1 / 12

EarthLink Business PCI Compliance Solution Services

EarthLink Business PCI Compliance Solution Services. EarthLink Business: Secure Solutions for Merchants & Retailers. SMB to Fortune 500 retail customers Tens of thousands of store locations Comprehensive network and IT services to support PCI compliance: Nationwide private MPLS

holly-miller
Télécharger la présentation

EarthLink Business PCI Compliance Solution Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EarthLink BusinessPCI Compliance Solution Services

  2. EarthLink Business: Secure Solutions for Merchants & Retailers • SMB to Fortune 500 retail customers • Tens of thousands of store locations • Comprehensive network and IT services to support PCI compliance: • Nationwide private MPLS • Direct Connect • Secure Point of Sale connectivity • SSAE 16 compliant data centers; connect directly via MPLS • Managed security services • PCI Compliance Validation with Breach Protection

  3. What is PCI Compliance? • Definition – Payment Card Industry Data Security Standard (PCI-DSS) • Set up by Visa, MasterCard, American Express, Discover, and JCB to reduce the risk of credit card theft and transfer liability to merchants • Requires mandatory adoption by allbusinesses that store, process, transmit credit/debit card data 6 Control Objectives 12 Core Requirements 6 Control Objectives 250+ Audit Procedures

  4. If you cannot answer yes to the three questions below, you are not PCI Compliant Have ALL employees completed a PCI Certified security awareness training program upon hire and annually thereafter ? Have all employees read and signed a formal security policy ? Can you demonstrate that you run quarterly ASV scans ? 1 2 3 97% of U.S. events occurred at small merchants, and 91% of those were brick and mortar merchants. (Visa, 2012)

  5. Impact of a Breach on a Business Must stop taking credit cards Pay for forensic audit Pay fines and credit card replacement costs Pay to implement remediation actions and for future on-site audits by a Qualified Security Assessor A credit card breach can take months to remediate • The average business loses $3,007,015 per breach incident due to customer churn, brand damage, etc. (Symantec and Ponemon Institute)

  6. Vulnerabilitiesthat Cyber Criminals Exploit • No firewall to separate Point-of-Sale (POS) and Internet traffic • Insecure Remote Access • Lack of staff training needed to spot scams and protect information • Weak security configurations • Operating system flaws • Flawed security policies • Poor change control procedures Retailer Challenge: Dedicating the Time, Resources, and Expertise Required to Stop Cyber Crime

  7. PCI Compliance Data Security Standards Requirements • Install and maintain a firewall configuration to protect data. • Do not use vendor-supplied defaults for • system passwords or other security parameters • Protect stores data • Encrypt transmission of cardholder data • and sensitive information across public networks • Use and regularly update antivirus software • Develop and maintain secure systems and applications • Restrict access to data by business • need to know • Assign a unique ID to each person with computer access • Restrict physical access to cardholder data • Track and monitor all access to network • resources and cardholder data • Regularly test security systems and processes • Maintain a policy that addresses information security 1 Build and Maintain a Secure Network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy 2 3 4 5 6

  8. Merchant Requirements:Based on Transaction Volume

  9. Protect and Validate PCI Compliance Designed for Level 2-4 merchants, PCI Compliance Validation is a comprehensive solution to protect business owners and organizations protecting themselves from the crippling financial effects of credit card theft while reducing the risk of data breach FINANCIALLY PROTECT YOUR BUSINESS: Up to $100,000 of data breach expense subject to per occurrence and aggregate limits of $ 500,000 per year, protection per location for less than $1 per day. VALIDATE YOUR LEVEL OF PCI COMPLIANCE: Reduce the risk of breach with easy to use web-based tools for validating compliance Solution powered by ANX eBusiness, an Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA)

  10. Breach Protection* • Breach Protection provides for merchant reimbursement of up to $100,000 per location subject to a per occurrence and aggregate yearly maximum of $ 500,00 to cover expenses if a customer’s credit card information is breached. • Covered expenses include: • Forensic audit provided by a Qualified Security Assessor (QSA) as required by PCI DSS • Replacement of credit cards and related expenses • Fines and penalties incurred as a result of the breach • Two-hour telephone consultation with a breach consultant *DISCLAIMER NOTICE. The PCI Compliance Solution Services are provided and serviced by ANXeBusiness Corp. and offered through EarthLink Business, and are subject to the terms and conditions found at http://www.earthlinkbusiness.com/about-us/legal/terms.xea. All Data Breach Protection Service reimbursements are limited to:  $100,000.00 a year for each qualifying location, not to exceed $500,000.00 per occurrence for customers with multiple locations, and an aggregate maximum of $500,000.00 per customer. Use of the PCI Compliance Validation Service does not guarantee that a data breach will not occur and alone cannot prevent losses. EarthLink Business makes no representations as to whether the Data Breach Protection Service will apply to or cover a particular claim or loss. The material in this document (or on this site) is intended for informational purposes only, not as professional advice, and is provided on an “AS IS” basis. EARTHLINK BUSINESS DISCLAIMS ALL WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, RELATING TO THE PCI COMPLANCE SOLUTION SERVICES, INCLUDING, WITHOUT LIMITATION, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND THE ACCURACY AND COMPLETENESS OF ASSOCIATED INFORMATIONAL CONTENT AND WILL NOT BE LIABLE FOR LOSSES, COSTS OR DAMAGES ARISING FROM THE PCI COMPLIANCE SOLUTION SERVICES OR ANY ASSOCIATED INFORMATIONAL CONTENT.

  11. EarthLink PCI Compliance Validation • PCI Self Assessment Questionnaire (SAQ) wizard with question and answer support • Task Management and Reporting • Security Policy Templates • External Vulnerability Scanning • PCI eLearning course (versions for cashier, IT and owner)

  12. Proactively Protect Your Business from Breach Step 1: Financially Protect Yourself from a Breach Step 2: Validate PCI Compliance Step 3: Achieve Compliance Step 4: Maintain Compliance How can EarthLink help you achieve PCI Compliance ?

More Related