Business to You PCI brings more ! Hans Bouman 26 th of January Antwerpen - Belgium
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Bus
ines
s to
You
PCI brings more !
Hans Bouman
26th of JanuaryAntwerpen - Belgium
Bus
ines
s to
You
1992 – 2000Product manager e-Commerce
2001 - currentSecure eCommercewww.b2u.nl
2002 – 2005Country Manager Ogone
2006 - currentPreferred Partner www.internetkassa.com
2015 - currentEmail/SMS + payment linkwww.paybylink.eu
NL
Background
2015 - currentSales platform WebshopSolutionswww.webshopsolutions.com
Bus
ines
s to
You
Marketing Payments Security Webshop Support
www.webshopsolutions.com
Bus
ines
s to
You PCI as best practice for…
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &applicationbuilders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You WWW.PCISECURITYSTANDARD.ORG
Bus
ines
s to
You PCI is so… credit card focussed
Bus
ines
s to
You PCI is so… credit card focused
Bus
ines
s to
You PCI or other standards?
I S O 2 7 0 0 1 OTHER ALTERNATIVES
ATIS, ETSI, IEEE, IETF, ISO/IEC JTC 1, ITU-T, OASIS, 3GPP and 3GPP2
Bus
ines
s to
You Stay in line with acquirers => PCI/DSS
Bus
ines
s to
You PCI as best practice for…
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &applicationbuilders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You Credit cards vs Privacy Sensitive data
Basket/products
First name, Surname
Financial information
Credit card numbers
Storage: more and more in the CLOUD
Social Security Number
Passport numbers
Driver's license number
Delivery address
Mobile number
Email address
Date of Birth
Passwords
Bus
ines
s to
You Credit card rules OR LEGAL REASONS
EU Directive 95/46/EC “(46) Whereas the protection of the rights and freedoms of datasubjects with regard to the processing of personal data requiresthat appropriate technical and organizational measures be taken,both at the time of the design of the processing system and at thetime of the processing itself, particularly in order to maintainsecurity and thereby to prevent any unauthorized processing;whereas it is incumbent on the Member States to ensure thatcontrollers comply with these measures; whereas these measuresmust ensure an appropriate level of security, taking intoaccount the state of the art and the costs of theirimplementation in relation to the risks inherent in theprocessing and the nature of the data to be protected;”
Personal Data Protection Act
Bus
ines
s to
You Responsibility vs Liability
àThe OWNER of the domain.
àThe OWNER of the domain.
Who is responsible for the security of the website?
Who is legally liable?
àThe OWNER of the domain.
Who has to pay the costs and penalties?
Bus
ines
s to
You That’s easy: owner is 100% liable…
Hosting1Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
www.domain.nl
InternetDNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
login.domain.nl
Hosting2
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
SuppliersShoppingportals Logistics
Bus
ines
s to
You “So, where are your monitoring reports?”
“We have a great website builder with good reputation”“We have the most secure hosting company”
“It’s their risk a well, so they will manage it…”“Other companies check it, so…”
Bus
ines
s to
You How to involve suppliers?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You Hacked; blame your hosting & site builder…
Help hosting companies and site builders to get out this “who is responsible” discussions.
New website Hacked
Security maintenancedelivered and invoiced (Y/N)?
time line
Solution “PCI as zero-point”
Merchant responsibleHosting & site builders solve (& invoice) issues
time line
Bus
ines
s to
You How to involve all departments?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reportsMarketing
Partnerschain
protection
Bus
ines
s to
You Dashboard
Bus
ines
s to
You Scans overview
Bus
ines
s to
You Sorting options
Sorting on:• Severity• Scan
frequency• Domein• PCI-status• Port• Group• User
Bus
ines
s to
You Detailed information & links
Bus
ines
s to
You Scans per device & PCI-reports
Bus
ines
s to
You Multiple reports
Bus
ines
s to
You All internal staff & external partners involved
and fully committedwww.domain.nl
Hosting1Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
InternetDNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Helpdesk
Responsible:Board
ManagersMayors
login.domain.nl
Hosting2
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
SuppliersShoppingportals Logistics
System ownersProgrammer
External partners Marketing
ExecutiveReport(PDF)
Bus
ines
s to
You How to involve partners?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You PCI/DSS 12.8 “shared c/h data”
www.domain.nl
Hosting1Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
InternetDNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
EmailserversHelpdesk
System ownersProgrammer
External partners Marketing
Responsible:Board
ManagersMayors
ExecutiveReport(PDF)
login.domain.nl
Hosting2
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
SuppliersShoppingportals Logistics
Bus
ines
s to
You C/H example: BOOKING & Hotels
More and more non-creditcard companies demand PCI-certification !
Bus
ines
s to
You How to involve marketing?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You Seal options
Bus
ines
s to
You MORE TRUST = MORE SALES
Bus
ines
s to
You Certificate
Bus
ines
s to
You Mobile floating logo
Bus
ines
s to
You PCI brings more… involvement & commitment
• PCI became a stable, clear and worldwide accepted standard• By positioning PCI/DSS next to CC’s also for privacy information,
it supports a more generic approach for other sectors • PCI-scanning provides a tool and checks to support & increase quality• Use PCI-reporting for employees, managers & partners, not only acquirers• Use PCI/DSS for shared information between companies (not acquirer driven)• Use security for trust and marketing, “Market your Security”
Bus
ines
s to
You 14-days free trial
www.trustguard.eu
Bus
ines
s to
You
BUSINESS TO YOU
www.b2u.nlwww.trustguard.eu
www.webshopsolutions.com
Office: +31 (0)297 381303Email: [email protected]
THANK YOU
Related Documents
