Professional Documents
Culture Documents
2018 Mythbuster PCI Compliance-How To Avoid A Credit Card Data Breach NAVUG WI NN
2018 Mythbuster PCI Compliance-How To Avoid A Credit Card Data Breach NAVUG WI NN
Presented by
Meredith Mitchell
Partner Channel Manager, ChargeLogic
Rules and Points
MYTH or FACT:
Ligers are bred for skills in magic.
MYTH or FACT?
Credit card processing is a necessary evil for doing
business?
FACT!
40% prefer credit
35% prefer debit
11% prefer cash
MYTH or FACT?
Credit card processing is a necessary evil for doing
business?
FACT!
• Buy now, pay later
• Credit cards are convenient for
business & consumers
• Benefits like
Deferred payments
Points
Less painful than cash
MYTH or FACT?
You have to work through a bank for credit card processing.
MYTH!
Banks
PROCESSOR
Gateways
Card Associations
Credit Card Processing 101
Payment
Processor
Gateway
$ $
Merchant’s Bank Card Issuing Bank
MYTH or FACT?
A gateway and payment processing platform provide the same
services/are the same.
MYTH!
Gateways
• Fee/transaction
• Necessary for
ecommerce
• Authorize.net
• SecureNet
• ChargeLogic Connect
MYTH or FACT?
A gateway and payment processing platform provide the same
services/are the same.
MYTH!
Payment Processing
Platforms
• Direct connect = lower fees
• Level 2 & Level 3
• First Data
• Chase Paymentech
• Vantiv
Credit Card Processing 101
Payment
Processor
Gateway
$ $
Merchant’s Bank Card Issuing Bank
MYTH or FACT?
I only need to be PCI compliant if I’m a large company.
MYTH!
Any business
that process, handles, or
stores credit card data must
be PCI DSS compliant.
What is PCI Compliance?
Adherence to the standards to protect cardholder data as set forth by the Payment Card
Industry Standards Council.
All businesses that process, transmit, and/or store cardholder data need to be PCI
compliant.
MYTH or FACT?
Hackers don’t target small business.
MYTH!
14
million hacked
Attacks on Businesses Like Yours
nearly 50%
cyberattacks on SMB
Attacks on Businesses Like Yours
87%
SMB devalue the risk
Attacks on Businesses Like Yours
$24 mil
To criminals deploying ransomware
Attacks on Businesses Like Yours
1 in 3
Lacking protection
The Cost of Noncompliance
Fines, penalties, and increased fees
Lost revenues, customers, jobs
Negative market image
Cost of reissuing credit cards
Lawsuits, insurance claims
MYTH!
It’s just one of many steps
that help you achieve
compliance.
The Twelve Requirements of PCI DSS
PCI DSS = Payment Card Industry Data Security Standard
MYTH or FACT?
The longer the password the better.
FACT!
The longer the
better!
Build and Maintain a Secure Network
MYTH!
Stored card holder data must
be encrypted.
Protect Cardholder Data
xxxxxxxxxx
PCI-DSS Validated Software
MYTH or FACT?
Applying security patches to software helps protect
against malware and viruses.
FACT!
FACT, but…
MYTH!
SAQs
https://www.pcisecuritystandards.org/document_library?category=saqs#results
TLS Migration
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls