SlideShare une entreprise Scribd logo
1  sur  20
Create a Tokenization Layer Around Your Enterprise
                                  – Don’t Handle Sensitive Data


                                                                         Length: 60 minutes
                                                                         Presenter: Stewart Comrie
Integrated and Secure Payment Processing
SPEAKER




                                          STEWART COMRIE
                                          VP STRATEGIC PRODUCTS
                                          PAYMETRIC, INC.




Trusted Solutions. Securely Integrated.                           2
AGENDA
     ABOUT PAYMETRIC
     UNDERSTANDING PCI AND THE SAQs
     DATA INTERCEPT SOLUTIONS
     DISCUSSION ABOUT PCI CHALLENGES
     Q&A




3   Trusted Solutions. Securely Integrated.
ABOUT PAYMETRIC
     Paymetric is the leading provider of integrated and secure payment processing and
     tokenization solutions that enable companies to streamline the order-to-cash process,
     reduce the scope and financial burden of achieving PCI compliance, and improve return
     on electronic payment acceptance.


     Founded in 1998
     75 Employees
     Privately Held – Austin Ventures and
      Palomar Portfolio Company
     450+ Enterprise Customers




4   Trusted Solutions. Securely Integrated.
    Integrated and Secure Payment Processing
AWARD-WINNING COMPANY

                                       2011 TAG Top 40
                                       TECHNOLOGY COMPANIES IN GEORGIA


                                       Global Excellence
                                       MANAGEMENT TEAM OF THE YEAR


                                       2010 TAG Top 40
                                       MOST INNOVATIVE COMPANIES IN GEORGIA


                                       Global Product Excellence
                                       TOKENIZATION SOLUTION



5   Trusted Solutions. Securely Integrated.
    Integrated and Secure Payment Processing
PAYMETRIC CUSTOMERS




                                       Cross-Market &
                                             Industry


                                               Cross-Geography




6   Trusted Solutions. Securely Integrated.
    Integrated and Secure Payment Processing
What is PCI Compliance?

    Category                                        Section
    Build and Maintain a Secure Network            1. Install and maintain a firewall configuration
                                                   2. Do not use vendor-supplied defaults for system passwords

    Protect Cardholder Data                        3. Protect stored cardholder data
                                                   4. Encrypt transmission of cardholder data

    Maintain a Vulnerability Management Program    5. Use and regularly update anti-virus software
                                                   6. Develop and maintain secure systems and applications

    Implement Strong Access Control Measures       7. Restrict access to data by business need-to-know
                                                   8. Assign a unique ID to each person with computer access
                                                   9. Restrict physical access to cardholder data

    Regularly Monitor and Test Networks            10. Track and monitor all access to network resources and card data
                                                   11. Regularly test security systems and processes

    Maintain an Information Security Policy        12. Maintain a policy that addresses information security



                                                     “ANY ORGANIZATION THAT STORES, PROCESSES
                  WHO MUST COMPLY?                        OR TRANSMITS CREDIT CARD DATA”
                                                                             Source: www.pcidatasecuritystandards.org



7    Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing     10/07/12
Merchant Validation Levels & Requirements
    VISA / MasterCard Merchant Levels                   Validation Actions

                                                        On-Site Security         Self – Assessment
    Merchant Level Criteria                                                                                     Network Vulnerability Scans
                                                        Assessment               Questionnaire


                                                        Report on Compliance
    Level 1
                                                        (ROC)
    6+ million transactions annually from any                                    Not Applicable                 Required Quarterly
                                                        (Submitted to Acquirer
    acceptance channel with one card brand
                                                        Annually)


    Level 2
                                                                                 Submitted to Acquirer
    1 million to 6 million transactions annually from   Not Applicable                                          Required Quarterly
                                                                                 Annually
    any acceptance channel with one card brand


    Level 3
                                                                                 Submitted to Acquirer
    20,000 to 1 million e-commerce transactions         Not Applicable                                          Required Quarterly
                                                                                 Annually - Required Annually
    annually with one card brand


    Level 4
                                                                                 Required Annually
    Less than 20,000 e-commerce or less than 1          Not Applicable                                          Required Quarterly (submission
                                                                                 (submission to acquirer
    million transactions from any acceptance channel                                                            to acquirer not mandatory)
                                                                                 not mandatory)
    annually with one card brand




8     Trusted Solutions. Securely Integrated.
      Integrated and Secure Payment Processing                     10/07/12
Fitting PCI DSS and Self-Assessment Together




9   Trusted Solutions. Securely Integrated.
    Integrated and Secure Payment Processing   10/07/12
5 SAQ Types
                                                                                                    Number
                                                                                                       of
     SAQ      Summary                  Who is Eligible
                                                                                                    Question
                                                                                                       s
                                       Card-not-present (e-commerce or mail/telephone-order)
SAQ A         Outsource all CHD        merchants, all cardholder data functions outsourced. This       13
                                       would never apply to face-to-face merchants.

              Imprint or               Imprint-only merchants with no electronic cardholder data
SAQ B         standalone dial-         storage, or standalone, dial-out terminal merchants with        29
              out terminals only       no electronic cardholder data storage
                                       Merchants using only web-based virtual terminals, no
              Virtual terminals
SAQ C-VT                               electronic cardholder data storage. This would never apply      51
              only
                                       to e-commerce merchants or card swipe.
              Internet-
              connected                Merchants with payment application systems connected to
SAQ C                                                                                                  40
              payment                  the Internet, no electronic cardholder data storage
              application
              All other                All other merchants not included in descriptions for SAQ
SAQ D         merchants and all        types A through C above, and all service providers defined     288
              service providers        by a payment brand as eligible to complete an SAQ.


10   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing        10/07/12
Qualifying for SAQ-A – PCI Self-Assessment Questionnaire |
     Qualifying for SAQ-A reduces the number of security requirements from 205 to 14

     Criteria That Has to be Met:
         Company only handles Card Not Present (CNP) transactions
         Company does not store, process or transmit any cardholder data on
          premise; relying on third-party providers
         Third Party Service Provider is confirmed PCI DSS compliant
         Company retains only paper reports or receipts with cardholder data and
          said documents are not received electronically
         Company does not store any cardholder data in electronic format



               **Please consult your acquirer or QSA to confirm that Paymetric’s
                 Data Intercept solution will help you qualify for PCI SAQ-A.**



11   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing   10/07/12
DATA PROTECTION STRATEGY TIMELINE
                                                                                                                                          Elimination
          TECHNOLOGY




                                                                                                Tokenization (SaaS)


                                                          Centralization

                       Encryption



                       2000   2001   2002   2003       2004      2005          2006          2007          2008          2009          2010          2011   2012   2013


                                                                 V1.0                        V1.1                    V1.2                       V1.2.1
                                                                                                       PCI DSS
         DRIVERS




                                                                        $138          $182          $197          $202          $204          $214
                                                                      $4.5M       $4.7M         $6.3M           $6.7M       $6.8M         $7.4M
                                                                                              COST OF A DATA BREACH



                                                   1                                                       38                                        46
                                                              NUMBER OF STATES WITH DATA BREACH NOTIFICATION LAWS


                                                                     52M          48M           129M            49M         222M
                                                                                  NUMBER OF RECORDS BREACHED




12   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing
Reducing Effort and Cost of Compliance



                                                                  Eliminate
          Move to a                             Reduce Burden
                                                                Systems from
        “Lesser” SAQ                             on Systems
                                                                    Scope




                               Reduced Effort and Cost


13   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing       10/07/12
THE FUTURE | Eliminate Handling of Sensitive Data Altogether


                                                                M
                                                             EN ER
                                                                 TE CH
                                                                    RP AN
                                                                      RI T
                                                              LE
                                                                GA
                                                                        SE
                                                                 YC




                                 Da
                                      ta
                                           In
                                                te
                                                     rc
                                                       ep               El
                                                         t                im
                                                                                in
                                                                                  at
                                                                                     eS
                                                                                           ys
                                                                                             te
                                                                                    M          m
                                                                                       in        sf
                                                                             Dr           im        ro
                                                                               as            ize      m
                                                                                   tic                   PC
                                                                                      all        PC         IA
                                                                                           yR       IC        ud
14   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing                                                 ed       os       it
                                                                                                 uc      ts        Sc
                                                                                                                     o
DATA INTERCEPT | eCommerce
         CLIENT BROWSER




Client Browser


         <script> Src=“https://paypage.paymetric.com/dnld.js        <Cardholder Data>

       Credit card number:

       Card Type:

       Expiration Date:      mm      yy   CVV:
                                                     What’s this?

       Cardholder Name:




                    MERCHANT SYSTEMS
                                  Web Server




  15   Trusted Solutions. Securely Integrated.
       Integrated and Secure Payment Processing
DATA INTERCEPT FOR SAP

                                             DATA INTERCEPT
                                             TOKENIZATION
                         Data Intercept Client is Invoked When CSR Attempts to Enter
                               SAP Server Makes Immediate Call for Token
                                      Number into SAP Credit Card Field

                                  Enter CC
                                  Number




               Card Data TouchesNever Touches in PCI Scope
                       Card Data SAP Placing it SAP
                         Removing it From PCI Scope
              Card Data is Never Stored, Minimizing Scope of PCI
                               Requirement 3
16   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing
DI and PCI Audit Considerations
         PCI Audit Process
             Data-flows, where is your data?
             Determination of scope
         Use of tokenization removes SAP/Web App from the dataflow
             Assessment focused on data entry systems only
         What does that mean from a resource perspective
             Eliminate core application used by all employees from scope
             What does it mean to be “In Scope”
                       Audit Logging, Vulnerability Scanning, Patching, Access Controls,
                        System Hardening, Penetration Testing, Monitoring, File Integrity
         Elimination of data/scope allows an organization to focus
          resources on critical points of interaction

17   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing
Benefits of Data Intercept
   Seamless process
   Reduced risk of a data security breach
   Provides logging for PCI Audit Purposes
   More tightly control access to data
   No Storage of sensitive data
   Ease compliance efforts with regulations PCI
   Grant your organization safe harbor from new data breach
    notification laws
   Increased security and brand protection




Trusted Solutions. Securely Integrated.
Integrated and Secure Payment Processing
WHY PAYMETRIC?

     Performance                          Over 400 of the world’s most respected brands have leveraged
                                          Paymetric solutions over the past decade.


             Expertise                    Paymetric employees have hundreds of years of combined
                                          experience in the payments industry and ERP landscape.


           Credibility                    Paymetric has been the recipient of many awards recognizing the
                                          accomplishments of the company and our solutions.


          Innovation                      Paymetric is consistently first to market with cutting edge solutions
                                          that help companies grow their business and increase security.


                        Value             On-demand model makes it affordable to experienced the benefits
                                          of integrated payment card processing and tokenization.


                   Service                24 x 7 support includes incident and problem resolution, access to
                                          publications and best practices and so much more.



19   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing
Q
     QUESTIONS




                                                    ?
                                                Stewart Comrie
                                            VP, Product Managment
                                            scomrie@paymetric.com


20   Trusted Solutions. Securely Integrated.
     Integrated and Secure Payment Processing

Contenu connexe

Tendances

[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...WSO2
 
Horizon_Brochure
Horizon_BrochureHorizon_Brochure
Horizon_BrochureOmar Tarish
 
3-D Secure Acquirer and Merchant Implementation Guide
3-D Secure Acquirer and Merchant Implementation Guide3-D Secure Acquirer and Merchant Implementation Guide
3-D Secure Acquirer and Merchant Implementation Guide- Mark - Fullbright
 
PSD2: Open Banking with APIs
PSD2: Open Banking with APIsPSD2: Open Banking with APIs
PSD2: Open Banking with APIsJason Bloomberg
 
CardConnect Merchant Pricing Proposal
CardConnect Merchant Pricing ProposalCardConnect Merchant Pricing Proposal
CardConnect Merchant Pricing ProposalTony Shap
 
How Data is Revolutionizing Authentication
How Data is Revolutionizing AuthenticationHow Data is Revolutionizing Authentication
How Data is Revolutionizing AuthenticationCardinalCommerce
 
Revenue assurance 101
Revenue assurance 101Revenue assurance 101
Revenue assurance 101ntel
 
Flux PayDirect NACH IndusInd Bank Case Study
Flux PayDirect NACH IndusInd Bank Case StudyFlux PayDirect NACH IndusInd Bank Case Study
Flux PayDirect NACH IndusInd Bank Case Studyevolvus
 
Moving Towards an industry utility for Compliance - Guy Sheppard
Moving Towards an industry utility for Compliance - Guy SheppardMoving Towards an industry utility for Compliance - Guy Sheppard
Moving Towards an industry utility for Compliance - Guy SheppardSWIFT
 
3-D Secure and MPI Integrations
3-D Secure and MPI Integrations3-D Secure and MPI Integrations
3-D Secure and MPI IntegrationsUnitedThinkers
 
NPP Presentation - Adrian Lovney
NPP Presentation - Adrian LovneyNPP Presentation - Adrian Lovney
NPP Presentation - Adrian LovneySWIFT
 
Edenred - Reducing Customer Complaints by 40% with INETCO Insight
Edenred - Reducing Customer Complaints by 40% with INETCO InsightEdenred - Reducing Customer Complaints by 40% with INETCO Insight
Edenred - Reducing Customer Complaints by 40% with INETCO InsightINETCO Systems Ltd.
 
Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...
Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...
Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...M1xchange
 
Paynet systems & Credit Card Processing
Paynet systems & Credit Card ProcessingPaynet systems & Credit Card Processing
Paynet systems & Credit Card ProcessingPaynet Systems, Inc.
 
Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...
Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...
Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...emagia
 

Tendances (20)

Wealth Management in Asia - Webinar
Wealth Management in Asia - WebinarWealth Management in Asia - Webinar
Wealth Management in Asia - Webinar
 
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WS...
 
2020 kyriba payment_network
2020 kyriba payment_network2020 kyriba payment_network
2020 kyriba payment_network
 
Horizon_Brochure
Horizon_BrochureHorizon_Brochure
Horizon_Brochure
 
CardConnect
CardConnectCardConnect
CardConnect
 
3-D Secure Acquirer and Merchant Implementation Guide
3-D Secure Acquirer and Merchant Implementation Guide3-D Secure Acquirer and Merchant Implementation Guide
3-D Secure Acquirer and Merchant Implementation Guide
 
PSD2: Open Banking with APIs
PSD2: Open Banking with APIsPSD2: Open Banking with APIs
PSD2: Open Banking with APIs
 
CardConnect Merchant Pricing Proposal
CardConnect Merchant Pricing ProposalCardConnect Merchant Pricing Proposal
CardConnect Merchant Pricing Proposal
 
How Data is Revolutionizing Authentication
How Data is Revolutionizing AuthenticationHow Data is Revolutionizing Authentication
How Data is Revolutionizing Authentication
 
Corp govissiwrcc2010
Corp govissiwrcc2010Corp govissiwrcc2010
Corp govissiwrcc2010
 
Revenue assurance 101
Revenue assurance 101Revenue assurance 101
Revenue assurance 101
 
TD - uLaw Payment Integration
TD - uLaw Payment IntegrationTD - uLaw Payment Integration
TD - uLaw Payment Integration
 
Flux PayDirect NACH IndusInd Bank Case Study
Flux PayDirect NACH IndusInd Bank Case StudyFlux PayDirect NACH IndusInd Bank Case Study
Flux PayDirect NACH IndusInd Bank Case Study
 
Moving Towards an industry utility for Compliance - Guy Sheppard
Moving Towards an industry utility for Compliance - Guy SheppardMoving Towards an industry utility for Compliance - Guy Sheppard
Moving Towards an industry utility for Compliance - Guy Sheppard
 
3-D Secure and MPI Integrations
3-D Secure and MPI Integrations3-D Secure and MPI Integrations
3-D Secure and MPI Integrations
 
NPP Presentation - Adrian Lovney
NPP Presentation - Adrian LovneyNPP Presentation - Adrian Lovney
NPP Presentation - Adrian Lovney
 
Edenred - Reducing Customer Complaints by 40% with INETCO Insight
Edenred - Reducing Customer Complaints by 40% with INETCO InsightEdenred - Reducing Customer Complaints by 40% with INETCO Insight
Edenred - Reducing Customer Complaints by 40% with INETCO Insight
 
Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...
Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...
Receivables Financing ➢ Accounts Receivable Financing ↖o↗ Receivable Financin...
 
Paynet systems & Credit Card Processing
Paynet systems & Credit Card ProcessingPaynet systems & Credit Card Processing
Paynet systems & Credit Card Processing
 
Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...
Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...
Digital B2B Credit Best Practices | Emagia Credit Automation | Emagia MasterC...
 

En vedette

5 Common Misconceptions About Payments in the Cloud
5 Common Misconceptions About Payments in the Cloud5 Common Misconceptions About Payments in the Cloud
5 Common Misconceptions About Payments in the CloudPaymetric, Inc.
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
Proforma monitoring p&d 25 2-2015
Proforma monitoring p&d 25 2-2015Proforma monitoring p&d 25 2-2015
Proforma monitoring p&d 25 2-2015hayat alishah
 
Stc final presentation
Stc final presentationStc final presentation
Stc final presentationhayat alishah
 
Paisaje digital
Paisaje digitalPaisaje digital
Paisaje digitallaubarce
 
ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23
ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23
ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23sdfhj
 
Tehsils sports stadiums after meeting (5)(1)
Tehsils sports stadiums    after meeting (5)(1)Tehsils sports stadiums    after meeting (5)(1)
Tehsils sports stadiums after meeting (5)(1)hayat alishah
 
Information tourism dept
Information tourism deptInformation tourism dept
Information tourism depthayat alishah
 
Assignment sept 2011 aj
Assignment sept 2011 ajAssignment sept 2011 aj
Assignment sept 2011 ajNasir Noor
 
Diapositivas correo institucional aula virtual uniminuto
Diapositivas correo institucional aula virtual uniminutoDiapositivas correo institucional aula virtual uniminuto
Diapositivas correo institucional aula virtual uniminutoncorre
 
Tietopyynnöt winwin
Tietopyynnöt winwinTietopyynnöt winwin
Tietopyynnöt winwinAleksi Koski
 
Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)
Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)
Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)hayat alishah
 
The business of bollywood
The business of bollywoodThe business of bollywood
The business of bollywoodshashankdestiny
 
Po cm summary miranjani
Po cm summary miranjaniPo cm summary miranjani
Po cm summary miranjanihayat alishah
 

En vedette (20)

5 Common Misconceptions About Payments in the Cloud
5 Common Misconceptions About Payments in the Cloud5 Common Misconceptions About Payments in the Cloud
5 Common Misconceptions About Payments in the Cloud
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
 
Proforma monitoring p&d 25 2-2015
Proforma monitoring p&d 25 2-2015Proforma monitoring p&d 25 2-2015
Proforma monitoring p&d 25 2-2015
 
Information
InformationInformation
Information
 
Stc final presentation
Stc final presentationStc final presentation
Stc final presentation
 
Paisaje digital
Paisaje digitalPaisaje digital
Paisaje digital
 
ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23
ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23
ZEYTİNBURNU DEMİRDÖKÜM KOMBİ SERVİSİ_0212 472 72 23_0541 872 72 23
 
Tehsils sports stadiums after meeting (5)(1)
Tehsils sports stadiums    after meeting (5)(1)Tehsils sports stadiums    after meeting (5)(1)
Tehsils sports stadiums after meeting (5)(1)
 
Maes Howe
Maes HoweMaes Howe
Maes Howe
 
Pta act
Pta actPta act
Pta act
 
Information tourism dept
Information tourism deptInformation tourism dept
Information tourism dept
 
Assignment sept 2011 aj
Assignment sept 2011 ajAssignment sept 2011 aj
Assignment sept 2011 aj
 
Diapositivas correo institucional aula virtual uniminuto
Diapositivas correo institucional aula virtual uniminutoDiapositivas correo institucional aula virtual uniminuto
Diapositivas correo institucional aula virtual uniminuto
 
Service rule
Service ruleService rule
Service rule
 
Tietopyynnöt winwin
Tietopyynnöt winwinTietopyynnöt winwin
Tietopyynnöt winwin
 
Coevaluacion referencias
Coevaluacion referenciasCoevaluacion referencias
Coevaluacion referencias
 
Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)
Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)
Md if tourism ismdmspstc160108 (2013 03 16 21_37_30 utc)
 
The business of bollywood
The business of bollywoodThe business of bollywood
The business of bollywood
 
Mala dfr.mak
Mala dfr.makMala dfr.mak
Mala dfr.mak
 
Po cm summary miranjani
Po cm summary miranjaniPo cm summary miranjani
Po cm summary miranjani
 

Similaire à Don't Handle Sensitive Data. Create A Tokenization Layer Around Your Enterprise.

Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...amadhireddy
 
The Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperThe Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperBen Rothke
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)Miminten
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowSasha Nunke
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)Greg Naderi
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)Greg Naderi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007Jason Edelstein
 
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerA systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerSubhajit Bhuiya
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit The Circuit
 
PCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitPCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitThe Circuit
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 

Similaire à Don't Handle Sensitive Data. Create A Tokenization Layer Around Your Enterprise. (20)

PCI DSS
PCI DSSPCI DSS
PCI DSS
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
 
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
 
The Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperThe Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White Paper
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to Know
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007
 
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerA systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archer
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit
 
PCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitPCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The Circuit
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 

Dernier

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 

Dernier (20)

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 

Don't Handle Sensitive Data. Create A Tokenization Layer Around Your Enterprise.

  • 1. Create a Tokenization Layer Around Your Enterprise – Don’t Handle Sensitive Data Length: 60 minutes Presenter: Stewart Comrie Integrated and Secure Payment Processing
  • 2. SPEAKER STEWART COMRIE VP STRATEGIC PRODUCTS PAYMETRIC, INC. Trusted Solutions. Securely Integrated. 2
  • 3. AGENDA  ABOUT PAYMETRIC  UNDERSTANDING PCI AND THE SAQs  DATA INTERCEPT SOLUTIONS  DISCUSSION ABOUT PCI CHALLENGES  Q&A 3 Trusted Solutions. Securely Integrated.
  • 4. ABOUT PAYMETRIC Paymetric is the leading provider of integrated and secure payment processing and tokenization solutions that enable companies to streamline the order-to-cash process, reduce the scope and financial burden of achieving PCI compliance, and improve return on electronic payment acceptance.  Founded in 1998  75 Employees  Privately Held – Austin Ventures and Palomar Portfolio Company  450+ Enterprise Customers 4 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 5. AWARD-WINNING COMPANY 2011 TAG Top 40 TECHNOLOGY COMPANIES IN GEORGIA Global Excellence MANAGEMENT TEAM OF THE YEAR 2010 TAG Top 40 MOST INNOVATIVE COMPANIES IN GEORGIA Global Product Excellence TOKENIZATION SOLUTION 5 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 6. PAYMETRIC CUSTOMERS Cross-Market & Industry Cross-Geography 6 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 7. What is PCI Compliance? Category Section Build and Maintain a Secure Network 1. Install and maintain a firewall configuration 2. Do not use vendor-supplied defaults for system passwords Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and card data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security “ANY ORGANIZATION THAT STORES, PROCESSES WHO MUST COMPLY? OR TRANSMITS CREDIT CARD DATA” Source: www.pcidatasecuritystandards.org 7 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing 10/07/12
  • 8. Merchant Validation Levels & Requirements VISA / MasterCard Merchant Levels Validation Actions On-Site Security Self – Assessment Merchant Level Criteria Network Vulnerability Scans Assessment Questionnaire Report on Compliance Level 1 (ROC) 6+ million transactions annually from any Not Applicable Required Quarterly (Submitted to Acquirer acceptance channel with one card brand Annually) Level 2 Submitted to Acquirer 1 million to 6 million transactions annually from Not Applicable Required Quarterly Annually any acceptance channel with one card brand Level 3 Submitted to Acquirer 20,000 to 1 million e-commerce transactions Not Applicable Required Quarterly Annually - Required Annually annually with one card brand Level 4 Required Annually Less than 20,000 e-commerce or less than 1 Not Applicable Required Quarterly (submission (submission to acquirer million transactions from any acceptance channel to acquirer not mandatory) not mandatory) annually with one card brand 8 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing 10/07/12
  • 9. Fitting PCI DSS and Self-Assessment Together 9 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing 10/07/12
  • 10. 5 SAQ Types Number of SAQ Summary Who is Eligible Question s Card-not-present (e-commerce or mail/telephone-order) SAQ A Outsource all CHD merchants, all cardholder data functions outsourced. This 13 would never apply to face-to-face merchants. Imprint or Imprint-only merchants with no electronic cardholder data SAQ B standalone dial- storage, or standalone, dial-out terminal merchants with 29 out terminals only no electronic cardholder data storage Merchants using only web-based virtual terminals, no Virtual terminals SAQ C-VT electronic cardholder data storage. This would never apply 51 only to e-commerce merchants or card swipe. Internet- connected Merchants with payment application systems connected to SAQ C 40 payment the Internet, no electronic cardholder data storage application All other All other merchants not included in descriptions for SAQ SAQ D merchants and all types A through C above, and all service providers defined 288 service providers by a payment brand as eligible to complete an SAQ. 10 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing 10/07/12
  • 11. Qualifying for SAQ-A – PCI Self-Assessment Questionnaire | Qualifying for SAQ-A reduces the number of security requirements from 205 to 14 Criteria That Has to be Met:  Company only handles Card Not Present (CNP) transactions  Company does not store, process or transmit any cardholder data on premise; relying on third-party providers  Third Party Service Provider is confirmed PCI DSS compliant  Company retains only paper reports or receipts with cardholder data and said documents are not received electronically  Company does not store any cardholder data in electronic format **Please consult your acquirer or QSA to confirm that Paymetric’s Data Intercept solution will help you qualify for PCI SAQ-A.** 11 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing 10/07/12
  • 12. DATA PROTECTION STRATEGY TIMELINE Elimination TECHNOLOGY Tokenization (SaaS) Centralization Encryption 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 V1.0 V1.1 V1.2 V1.2.1 PCI DSS DRIVERS $138 $182 $197 $202 $204 $214 $4.5M $4.7M $6.3M $6.7M $6.8M $7.4M COST OF A DATA BREACH 1 38 46 NUMBER OF STATES WITH DATA BREACH NOTIFICATION LAWS 52M 48M 129M 49M 222M NUMBER OF RECORDS BREACHED 12 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 13. Reducing Effort and Cost of Compliance Eliminate Move to a Reduce Burden Systems from “Lesser” SAQ on Systems Scope Reduced Effort and Cost 13 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing 10/07/12
  • 14. THE FUTURE | Eliminate Handling of Sensitive Data Altogether M EN ER TE CH RP AN RI T LE GA SE YC Da ta In te rc ep El t im in at eS ys te M m in sf Dr im ro as ize m tic PC all PC IA yR IC ud 14 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing ed os it uc ts Sc o
  • 15. DATA INTERCEPT | eCommerce CLIENT BROWSER Client Browser <script> Src=“https://paypage.paymetric.com/dnld.js <Cardholder Data> Credit card number: Card Type: Expiration Date: mm yy CVV: What’s this? Cardholder Name: MERCHANT SYSTEMS Web Server 15 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 16. DATA INTERCEPT FOR SAP DATA INTERCEPT TOKENIZATION Data Intercept Client is Invoked When CSR Attempts to Enter SAP Server Makes Immediate Call for Token Number into SAP Credit Card Field Enter CC Number Card Data TouchesNever Touches in PCI Scope Card Data SAP Placing it SAP Removing it From PCI Scope Card Data is Never Stored, Minimizing Scope of PCI Requirement 3 16 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 17. DI and PCI Audit Considerations  PCI Audit Process  Data-flows, where is your data?  Determination of scope  Use of tokenization removes SAP/Web App from the dataflow  Assessment focused on data entry systems only  What does that mean from a resource perspective  Eliminate core application used by all employees from scope  What does it mean to be “In Scope”  Audit Logging, Vulnerability Scanning, Patching, Access Controls, System Hardening, Penetration Testing, Monitoring, File Integrity  Elimination of data/scope allows an organization to focus resources on critical points of interaction 17 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 18. Benefits of Data Intercept  Seamless process  Reduced risk of a data security breach  Provides logging for PCI Audit Purposes  More tightly control access to data  No Storage of sensitive data  Ease compliance efforts with regulations PCI  Grant your organization safe harbor from new data breach notification laws  Increased security and brand protection Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 19. WHY PAYMETRIC? Performance Over 400 of the world’s most respected brands have leveraged Paymetric solutions over the past decade. Expertise Paymetric employees have hundreds of years of combined experience in the payments industry and ERP landscape. Credibility Paymetric has been the recipient of many awards recognizing the accomplishments of the company and our solutions. Innovation Paymetric is consistently first to market with cutting edge solutions that help companies grow their business and increase security. Value On-demand model makes it affordable to experienced the benefits of integrated payment card processing and tokenization. Service 24 x 7 support includes incident and problem resolution, access to publications and best practices and so much more. 19 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing
  • 20. Q QUESTIONS ? Stewart Comrie VP, Product Managment scomrie@paymetric.com 20 Trusted Solutions. Securely Integrated. Integrated and Secure Payment Processing

Notes de l'éditeur

  1. Gary and Kathleen