Pci compliance insights
1 / 20

PCI Compliance Insights - PowerPoint PPT Presentation

  • Uploaded on

PCI Compliance Insights. Retail CIO Advisory Council Learning. Continuously enhancing the in-store shopper experience. Top Technology Concerns PCI Compliance and Security Disaster Recovery Readiness Leveraging new Technology to Increase Revenues. Today’s PCI Landscape.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'PCI Compliance Insights' - nusa

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Retail cio advisory council learning

Retail CIO Advisory Council Learning

Continuously enhancing the in-store shopper experience.

Top Technology Concerns

  • PCI Compliance and Security

  • Disaster Recovery Readiness

  • Leveraging new Technology to Increase Revenues

Today s pci landscape

Today’s PCI Landscape

Majority of retailers are concerned that they…

  • Are not compliant

  • Don’t know where their gaps are

  • Have no idea where to start

  • Don’t have the compliance expertise in-house

  • Don’t have the extra IT staff to support

  • Are not ready for PCI DSS 3.0

Addressing pci concerns

Addressing PCI Concerns

  • How do you implement most cost effectively?

  • Do you have the in-house expertise?

  • Do you have a trusted partner to help assess, design and implement?

  • What are the consequences of not addressing these concerns?

Risks of pci non compliance

Risks of PCI Non-Compliance

21% Increase in data breaches in first half of 2014 compared to 2013

*Current as of July 8

Graphic by IDG New Service, source: ID Theft Resource Center

What would a data breach cost you

What Would a Data Breach Cost You?



  • of breached businesses are out of business within one year of the attack

  • is the average direct cost of a data breach



  • is the average days between intrusion and detection

  • of breached businesses were not PCI compliant

Pci compliance insights

  • Retailers MUST…

  • Stop accepting credit cards

  • Pay for forensic audit

  • Pay fines and credit card replacement costs

  • Pay to implement remediation actions and for future on-site audits by a Qualified Security Assessor

A credit card breach can take months to remediate

  • The average business loses $3,007,015 per breach incident due to customer churn, brand damage, etc. (Symantec and Ponemon Institute)

Large retailers

Large Retailers


Data breach will affect up to 70 million people, 30 million more than what the company first estimated in mid-December


The point-of-sale systems at 54 Michaels and Aaron Brothers stores were attacked by criminals using highly sophisticated malware. Up to 2.6 million payment card numbers and expiration dates at Michaels stores and 400,000 at Aaron Brothers could have been obtained in the attack.

Home Depot

Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning (9/14/14) in the cybercrime underground.

On line retailers

On-line Retailers


Attackers compromised a “small number of employee log-in credentials” to gain access to the company’s network and, through it, compromised a database that contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The breach is thought to have affected the majority of the company’s 145 million members, and many were asked to change their passwords as a result.


Seagate-owned LaCie’s on-line storefront was breached by a malware intrusion that allowed hackers to obtain lists that may include customer names, email addresses, credit card numbers, and card expiration dates.

Mid sized retailers

Mid-sized Retailers


A 17-month-long “criminal attack” on the Texas wine retailer’s network resulted in the loss of information of as many as 550,000 customers. The company fears hackers got away with customer names, debit or credit card details, card expiration dates, card security codes, bank account information from checks and possibly driver’s license numbers.

Delaware Restaurant Association

A number of restaurants in Delaware may have been affected by a security breach that compromised software used by customers to pay their bills.

Backcountry Gear

It appears that the malware was installed on our server. The payment card data was comprised of customer names, mailing addresses, purchase information, and credit card or debit card numbers.

Have you seen this letter

Have you seen this letter?

Banks enforcing PCI compliance & assessing large fees for non-compliance

Are you really pci compliant

Are you Really PCI Compliant?

Do you offer PCI certified training for every employee that handles credit cards upon hire and annually?

Do all your employees review, comprehend and sign a written security policy on an annual basis?

Does anyone access your business applications remotely? (Two-factor authentication required)

Are you ready for PCI DSS 3.0?

PCI 12.6.1

PCI 12.6.2





Compliance roadmap best practices

Compliance Roadmap – Best Practices

Create a roadmap to address compliance and security upgrades

  • Obtain financial breach protection

  • Assess your level of compliance

  • Identify PCI and security gaps

  • Create timeline to prioritize and implement as affordable

  • Partner with a retail PCI technology expert

Earthlink pci compliance solutions

EarthLink PCI Compliance Solutions™

We deliver financial breach protection and help you achieve continuous PCI compliance to protect your customers data and your brand reputation.

Peace of Mind: Ensure that you are always PCI compliant and that you have financial protection in the event a breach occurs.

Compliance support: Cost effective tools, support and services to assess your PCI status, and to help you meet all the PCI training, reporting and scanning requirements.

Confidence: EarthLink has over 20 years experience in delivering security protection and has partnered with ANX, a leading provider of PCI services.

Protection for all your store locations on your network.

Earthlink pci protect

EarthLink PCI Protect

  • PCI Self Assessment Questionnaire (SAQ) wizard with question and answer support

  • Task management and reporting

  • Security policy templates

  • External vulnerability scanning

  • PCI eLearning course for cashier, IT and owner

Provides financial breach protection and validates your level of PCI compliance.

Pci protect breach protection

PCI Protect Breach Protection*

  • Breach Protection provides for merchant reimbursement of up to $100,000 per location with yearly maximum of $ 500,000.

  • Covered expenses include:

    • Forensic audit provided by a Qualified Security Assessor (QSA)

    • Replacement of credit cards and related expenses

    • Fines and penalties incurred as a result of the breach

    • Two-hour telephone consultation with a breach consultant

*DISCLAIMER NOTICE. The PCI Compliance Solution Services are provided and serviced by ANXeBusiness Corp. and offered through EarthLink Business, and are subject to the terms and conditions found at http://www.earthlinkbusiness.com/about-us/legal/terms.xea. All Data Breach Protection Service reimbursements are limited to:  $100,000.00 a year for each qualifying location, not to exceed $500,000.00 per occurrence for customers with multiple locations, and an aggregate maximum of $500,000.00 per customer. Use of the PCI Compliance Validation Service does not guarantee that a data breach will not occur and alone cannot prevent losses. EarthLink Business makes no representations as to whether the Data Breach Protection Service will apply to or cover a particular claim or loss. The material in this document (or on this site) is intended for informational purposes only, not as professional advice, and is provided on an “AS IS” basis. EARTHLINK BUSINESS DISCLAIMS ALL WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, RELATING TO THE PCI COMPLANCE SOLUTION SERVICES, INCLUDING, WITHOUT LIMITATION, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND THE ACCURACY AND COMPLETENESS OF ASSOCIATED INFORMATIONAL CONTENT AND WILL NOT BE LIABLE FOR LOSSES, COSTS OR DAMAGES ARISING FROM THE PCI COMPLIANCE SOLUTION SERVICES OR ANY ASSOCIATED INFORMATIONAL CONTENT.

Earthlink pci assist

EarthLink PCI Assist

  • Guidance on portal usage

  • Quarterly vulnerability remediation assistance

  • Annual attestation of compliance (AOC) assistance

On-going assistance to help you meet PCI compliance requirements.

Earthlink pci certify

EarthLink PCI Certify™

  • PCI Report on Compliance (ROC) by a Qualified Security Assessor (QSA)

  • SAQ Validation

Expert professional services to validate

and maintain

PCI compliance.

How we re different

How We’re Different

Retail expertise in serving 2,000+ retailers.

PCI service equivalent to the BEST Managed Security Service Providers

PCI services superior to ANY other Network Service Provider.

How you ll benefit

How You’ll Benefit

  • Protect your brand

  • Financial Breach Protection

  • Reduce risk

  • Brand trust

  • Peace of mind

PCI Compliance

Shopper Trust

  • Extension of your security team

  • Continuous PCI compliance

On-going PCI Support

Let Us Help You with

PCI Compliance