pci in the franchise system – people, processes and technology

The Three Pillars of PCI:

A Solid Foundation for

Franchise Systems

.com

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Logistics

All lines are in listen-only mode. We will answer questions at the end of the event. But feel free to ask questions at any time. A link to the webinar recording will be e-mailed shortly after the event, and it will be available on-demand at: www.anx.com

Every attendee receives a $5 Starbucks Gift Card

One attendee will receive a $50 Amazon.com Gift Certificate

All series attendees will be Entered to win a Kindle Fire

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Presenter

GLENN MOORE Vice President, Marketing

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

11

Merchant Levels

Merchant Level # of Credit Card Transaction Annually

1 + 6 million

2 1 - 6 million

3 20,000 - 1 million

4 < 20,000

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

12

Level 4 Merchants the Target of Choice

RISK

LEVEL

Level 4

90%

Level 1-3

10%

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

13

Cost of a Security Breach

Level 4

90%

$204 per record

Ponemon Institute

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

14

Cost of a Security Breach

Level 4

90%

Loss of Productivity

Loss of Customer Loyalty

Legal Action

Unfavorable Media Coverage

Customer Turnover

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

15

Effects on brand

Level 4

90% A data breach at just one location can

result in a 12% reduction in brand value

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

16

Effects on Brand

Level 4

90%

Average 1 year to restore brand reputation

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

17

Level 4

90%

Level Four

Merchants

Lack Technical Staff and

Resources

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

18

Corporate’s Role

Level 4

90%

Tracking

Tools

Involvement

Help

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

44% Use vendor-supplied

passwords and default

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Training – PCI

– Safe information handling

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Firewall

UTM

WiFi

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

48% Companies properly monitor

and log all access to network

and cardholder data

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Individual Passwords

Removing Default

Managed & Updated

Build

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

PCI DSS Requirement 12

Maintain a policy that addresses

information security

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

39% Fully Meet Requirement 12

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

What Can You Do?

Need easy to use PCI Compliance Tools

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

What Can You Do?

Highly responsive customer service

• U.S. based

• Available hours

• Highly trained

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

What Can You Do?

Customer Support For Level 4 Merchants

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

How can

Help?

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

44

Fully managed security solutions featuring leading edge security technology and expert support Powerful Software-as-a-

Service solutions to simplify compliance and risk management

Fully managed connectivity solutions to help business communities securely collaborate

.com

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

45

.com

Managed

Security

Data Breach Protection

PCI Support Remote Access

One

Affordable

Monthly

Charge

CONFIDENTIAL | ANXeBusiness Corp. | 5/1/2012 | © 2011 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Identify and track applicable regulations and internal standards

Conduct annual assessments (e.g. SAQ, ROC)

Meet annual PCI DSS training requirements (12.6.1, 12.6.2)

Perform quarterly external vulnerability scans

Track compliance status throughout the year

Identify control deficiencies & prioritize them based on risk methodology

Manage remediation & chart progress

towards organizational objectives

46

.com

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

47

.com

PCI Consulting Packages

- PCI Gap Analysis & Recommendations

- PCI Guidance Services

- PCI Policy Development

- Annual TruPCI Subscription

- Guidance Services

- Implementation Services

- PCI Report on Compliance

- Annual TruPCI Subscription

- OR -

- Selection and Completion of SAQ

- PCI Guidance Services

- Annual TruPCI Subscription

- Annual TruPCI Subscription

- Penetration Testing

- Payment App Pen Test

- Quarterly Scanning

- eLearning

- UTM Device Management

- Security Device Management

PCI Foundation PCI Implementation PCI Validation PCI Maintenance

A Full Set of Tools for Franchise Networks

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

48

.com

.com

E-mail us at sales@anx.com

Call us 877-876-6920

Or visit us at

To Learn More About ANX

CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

49

.com

E-mail us at sales@anx.com

Call us 877-876-6920

Or visit us at www.facebook.com/anxebusiness

anx

Drawing and Questions