PCI DSS and GDPR Made Easy
|
|
- Philomena Morris
- 6 years ago
- Views:
Transcription
1 PCI DSS and GDPR Made Easy
2 ENRICO ERMANNO DALL ARA PCI QSA , CISSP, GPEN Chief Security 366 SECOM ITB, Berlin, March 9th 10:30
3 Can you afford 4% of yearly turnover in fine?
4 REGULATIONS: GDPR AND General Data Protection Regulation: It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. The GDPR allows for steep penalties of up to 20 million or 4 percent of global annual turnover, whichever is higher, for non-compliance. Starting May 25 th 2018! 77 Days from Now
5 PCI DSS PCI SSC (MasterCard, Visa, American Express, JCB and Discover) Merchant Service Providers Mandatory Compliance if you accept Credit Card Payments Standard with 12 Mandatory Requirements
6 PCI DSS MERCHANT LEVELS MERCHANT LEVEL MASTERCARD VISA MERCHANT REQUIREMENTS Level 1 > 6 MM trans. Regardless of channel, or Hacked/attacked in past, or Othervise ID d by V/MC > 6 MM trans. Regardless of channel, or Hacked/attacked in past, or Othervise ID d by V/MC Report on Compliance (ROC) Quarterly scan showing no high vulnerabilities Level 2 Any e-commerce merchant processing between 150M and 6MM transactions per year Any merchant processing 1MM to 6 MM transactions per year PCI self-assessment questionnaire (all Yes or N/A ) Quarterly scan showing no high vulnerabilities Level 3 Any e-commerce merchant processing between 20M and 150M transactions per year Any e-commerce merchant processing between 20M and 1MM transactions per year PCI self-assessment questionnaire (all Yes or N/A ) Quarterly scan showing no high vulnerabilities Level 4 All other merchants regardless of channel All other merchants regardless of channel Compliance mandatory Validation Optional
7 PCI DSS SERVICE PROVIDERS LEVELS LEVEL VISA MASTERCARD DISCOVER AMERICAN EXPRESS JCB 1 Visanet processors or any service provider that stores, processes and/or transmits over 300,000 Visa transactions annually All TPPs All DSE s that store transmit or process greater than 300,000 total combined MasterCard and Maestro transactions annually All TPPs All TPPs All TPPs 2 Any service provider that stores, processes and/or transmits less than 300,000 Visa transactions annually All DSE s that store transmit or process greater than 300,000 total combined MasterCard and Maestro transactions annually N/A N/A N/A
8 PII AND CHD: AMBROSIA FOR BAD GUYS Person Identifiable Information (PII): [Article 4(1)] Any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Card Holder Data (CHD): At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date service code Sensitive Authentication Data (SAD): Security-related information (including but not limited to card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip), PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment card transactions. Standard with 12 Mandatory Requirements
9 HOW TO PROTECT PII AND CHD? Anonymization: Enrico Ermanno Dall Ara. xxxxxx Pseudonymization: Enrico Ermanno Dall Ara. ID1234 Encryption: Enrico Ermanno Dall Ara. +f+tqdgpsxypwrmdstft0plmvkq/vputq6zqp5us5ihm4h7+jvtomiwntuxu SZOnRFXqmO6PacjEgNC5jaW6KQ==
10 THE SCOPE - A BRIEF INTRODUCTION Scope in GDPR is the total of the perimeters of circulation of PII from a legal and technical point of view Scope in PCI DSS is everything that stores, process, transmits or receives CHD Scopes can be very big and therefore very costly! The hell of compliance
11 PROBLEMS Storing or transmission of CC (mandatory, risks, costly, time consuming) Readiness of disposability of PII (mandatory, risks, costly, time consuming) Audits and Compliance (might be tough to face)
12 STEALING CREDIT CARD DATA Credit Card Stolen!!! Channel Manager XML with CLEAR TEXT CREDIT CARD DATA!!! Booking Info
13 FINES IF YOU FAIL COMPLIANCE Direct consequences ( ) PCI DSS: /month to /month plus per credit-card compromised GDPR: or 4% of annual turnover Indirect Consequences: Loss of reputation Additional costs for Forensic investigation Problems with card brands Jeopardized relationship with Banks More stringent compliance requirements
14 A TOKEN TO HEAVEN Solution is called tokenization KISS: Technically a Token is a string of meaningless characters that might substitutes PII or CHD in a way that they are meaningless to malicious individuals. Credit Card Number: Token: 550e8400-e29b-41d4-a
15 STEALING CREDIT CARD DATA 366 Booking XML with TOKEN <cc>kjhsakjdshakjfh kldlskjff</cc> Channel Manager Booking Info
16 Octorate SECOM A CASE STUDY IN PCI DSS Meet Octorate s CEO: Fabrizio Scuppa
17 A CASE STUDY OCTORATE SECOM Actors Octorate (CM) 366 Secom Needs Storing of Cardholder data for payment and hotel booking purposes IT Security effort reduction PSP Agnostic Reduce PCI DSS cost for compliance
18 STEALING CREDIT CARD DATA Payment Agnostic! Payment Gateway 366 Booking XML with TOKEN <cc>kjhsakjdshakjfh kldlskjff</cc> Booking Info
19 A CASE STUDY OCTORATE SECOM Outcome Freedom to chose any payment service provider (PSP Agnostic) Avoided direct Credit Card Storage Access to Payment and booking data Less complicated PCI DSS audit -> Reduced costs of compliance
20 Q & A
21 THANK YOU! Hall 7.1 / 120d ( There are candies!!! )
22
PCI 101: Transaction Volumes and Validation Requirements. By Chip Ross January 4, 2019
PCI 101: Transaction Volumes and Validation Requirements By Chip Ross January 4, 2019 Regarding PCI compliance, all entities that store, process or transmit cardholder data are subject to the requirements
More informationPCI-DSS for Credit Unions
PCI-DSS for Credit Unions Tom Schauer; CEO @ TrustCC CISSP, CISA, CISM, CRiSC, CEH, CTGA tschauer@trustcc.com Misinformation Opinion: There is more confusion and more misinformation about PCI requirements
More informationPCI security standards: A high-level overview
PCI security standards: A high-level overview Prepared by: Joel Dubin, Manager, RSM US LLP joel.dubin@rsmus.com, +1 312 634 3422 Many merchants often have difficulty understanding how they must comply
More informationPayment Card Security Policy
Responsible University Administrator: Vice President for Finance and Administration Responsible Officer: Director of Student Financial Services Origination : 4/1/2016 Current Revision : N/A Next Review
More information2.1.3 CARDHOLDER DATA SECURITY
University of Oxford Finance Division FINANCIAL POLICY 2.1.3 CARDHOLDER DATA SECURITY Date: 27 June 2017 Version: 1.0 Status: Draft Author: Bridget Midwinter TABLE OF CONTENTS Page Purpose... 3 Objectives...
More informationAdministration and Department Credit Card Policy
Administration and Department Credit Card Policy Updated February 29, 2016 CONTENTS Purpose PCI DSS Scope/Applicability Authority Securing Credit Card Data Policy Glossary Page 2 of 5 PURPOSE As a department
More informationQ: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?
Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain
More informationPCI Training. If your department processes credit card information, it is CRITICAL that you understand the importance of protecting this data.
PCI Training This training is to assist you in understanding the policies at Appalachian that govern credit card transactions and to meet the PCI DSS Standards for staff training to prevent identity theft.
More informationPCI FAQ Q: What is PCI? ALL process, store transmit Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)?
PCI FAQ Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information
More informationPayment Card Industry Data Security Standards (PCI DSS) Initial Training
Payment Card Industry Data Security Standards (PCI DSS) Initial Training PCI DSS Training Content What topics will this training cover? What is PCI DSS? Objectives of PCI DSS Common Terminology Background
More informationBall State University
PCI Data Security Awareness Training Agenda What is PCI-DSS PCI-DDS Standards Training Definitions Compliance 6 Goals 12 Security Requirements Card Identification Basic Rules to Follow Myths 1 What is
More informationPayment Card Industry Compliance Policy
PURPOSE and BACKGROUND The purpose of this policy is to ensure that Massachusetts Maritime Academy (MMA) maintains compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is
More informationCOLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6
1. Procedure Title: PCI Compliance Program COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 2. Procedure Purpose and Effect: All Colorado State University departments that accept credit/debit
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements (PCI DSS) and utilizing the PAI Secure Program Welcome to PAI Secure, a unique 4-step PCI-DSS
More informationClark University's PCI Compliance Policy
ï» Clark University's PCI Compliance Policy Who Should Read this Policy: All persons who have access to credit card information, including: Every employee that accesses handles or maintains credit card
More informationPayment Card Industry Training 2014
Payment Card Industry Training 2014 Phone Line Terminal & Hosted Order Page/Secure Acceptance Redirect Merchants Contact * Carole Fallon * 614-292-7792 * fallon.82@osu.edu Updated May 2014 AGENDA A. Payment
More informationBefore debiting the Cardholder, the Merchant shall conduct the checks specified below.
REGULATIONS FOR SALES PAID BY CARD REMOTE TRADING (Card Not Present) (October 2015) These regulations, the "Remote Trading Regulations", apply to sales paid by Card in Remote Trading. "Remote Trading"
More informationTerminal Servicers. Frequently Asked Questions. 28 March 2018
Terminal Servicers Frequently Asked Questions 28 March 2018 Notices Following are policies pertaining to proprietary rights and trademarks. Proprietary Rights The information contained in this document
More informationSecuring Credit Card Data at UB (complying with Payment Card Industry Data Security Standards)
Securing Credit Card Data at UB (complying with Payment Card Industry Data Security Standards) Carolann Lazarus Internal Audit PCI Compliance Initiative Co-lead lazarus@buffalo.edu (716) 829-6947 Tricia
More informationWhat is PCI Compliance?
What is PCI Compliance? The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card
More informationPayment Processing 101
Payment Processing 101 Timelines & Deliverables PRESENTED BY Pg: 1 March 7, 2018 www.clearwaterpayments.com Quick Agenda Credit/Debit Transactions Industry Definitions Transaction Process Cost/Pricing
More informationPayment Card Acceptance Administrative Policy
Administrative Procedure Approved By: Brandon Gilliland, AVP for Finance and Controller Effective Date: January 15, 2016 History: Approval Date: September 25, 2014 Revisions: December 15, 2015 Type: Administrative
More informationVPSS Certification Frequently Asked Questions
VPSS Certification Frequently Asked Questions What is the difference between Visa s Account Information Security (AIS) program and VPSS Certification? The AIS program ensures compliance to the Payment
More informationWEBINAR. Five Steps to PCI Compliance. Madeline Long. Ron Demmans. Download these slides at Director of Sales Solveras
Five Steps to PCI Compliance Sponsored by Madeline Long Director of Sales Solveras Ron Demmans Director of Sales Administration Solveras WEBINAR 1. What is PCI Compliance? 2. How does PCI Compliance affect
More informationSubject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards
University Policy: Cardholder Data Security Policy Category: Financial Services Subject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards Office Responsible
More informationOLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE
OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE August 2017 WHO NEEDS PCI TRAINING? THE FOLLOWING TRAINING MODULE SHOULD BE COMPLETED BY ALL UNIVERSITY STAFF THAT: - PROCESS PAYMENTS
More informationBusiness Practices Seminar April 3, 2014
Business Practices Seminar April 3, 2014 Departmental Operations Review of Payment Card Industry Standard Assessment Process Overview Review of University Policy No. 3610 57.7 467 200+ Scott Weimer Director
More informationSubject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards
University Policy: Cardholder Data Security Policy Category: Financial Services Subject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards Office Responsible
More informationCredit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance regarding the processing of charges and credits on credit and/or debit cards. These standards are intended
More informationA report showing the merchant s settlement. The acquirer settlement report is generated by the acquiring bank at the end of every billing cycle.
A Acquirer (acquiring bank) An acquirer is an organisation that is licensed as a member of Visa/MasterCard as an affiliated bank and processes credit card transactions for (online) businesses. Acquirers
More informationChapter 4 E-commerce Security and Payment Systems
Chapter 4 E-commerce Security and Payment Systems Copyright 2016 Pearson Education, Ltd. 4.5 E-COMMERCE PAYMENT SYSTEMS Copyright 2016 Pearson Education, Ltd. Slide 1-2 E-commerce Payment Systems In this
More informationIndiana University Payment Card Merchant Agreement
Indiana University Payment Card Merchant Agreement This Merchant Agreement (the Agreement ), executed on the date stated below, which includes any schedule or addendum to this Agreement, all of which are
More informationA to Z Jargon buster. Call +44 (0) to discuss your upgrade options
A to Z Jargon buster Call +44 (0) 844 209 4370 to discuss your upgrade options www.pxp-solutions.com sales@pxp-solutions.com twitter: @pxpsolutions Are you trying to navigate your way around what can seem
More informationMERCHANT MEMBER PACKAGE AGREEMENT & APPLICATION
MERCHANT MEMBER PACKAGE AGREEMENT & APPLICATION Vantage Card Services, Inc. 2230 Towne Lake Parkway Building 400, Suite 110 Woodstock, GA 30189 (800) 397-2380 (770) 928-5688 Fax (770) 928-9328 www.vantagecard.com
More informationAdministration Policy
Administration Policy Complete Policy Title: Policy for Acceptance of Payment Cards and ecommerce Payments Approved by: Vice-President (Administration) Date of Original Approval: August 2005 Responsible
More informationClydesdale Bank and Yorkshire Bank Merchant Services
Important Information Clydesdale Bank and Yorkshire Bank Merchant Services Merchant Operating Instructions Table of Contents 1 Welcome 4 1.1 Making the most of this guide 4 1.2 What else you need to read
More informationPayment Card Industry Data Security Standards (PCI DSS) Awareness Training
Payment Card Industry Data Security Standards (PCI DSS) Awareness Training PCI DSS Training Content What topics will this training cover? What is PCI DSS? Objectives of PCI DSS Common Terminology Background
More informationPAYMENT CARD INDUSTRY
DATA SECURITY POLICY Page 1 of 1 I. PURPOSE To provide guidelines and procedures to ensure that all money paid to the College in the form of cash, checks or payment cards is properly receipted, accounted
More informationBUSINESS POLICY. TO: All Members of the University Community 2016:07. Credit Card Processing and Security Policy (Supersedes Policy 2009:05 & 2012:12)
BUSINESS POLICY TO: All Members of the University Community 2016:07 DATE: February 2016 Credit Card Processing and Security Policy (Supersedes Policy 2009:05 & 2012:12) Contents Section 1 Scope...2 Section
More informationminimise card fraud in your business.
minimise card fraud in your business. First National Bank Tanzania Limited - a subsidiary of FirstRand Limited. A Registered Commercial Bank in Tanzania (CBA00050). There is a real possibility that your
More informationEvent Merchant Card Services
Event 317 - Merchant Card Services Statement of Work A. Overview: It is the intent of the Bexar County Tax Assessor-Collector to solicit proposals to establish a contract with a vendor to provide merchant
More informationHarvard Credit Card Merchant Agreement (HCCMA) I. Introduction
Harvard Credit Card Merchant Agreement (HCCMA) I. Introduction The Harvard credit card merchant agreement represents the terms and conditions for Harvard University departments obtaining a credit card
More informationThe University of Michigan Treasurer s Office Card Services. Merchant Services Policy Document
Merchant # (Treasurer s Office Use Only): The University of Michigan Treasurer s Office Card Services Merchant Services Policy Document Describe Business Purpose: Enter Merchant Name (25 characters max):
More informationTable of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process
Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationData Breach Financial Protection Program Terms and Conditions
Data Breach Financial Protection Program Terms and Conditions The Data Breach Financial Protection Program (the Program ) is a comprehensive expense reimbursement program, provided with some Netsurion
More informationGDPR : We protect your data
GDPR : We protect your data Dear customer, From the 25th May 2018 the new law of Personal Data Protection (GDPR) will enter into force. At Almagest Wealth Management S.A., we understand your need to be
More informationD A T A S E C U R I T Y, F R A U D P R E V E N T I O N A N D P C I C O M P L I A N C E. May 2015
D A T A S E C U R I T Y, F R A U D P R E V E N T I O N A N D P C I C O M P L I A N C E May 2015 D A T A S E C U R I T Y, F R A U D P R E V E N T I O N A N D P C I C O M P L I A N C E This presentation
More informationAmerican Express Data Security Operating Policy Thailand
American Express Data Security Operating Policy Thailand As a leader in consumer protection, American Express has a long-standing commitment to protect Cardmember Information, ensuring that it is kept
More informationCampus Administrative Policy
Campus Administrative Policy Policy Title: Credit Card Acceptance Policy Number: 2019 Functional Area: Finance Effective: February 1, 2011 Date Last Amended/Reviewed: February 1, 2011 Date Scheduled for
More informationCARD ISSUER DUTIES & RESPONSIBILITIES. Copyright 2013 CO-OP Financial Services
SECTION 3 Operating Rules and Regulations without the prior written permission of CO-OP Financial Services. All Rights Reserved Card Issuers shall have the following responsibilities in addition to those
More informationTERMS FOR THE PARTICIPATION IN CARD SCHEMES
TERMS FOR THE PARTICIPATION IN CARD SCHEMES The following Terms for the Participation in Card Schemes govern the AGREEMENT FOR THE PARTICIPATION IN CARD SCHEMES between JCC Payment Systems Limited ( JCC
More informationMERCHANT NEWS INTERACTIVE EDITION
SPRING 2017 MERCHANT NEWS INTERACTIVE EDITION - KEEPING YOU IN THE KNOW IN THIS ISSUE Welcome to Spring 2017 Realex Payments Product News Card Industry And Card Scheme News Payments Card Industry Data
More informationCREDIT CARD PROCESSING AND SECURITY
CREDIT CARD PROCESSING AND SECURITY POLICY NUMBER: RESERVED FOR FUTURE USE RESPONSIBLE OFFICIAL TITLE: SENIOR VICE PRESIDENT FOR ADMINISTRATION AND FINANCE RESPONSIBLE OFFICE: ADMINISTRATION AND FINANCE
More informationDATA PROCESSING TERMS AND CONDITIONS
DATA PROCESSING TERMS AND CONDITIONS These Data Processing Terms and Conditions apply in respect of Personal Data that we process on behalf of Customers who purchase the Powwownow Premium Service. Please
More informationCompute Managed Services Schedule to the Products and Services Agreement
Compute Managed Services Schedule to the Products and Services Agreement Contents Words defined in the General Terms and conditions... 2 Part A Compute Managed Services... 2 1 Service Summary... 2 2 Service
More informationMember Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members
Member Circular March 2018 Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members Introduction Regulation (EU) 2016/679 containing the General Data Protection
More informationPCI Compliance and Payment Card Processing Policy
PCI Compliance and Payment Card Processing Policy Policy Number: Effective Date: Approval: Office: PURPOSE: The University of Indianapolis accepts payment cards on payment for goods and services under
More informationPayment Processing. A simple explanation of the entire credit card payment transaction process. We promise.
Payment Processing A simple explanation of the entire credit card payment transaction process. We promise. We admit it credit card transactions can be confusing. Sure, the initial transaction part when
More informationCLIENT DATA PROCESSING AGREEMENT
CLIENT DATA PROCESSING AGREEMENT This Data Processing Agreement for the Data Protection (the Agreement ) of Data Processed is entered into on./../ (hereinafter referred to as the Effective Date ) by and
More informationCARD PROGRAM SERVICES. Terms and Conditions (Merchant Agreement)
CARD PROGRAM SERVICES Terms and Conditions (Merchant Agreement) 1 Introduction This Card Program Services Terms and Conditions (the Merchant Agreement ) is for the provision of the Services to the Merchant
More information6.6.8 Does the Vendor provide automated sponsor contract payments for students?
RFP 04-2017 Merchant Card Processing Services Q & A Q & A#1-11/16/2017 6.6.8 Does the Vendor provide automated sponsor contract payments for students? Many of the CWI students have sponsors who pay their
More informationRETAIL SPECIFIC NEWS Keeping you in the know
Autumn 2014 EDITION RETAIL SPECIFIC NEWS Keeping you in the know Important Information -- Please keep in in a safe place This Edition of Retail Specific Card Scheme Updates Tel: 0845 702 3344 Card Scheme
More informationWhat you need to know about credit card processing? The basics of credit card processing? A diagram showing the flow of data authorization
1 2 What you need to know about credit card processing? The basics of credit card processing? A diagram showing the flow of data authorization 3 4 5 Understanding processing fees - Dues & assessments -
More informationSALES & SERVICE POLICIES
Financial Policy Manual SALES & SERVICE POLICIES 2001 Sales & Service Activities 2002 Collection, Reporting & Payment of Pennsylvania Sales & Use Tax 2003 Financial Responsibilities for Sales & Service
More informationCompute Managed Services Schedule to the General Terms
Compute Managed Services Schedule to the General Terms Contents A note on you... 2 Words defined in the General Terms... 2 Part A Compute Managed Services... 2 1 Service Summary... 2 2 Service Components...
More information06/13/2017 Blackbaud Altru 4.96 Revenue US 2017 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any
Revenue Guide 06/13/2017 Blackbaud Altru 4.96 Revenue US 2017 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical,
More informationSTORED CREDENTIAL & CREDENTIAL-ON-FILE GUIDE
STORED CREDENTIAL & CREDENTIAL-ON-FILE GUIDE VISA RULES SUMMARY OF A STORED CREDENTIAL A stored credential is information which may include an account number or payment token that is stored by a Merchant.
More informationGlobal Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security
Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control Protect Your Business and Your Customers with Visa s Layers of Security Millions of Visa cardholders worldwide make one or more purchases
More informationData Processing Appendix
Data Processing Appendix This Data Processing Appendix (the Appendix ) is attached to and forms part of the Supplier General Terms and Conditions (the Agreement ) between Nebula Oy ( Supplier ) and customer
More informationRentWorks Version 4 Credit Card Processing (CCPRO) User Guide
RentWorks Version 4 Credit Card Processing (CCPRO) User Guide Table of Contents Overview... 2 Retail Processing Method... 3 Auto Rental Method... 4 How to Run a Draft Capture... 5 Draft Capture Failures.....6
More information07/21/2016 Blackbaud CRM 4.0 Revenue US 2016 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form
Revenue Guide 07/21/2016 Blackbaud CRM 4.0 Revenue US 2016 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical,
More informationCredit Card Processing Best Practices
Credit Card Processing Best Practices We are a merchant service provider dedicated to facilitating the passage of your sales tickets back to the thousands of institutions that issue the MasterCard (including
More informationUNL PAYMENT CARD POLICIES AND PROCEDURES. Table of Contents
UNL PAYMENT CARD POLICIES AND PROCEDURES Table of Contents Payment Card Merchant Security Standards Policy and Procedures... 2 Introduction... 4 Payment Card Industry Data Security Standard... 4 Definitions...
More informationAnymerchant.net/GULFCO LEASING - High Risk Merchant Account is Available for:
AnyMerchant.Net A Gulfco Leasing Subsidiary Credit Card - Processing Accounts Throw out your Restricted Industry List www.anymerchant.net sales@anymerchant.net Phone -708-446-4416 - Fax - 708-361-2958
More informationPCI Fines and Assessments A Little Insight to the Process Jason Bucher, Senior Underwriting Manager
PCI Fines and Assessments A Little Insight to the Process Jason Bucher, Senior Underwriting Manager An Introduction to PCI Fines and Assessments Why are we talking about this? What are PCI Fines and Assessments?
More informationVisa s Approach to Card Fraud and Identity Theft
Visa s Approach to Card Fraud and Identity Theft Paul Russinoff June 7, 2007 Discussion Topics Visa s Comprehensive Security Approach Multiple Layers Commitment to Cardholders Consumer Tips Protecting
More informationTerms and Conditions of the International Merchant Agreement
Terms and Conditions of the International Merchant Agreement Page 1 of 12 Version 3.0 150326 Contents 1.Definitions... 3 Acquirer... 3 Acquiring Services... 3 Banking Day... 3 Card... 3 Card Account Number...
More informationPERSONAL DATA PROCESSOR AGREEMENT
1 PERSONAL DATA PROCESSOR AGREEMENT PARTIES This personal data processor agreement ( Processor Agreement ) has been entered into between: Buyer/Client/Customer ( Controller ), and The company within the
More informationSociety of Corporate Compliance and Ethics Regional Compliance & Ethics Conference December 4, 2015
Society of Corporate Compliance and Ethics Regional Compliance & Ethics Conference December 4, 2015 Agenda: About Resources Global Professionals (RGP), and Tim Eng About Air Liquide America, and Jeff Taylor
More informationprotect fraudulent against transactions your business Introduction What is a fraudulent transaction? Merchant Responsibilities Card Present
protect your business against fraudulent transactions Reg. No. 1929/001225/06. Introduction There is a real possibility that your business could be a victim of fraudulent card transactions given the sophistication
More informationCredential on File: What merchants on the Vantiv, now Worldpay ecommerce platform need to know
Credential on File: What merchants on the Vantiv, now Worldpay ecommerce platform need to know Webinar Presentation May 16, 2018 2018 Vantiv, LLC. All rights reserved. Stored Credentials on File Definition:
More informationNo refunds will be granted In cases of extenuating circumstances, refunds will be granted solely on the decision of St Paul Greek Orthodox Church
St Paul Greek Orthodox Church Refund Policy No refunds will be granted In cases of extenuating circumstances, refunds will be granted solely on the decision of St Paul Greek Orthodox Church Privacy Policy
More informationElavon Third Party Sales International Opportunities. David McAlhaney (D.Mack) Senior Vice President of North American Third Party Sales, Elavon
Elavon Third Party Sales International Opportunities David McAlhaney (D.Mack) Senior Vice President of North American Third Party Sales, Elavon A View to Elavon GLOBAL VIEW GDP Growth Credit Card WHAT
More informationAmerica Outdoors Association s Marketing & Management Conference December 2011 Strategies to Find New Customers and Grow Demand
America Outdoors Association s Marketing & Management Conference December 2011 Strategies to Find New Customers and Grow Demand The Players Merchant s Bank Cardholder > 2 billion Merchant > 30 million
More informationCLOUDINARY DATA PROCESSING ADDENDUM
CLOUDINARY DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the agreement for the subscription by the Customer to the Cloudinary Service ("Subscription Agreement") between Cloudinary
More informationAmstar Brands Payment Methods Manual. First Data Locations
Amstar Brands Payment Methods Manual First Data Locations Table of Contents Introduction... 3 Valid Card Types... 3 Authorization Numbers, Merchant ID Numbers and Request for Copy Fax Numbers... 4 Other
More informationPayment Card Industry (PCI) Qualification Requirements. For PCI Forensic Investigators (PFIs)
Payment Card Industry (PCI) Qualification Requirements For PCI Forensic Investigators (PFIs) Version 3.0 August 2016 Document Changes Date Version Description November 2012 2.0 August 2016 3.0 Amendments
More informationCHARITY & NFP LAW BULLETIN NO. 419
CHARITY & NFP LAW BULLETIN NO. 419 APRIL 25, 2018 EDITOR: TERRANCE S. CARTER IMPLICATIONS OF THE EU S GENERAL DATA PROTECTION REGULATION IN CANADA By Esther Shainblum & Sepal Bonni * A. INTRODUCTION The
More informationSecurity Rules and Procedures Merchant Edition
Security Rules and Procedures Merchant Edition 14 September 2017 SPME Contents Contents Chapter 1: Customer Obligations... 7 1.1 Compliance with the Standards...8 1.2 Conflict with Law...8 1.3 The Security
More informationMerchant Business Solution. Card Acceptance by Business Terms and Conditions. Version: 8.0. Effective date: December 2017.
Merchant Business Solution. Card Acceptance by Business Terms and Conditions. Version: 8.0 Effective date: December 2017. Postal address: Merchant Business Solutions GPO Box 18 Sydney NSW 2001 1800 029
More informationDATA PROCESSING ADDENDUM (v1.0)
DATA PROCESSING ADDENDUM (v1.0) Progressive Voice Services Limited trading as Meetupcall of Premier House, Carolina Court, Doncaster, DN45RA ( Meetupcall ) and having its place of business at, ( Customer
More informationMerchant Business Solutions
Pacific Merchant Business Solutions Terms and Conditions. Date: November 2015 Contact Details. Westpac Fiji PO Box 238 Suva Fiji Phone: 132 032 or (679) 3217000 Fax: (679) 3300718 Email: westpacfiji@westpac.com.au
More informationShock to the System:
Shock to the System: The New Normal for ecommerce After Data Breaches September 22, 2015 Bill Cohn Director of Product Management, ecommerce Vantiv What We ll Cover Impact of Data Breaches The New Normal
More informationChargeback Management Guidelines for Visa Merchants
Chargeback Management Guidelines for Visa Merchants Table of Contents Introduction.............................................................. 1 Section 1: Getting Down to Basics..........................................
More informationOverview of Cards ecosystem. April 2016
Overview of Cards ecosystem April 2016 Content Debit card ecosystem Card processes overview Revenue flow in the ecosystem Charges Slide 2 Content Debit card ecosystem Card processes overview Revenue flow
More informationCase 3:13-cv Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959
Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959 Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 2 of 39 PageID #: 960 Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 3 of
More informationThe GDPR Possible Impact on the Life Sciences and Healthcare Sectors
February 14, 2017 The GDPR Possible Impact on the Life Sciences and Healthcare Sectors Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, (the GDPR ) came into force
More informationDATA PROCESSING ANNEX
Page 1 (5) 1 BACKGROUND AND PURPOSE DATA PROCESSING ANNEX 1.1 The terms of this Annex shall apply to the Agreement between Solibri Oy and/or its Subsidiary/Subsidiaries (Solibri Oy and the Subsidiaries
More informationMorgantown Parking Authority 300 Spruce Street Morgantown, WV REQUEST FOR PROPOSAL (RFP) ELECTRONIC CREDIT CARD PROCESSING SERVICES
M M M O R G A N T O W N P A R K I N G A U T O R ITY A A Morgantown Parking Authority Morgantown Parking Authority 300 Spruce Street Morgantown, WV 26508 REQUEST FOR PROPOSAL (RFP) ELECTRONIC CREDIT CARD
More information