage

  8. Why Comply? • Consequences of non-compliance: • Fines and penalties • Termination of ability to accept payment cards • Lost confidence, so customers go to other merchants • Lost sales • Cost of reissuing new payment cards • Legal costs, settlements and judgments • Fraud losses • Higher subsequent costs of compliance • Going out of business www.pcisecuritystandards.org

  9. What do I need to protect? PCI DSS Quick Reference Guide Understanding the Payment Card Industry Data Security Standard version 2.0, October 2010

  10. What do I need to protect? PCI DSS Quick Reference Guide Understanding the Payment Card Industry Data Security Standard version 2.0, October 2010

  11. What do I need to protect? • Points from which cardholder data can be stolen: • Compromised card reader • Paper stored in a filing cabinet • Data in a payment system database • Hidden camera recording entry of authentication data • Secret tap into your store’s wireless or wired network www.pcisecuritystandards.org

  12. PCI DSS: An Ongoing Process • Assess – take an inventory of IT systems and business processes to identify cardholder data and determine vulnerabilities. • Remediate – fix vulnerabilities; don’t store card data unless needed.* • Report – submit compliance reports to your bank.

  13. Common Myths of PCI DSS • Myth 5 – PCI DSS is unreasonable; it requires too much • Myth 7 – We don’t take enough credit cards to be compliant • PCI DSS compliance is required for any business that accepts payment cards – even if the quantity of transactions is just one. • Myth 8 – We completed a SAQ so we’re compliant

  14. QUESTIONS

More Related