June 2012 First Data PCI RAPID COMPLY SM Solution

Similar documents
FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

PCI COMPLIANCE IS NO LONGER OPTIONAL

Merchant Guide to PCI DSS

PCI DSS 3.2 AWARENESS NOVEMBER 2017

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Navigating the PCI DSS Challenge. 29 April 2011

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

The sign-in area is located at the back of the room. Grab a name tag and let us know who you are! Annual PCI Overview

Commerce PCI: A Four-Letter Word of E-Commerce

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

PCI compliance the what and the why Executing through excellence

The IT Search Company

Understanding PCI DSS Compliance from an Acquirer s Perspective

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

Zipzap Processing PCI Self Certification Support Documentation

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

Co-Branded AHIP Site Access Instructions Enterprise Broker Contracting. Presentation for Centene Brokers

Customer Compliance Portal. User Guide V2.0

White paper PCI DSS. How do you manage your customers payment card details securely and responsibly?

How do you manage your customers payment card details securely and responsibly? White paper PCI DSS

Webinar: How to keep your hotel guest data secure

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

University of Sunderland Business Assurance PCI Security Policy

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry Data Security Standards Version 1.1, September 2006

PCI DSS COMPLIANCE 101

Donor Credit Card Security Policy

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

GUIDE TO STAYING OUT OF PCI SCOPE

PCI Compliance: It's Required, and It's Good for Your Business

Introduction to the PCI DSS: What Merchants Need to Know

Table of Contents. PCI Information Security Policy

PCI Compliance. Network Scanning. Getting Started Guide

City of Portland Audit: Follow-Up on Compliance with Payment Card Industry Data Security Standard BY ALEXANDRA FERCAK SENIOR MANAGEMENT AUDITOR

PCI DSS Q & A to get you started

IBM Managed Security Services - Vulnerability Scanning

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Humana Access Online User Guide. Simplify your healthcare finances with convenient, online access to your tax-advantaged benefit account

IBM Resilient Incident Response Platform On Cloud

N O R T H C AROLINA U T I L I T I E S C O M M I S S I O N. Regulatory Fee Reporting. User Guide

PCI DSS COMPLIANCE DATA

ISACA Kansas City Chapter PCI Data Security Standard v2.0 Overview

YourStore A GUIDE TO

CSCDomainManager Frequently Asked Questions

Personal Banking Upgrade 2.MO Guide

Dan Lobb CRISC Lisa Gable CISM Katie Friebus

Section 1: Assessment Information

YOUR BUSINESS Networking Lunch & Vendor Fair

Wheaton Online Bill Pay Utility Billing

Payment Card Industry (PCI) Compliance

THE PCI DSS IS NOT THE RESULT OF A KNEE-JERK REACTION TO AN INCREASE IN SECURITY BREACHES BUT IT IS A STUDIED APPROACH TO DATA SECURITY

PCI Compliance. What is it? Who uses it? Why is it important?

Payment Card Industry Data Security Standard (PCI DSS)

Online Presentment and Payment FAQ s

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Red Flags/Identity Theft Prevention Policy: Purpose

PCI DATA SECURITY STANDARDS VERSION 3.2. What's Next?

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

SAQ A AOC v3.2 Faria Systems LLC

IBM Security Intelligence on Cloud

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

Used Truck Association (UTA) Michelin North America Inc. (MNA) Tire Program. UTA member MICHELIN Advantage Program application instruction guide.

PCI Compliance Assessment Module with Inspector

Jordan Levesque Making sure your business is PCI compliant

Motor Oil Matters (MOM) Installer Online System User Guide

Terms and Conditions between Easy Time Clock, Inc. And Easy Time Clock Client

Will you be PCI DSS Compliant by September 2010?

Cipherithm LLC 2013 PCI SSC North America Community Meeting Notes

Long Term Disability Online Payment Instructions

FY2016 FCC Form 470 and Competitive Bidding

Site Data Protection (SDP) Program Update

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Volume 8, Issue 1 Payment Processing News from Shift4 Corporation November 2005

Payment Card Acceptance - Exception Form

Blueprint for PCI Compliance with Network Detective

ACH Monitor Fraud Review and Approval USER GUIDE

FY2017 FCC Form 470 and Competitive Bidding

A MEMBER OF THE TEXAS A&M UNIVERSITY SYSTEM. Texas AgriLife Research Texas AgriLife Extension Service. Pathway Net Guide REVISED 2/29/08

Lusitania Savings Bank Retail Internet Banking Terms and Conditions

First Federal Savings Bank of Mascoutah, IL Agreement and Disclosures

San Joaquin County Emergency Medical Services Agency

JHA Payment Solutions. OneClick Funds Verification CSL. Client Training Guide. ipay Solutions. January 2017

How to Request Courses (First Phase: Course Requests Lottery)

Consumer Online Banking Application

PCI DSS Compliance for Healthcare

IBM Security Services Overview

GDPR Compliance. Clauses

Waste Transportation Safety Program. New and Renewal Act 90 Authorization Online Greenport Application Instructions.

A QUICK PRIMER ON PCI DSS VERSION 3.0

How to Complete Your P2PE Self-Assessment Questionnaire

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

SME License Order Working Group Update - Webinar #3 Call in number:

IBM Resilient Incident Response Platform On Cloud

Data Sheet The PCI DSS

Managed Security Services - Endpoint Managed Security on Cloud

Personal Online Banking & Bill Pay. Guide to Getting Started

Transcription:

June 2012 First Data PCI RAPID COMPLY SM Solution You don t have to be a security expert to be compliant. Developer: 06 Rev: 05/03/2012 V: 1.0

Agenda Research Background Product Overview Steps to becoming PCI DSS Compliant Communications & Next Steps Additional Program Information 2

What's In It for Me? After completing this session, you will be able to: Explain why merchants should use the First Data PCI Rapid Comply SM solution. Describe how using the PCI Rapid Comply solution helps merchants. Instruct merchants on how to enroll with PCI Rapid Comply solution. Navigate the PCI Rapid Comply solution website. Prepare for the upcoming communication. Know where to go for help. 3

First Data PCI Rapid Comply SM Solution? Offer a high-quality, integrated merchant experience Create a step-bystep, self-guided approach to help small merchants complete the SAQ. Provide dedicated PCI compliance help desk support. Offer a global solution package including new security and compliance products and services. 4

First Data PCI Rapid Comply SM Solution Easy-to-use online tool that can help merchants achieve and maintain PCI DSS compliance more quickly and easily. Designed by PCI security experts specifically for small to midsize merchants. Pre-SAQ questions help pre-populate corresponding SAQ questions to minimize the volume of questions merchants must answer.* Includes comprehensive support (online and via chat, email and phone) that ensures merchants PCI-related questions get answered. Offers integrated scanning for merchants that are required to pass quarterly scans to achieve PCI DSS compliance. *Merchants are responsible for valid answers to all questions whether or not they are pre-populated. 5

Merchant PCI Classification Approximately 99% of our portfolio is made up of Level 4 merchants. Level 1 merchant Level 2 merchant Level 3 merchant Level 4 merchant Any merchant, regardless of acceptance channel, processing over 6,000,000 Visa transactions per year Any merchant processing 1,000,000 to 6,000,000 Visa transactions per year Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year Any merchant processing less than 20,000 e- commerce transactions per year, and all other merchants processing up to 1,000,000 transactions per year 6

Five Simple Steps to PCI Compliance As a market leader, First Data is leading the way. First Data has taken the step to be the first processing company to offer in-house PCI compliance services with the PCI Rapid Comply SM solution. RENEW annually CERTIFY compliance with a passing SAQ & scan if applicable ENROLL with PCI Rapid Comply Solution VALIDATE with your acquirer COMPLY with the PCI requirements 7

Are Merchants Required to Use the First Data PCI Rapid Comply SM Solution? The benefits of using the First Data PCI Rapid Comply SM solution are that it is offered by and integrated with the merchant s Merchant Services provider. The PCI Rapid Comply solution includes a guided, step-by-step SAQ tool help to complete the annual questionnaire with ease an integrated scanning tool for merchants that are required to pass quarterly scans comprehensive support, online and via chat, email and phone to ensure merchants questions get answered. As our merchants service provider, we hope merchants will choose to use our PCI Rapid Comply solution. However they are free to obtain PCI DSS compliance services from third-party vendors. If a merchant chooses to use a third-party vendor for PCI DSS compliance services, the merchant will need to contract with and pay that vendor directly. In addition to the alternate vendor s charges for PCI DSS compliance services, the merchant will still need to pay to the Compliance Service Fee charged by their Merchant Services provider. The Compliance Service Fee is not affected by the merchant s choice to use a third-party vendor. Merchants using a third-party will also need to ensure their PCI DSS compliance status is reported to First Data. 8

Enroll New merchants may enroll in the First Data PCI Rapid Comply SM solution after receiving their PCI Notification Letter. There are no new or additional charges. The Compliance Services Fee charged by the merchant s Merchant Services provider includes an annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if needed. Register online at www.pcirapidcomply.com. An email is sent for the merchant to proceed with an assessment of their business. Clients and AEs should not enroll on behalf of merchants. ENROLL with the PCI Rapid Comply Solution 9

Comply Complete Self-Assessment Questionnaire (SAQ) for Business. COMPLY with PCI requirements Based on merchant s processing method, they will have to complete an annual PCI questionnaire and a quarterly scan, if required. PCI Rapid Comply SM solution will provide merchants the results of the SAQ and related scans to determine compliance. If the business is not compliant, the PCI Rapid Comply solution provides a custom remediation or Fix It plan to assist in identifying issues preventing PCI DSS compliance. 10

Validate VALIDATE with your acquirer Verifies that the merchant s customers data is secure and gives confidence that the business meets very strict data security requirements. 1 First Data PCI Rapid Comply SM solution provides First Data the validation of merchant s compliance. If merchant uses any other vendor, the merchant s PCI validation documents must be submitted to First Data: Fax - 402-916-8240 Email - PCI.1@firstdata.com 1. Achieving PCI DSS compliance does not prevent a data security breach or compromise, or change the allocation of risk under your merchant agreement. 11

Certify Upon successful completion of validation with First Data, the merchant is Certified PCI DSS compliant. CERTIFY compliance with a passing SAQ & scan if applicable If a merchant fails to become PCI DSS compliant or to report their PCI DSScompliant status with a third-party vendor to First Data, they will be charged a monthly non-receipt of PCI Validation fee by their Merchant Services provider until such time as they become PCI-DSS compliant or report their PCI DSScompliant status to First Data. The PCI Rapid Comply SM solution will provide merchants with a full copy of their completed SAQ and notify First Data of their certification. 12

Renew PCI DSS stipulates that every certification be renewed on an annual basis for self-assessment questionnaires (SAQ) and a quarterly basis for scans, if required. RENEW SAQ Annually & Scans Quarterly This confirms that the merchant remains in compliance with any PCI DSS updated requirements as their business evolves. First Data PCI Rapid Comply SM solution notifies the merchant via email when renewal certification is due. Merchants using third party QSA/ASVs need to inquire about their renewal process. 13

Benefits of the First Data PCI Rapid Comply SM Solution PCI Rapid Comply is integrated with your processor making the process faster and simpler. Pre- SAQ questions let merchants answer fewer questions. Comprehensive chat, email and phone support gets merchants questions answered. Unlimited, automatic and integrated scanning for those merchants who need scans. Includes customized Security and Incident Response Policies at no additional charge. 14

Are there additional fees to use the PCI Rapid Comply SM solution? With the First Data PCI Rapid Comply SM solution, there are no new or additional charges. The Compliance Service Fee charged by the merchant s Merchant Services provider includes their annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if required This fee information, amount and timing, is disclosed to the merchant through the PCI Notification Letter With the PCI Rapid Comply solution, merchant PCI DSS compliance status is sent directly to First Data no additional step for a merchant to complete. 15

Non-Compliance Merchants who fail to become PCI compliant 1 could be putting their businesses at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card associations), fraud and charge backs, as well as legal costs and lost customers. Merchants who fail to become PCI DSS compliant or to report PCI DSScompliant status with a third-party vendor to First Data, will be charged a monthly non-receipt of PCI Validation fee by their Merchant Services provider until such time as they become PCI DSS-compliant or report their PCI DSS-compliant status to First Data. To avoid the fee the merchant must validate compliance by the 25th of any given month. Merchants who experience a data security breach could even lose their ability to process credit card payments. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred. 2 1. Achieving PCI DSS compliance does not prevent a data security breach or compromise, or change the allocation of risk under your merchant agreement. 2. Javelin Strategy and research June 2009 16

Fines vs. Fees Fines are imposed by the Associations (MasterCard and Visa) and are assessed due to: Breaches and common point of purchase Can range up to $500,000 per incident Due to storage of prohibited data Failure to Validate Compliance as a Level I or II merchant Fees are imposed by the Acquirer (First Data) they include: $19.95 monthly Non Receipt of PCI Data Validation fee Annual or quarterly Compliance Service Fee depending on how merchant is set up. 17

Screenshots 18

First Data Rapid Comply SM Solution www.pcirapidcomply.com Merchants answer fewer questions in some cases 85% fewer. 19

Pre-populated SAQ Questions* Merchants can complete the right SAQ with ease. Help direct merchants to the SAQ that is appropriate for their business. Expedites the overall PCI SAQ completion process. *Merchants are responsible for valid answers to all questions whether or not they are pre-populated. 20

Built-in Help and Comprehensive Support First Data Rapid Comply SM Assistance is available from: 9:00am-9:00pm EST Monday - Friday Built-in Help: Detailed, in-context help for any question on the SAQ. Get your questions answered! Assistance with any part of the PCI process is available by live chat, email or phone. 21

Integrated and Automatic Scanning Automatic scanning helps ensure merchants stay compliant. Offers a simple-to-use scan function for merchants that are required to pass a vulnerability scan as part of the PCI DSS compliance products. Scanning is integrated into the compliance process including automatic quarterly scheduling after a one-time setup process. 22

Customized Security and Incident Policies Customized Security and Incident Response Policies After achieving PCI certification, each merchant is presented with customized Information Security and Incident Response Policies based on the specific SAQ document the merchant completed. 23

Communication Plan Merchants will have the option to enroll or re-enroll in the First Data PCI Rapid Comply SM solution We hope merchants will elect to use our PCI Rapid Comply SM solution. However, Merchants are free to obtain PCI DSS compliance services from third-party vendors. One week after PCI Notification Letter is Sent: The New Merchant Welcome Email is sent from PCI Rapid Comply Subject Line: PCI Compliance Required for {MerchantCompanyName} From: firstdata@pcirapidcomply.com Includes a Username and Temporary Password Branded PCI Notification Letter is sent Merchants will receive a PCI Notification letter dated the 25 th of the month directing them to First Data PCI Rapid Comply. Statement Messages: PCI Reminder statement messages will generate out to merchants the months that quarterly PCI notifications are sent and the month following 24

Quarterly Mailing / Billing Schedule Quarterly Notification schedule to pick up newly boarded merchants Account Boarded Letter Mailed Begin Annual or Monthly Billing Begin Non Validation Fee Oct-Dec 2011 Jan-2012 Feb-2012 Apr-2012 Jan-Mar 2012 Apr-2012 May-2012 Jul-2012 Apr-Jun 2012 Jul-2012 Aug-2012 Oct-2012 Jul-Sept 2012 Oct-2012 Nov-2012 Jan-2013 Oct-Dec 2012 Jan-2013 Feb-2013 Apr-2013 29

First Data PCI Rapid Comply SM Solution Thank You! First Data Learning Organization

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback