pci in the franchise system – people, processes and technology
DESCRIPTION
Businesses worry about security breaches but often fail to look at Payment Card Industry Data Security Standard (PCI DSS) compliance as whole, centering their attention on their technology only. The other two aspects of PCI DSS, people and processes, are ignored, leading the company vulnerable to possible security attacks. Three Pillars: ++Technology. Most companies have a secure firewall, and believe that they are PCI compliant. Building a secure network is only one of the twelve requirements of PCI DSS.++People. Sensitive data, whether a credit card number or a customer’s address, should be treated like cash. Mishandling=money loss.++Process. PCI is not a “set it and forget it” process. Implementing regular maintenance and a security policy are part of ongoing process of PCI DSS.The webcast will explore more of the people and process requirements, and how ANX can quickly implement an all-in-one solution to the three pillars. Having ANX as your PCI DSS solutions frees up resources and ensures that the ever changing security threats are managed.TRANSCRIPT
The Three Pillars of PCI:
A Solid Foundation for
Franchise Systems
.com
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Logistics
All lines are in listen-only mode. We will answer questions at the end of the event. But feel free to ask questions at any time. A link to the webinar recording will be e-mailed shortly after the event, and it will be available on-demand at: www.anx.com
Every attendee receives a $5 Starbucks Gift Card
One attendee will receive a $50 Amazon.com Gift Certificate
All series attendees will be Entered to win a Kindle Fire
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Presenter
GLENN MOORE Vice President, Marketing
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
11
Merchant Levels
Merchant Level # of Credit Card Transaction Annually
1 + 6 million
2 1 - 6 million
3 20,000 - 1 million
4 < 20,000
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
12
Level 4 Merchants the Target of Choice
RISK
LEVEL
Level 4
90%
Level 1-3
10%
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
13
Cost of a Security Breach
Level 4
90%
$204 per record
Ponemon Institute
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
14
Cost of a Security Breach
Level 4
90%
Loss of Productivity
Loss of Customer Loyalty
Legal Action
Unfavorable Media Coverage
Customer Turnover
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
15
Effects on brand
Level 4
90% A data breach at just one location can
result in a 12% reduction in brand value
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
16
Effects on Brand
Level 4
90%
Average 1 year to restore brand reputation
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
17
Level 4
90%
Level Four
Merchants
Lack Technical Staff and
Resources
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
18
Corporate’s Role
Level 4
90%
Tracking
Tools
Involvement
Help
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
44% Use vendor-supplied
passwords and default
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Training – PCI
– Safe information handling
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Firewall
UTM
WiFi
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
48% Companies properly monitor
and log all access to network
and cardholder data
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Individual Passwords
Removing Default
Managed & Updated
Build
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
PCI DSS Requirement 12
Maintain a policy that addresses
information security
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
39% Fully Meet Requirement 12
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
What Can You Do?
Need easy to use PCI Compliance Tools
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
What Can You Do?
Highly responsive customer service
• U.S. based
• Available hours
• Highly trained
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
What Can You Do?
Customer Support For Level 4 Merchants
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
How can
Help?
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
44
Fully managed security solutions featuring leading edge security technology and expert support Powerful Software-as-a-
Service solutions to simplify compliance and risk management
Fully managed connectivity solutions to help business communities securely collaborate
.com
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
45
.com
Managed
Security
Data Breach Protection
PCI Support Remote Access
One
Affordable
Monthly
Charge
CONFIDENTIAL | ANXeBusiness Corp. | 5/1/2012 | © 2011 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Identify and track applicable regulations and internal standards
Conduct annual assessments (e.g. SAQ, ROC)
Meet annual PCI DSS training requirements (12.6.1, 12.6.2)
Perform quarterly external vulnerability scans
Track compliance status throughout the year
Identify control deficiencies & prioritize them based on risk methodology
Manage remediation & chart progress
towards organizational objectives
46
.com
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
47
.com
PCI Consulting Packages
- PCI Gap Analysis & Recommendations
- PCI Guidance Services
- PCI Policy Development
- Annual TruPCI Subscription
- Guidance Services
- Implementation Services
- PCI Report on Compliance
- Annual TruPCI Subscription
- OR -
- Selection and Completion of SAQ
- PCI Guidance Services
- Annual TruPCI Subscription
- Annual TruPCI Subscription
- Penetration Testing
- Payment App Pen Test
- Quarterly Scanning
- eLearning
- UTM Device Management
- Security Device Management
PCI Foundation PCI Implementation PCI Validation PCI Maintenance
A Full Set of Tools for Franchise Networks
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
48
.com
.com
E-mail us at [email protected]
Call us 877-876-6920
Or visit us at
To Learn More About ANX
CONFIDENTIAL | www.ANX.com | 5/1/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
49
.com
E-mail us at [email protected]
Call us 877-876-6920
Or visit us at www.facebook.com/anxebusiness
anx
Drawing and Questions