The Heartland Payment Systems data breach has been the information security story of the year. And it's shined a bright spotlight on the Payment Card Industry Data Security Standard (PCI DSS) - and the question "How does an organization attain and sustain PCI Compliance?"
In this panel webinar, part of the Emerging Technologies Insights series, industry thought-leaders will discuss:
The importance of not only meeting PCI compliance, but having the ability to audit and sustain compliance;
Market trends - current threats and cutting-edge solutions;
Practical advice to help your organization avoid being the next Heartland or having to deal with the aftermath.
On Inauguration Day 2009, Heartland Payment Systems (HPY) disclosed that it had been breached in 2008, exposing an unknown number of credit and debit card holders to potential fraud in what may be one of the largest data compromises to date.
Heartland maintains it was compliant with the Payment Card Industry Data Security Standard (PCI DSS). But since then, Visa has removed Heartland from its list of PCI compliant vendors and taken the public stance: "We've never seen anyone who was breached that was PCI compliant."
The Heartland security breach raises a serious question about organizations achieving PCI compliance, but still suffering a major breach: How does one attain and sustain PCI compliance?
If the PCI DSS checklist is mechanically followed and a merchant suffers a data security breach, it is still held responsible, faces large fines, suffers brand damage and may lose its ability to process credit card transactions. While checklists are useful tools, following them can lull one into a false sense of security. To rely solely on the PCI DSS checklists to secure cardholder data is similar to a pilot relying only on the pre-flight checklist before takeoff, then colliding with another plane during takeoff. A checklist is not enough.
In this webcast, we will discuss market trends, as well as myths and realities about PCI compliance. We then will examine how emerging technology solutions can provide continuous monitoring and assessment of change to critical files and settings to help merchants reduce the threat of security breaches -- and to allow quick detection and recovery if they do occur.
With decades of industry experience working hand in hand with retailers, payment card processors, hoteliers and restaurateurs, Ed has an enterprise-wide understanding of the issues facing businesses that must comply with the PCI standard.
Dave Taylor founded the PCI Knowledge Base and before that the PCI Alliance. He has worked with many leading edge companies as an analyst for Gartner for 14 years. The PCI Knowledge Base is a Research Community which shares information and knowledge to help merchants, banks and other organizations achieve PCI compliance.
Wills is a Fintech architect and strategist specializing in payments, security and digital identity. For more than two decades, he has guided organizations such as Visa, Bank of America, Wells Fargo Bank, UnionBank of the Philippines, VeriFone, Intuit, Richemont, Ping Identity and multiple startups to build and secure their digital platforms. Career highlights of Wills include leading the development, launch and operation of Visa's core transaction fraud management services and VeriFone's digital wallets, merchant e-commerce platforms and payment gateways, as well as secure platform/product design for Visa's prepaid card management system, national mobile payment networks in the Dominican Republic (tPago), Bangladesh (bKash), a Philippines' major credit card issuer and the Manila public transit network. He has also served as a CISO for CrossCheck and Intuit subsidiary PayCycle.com, and as a mentor for StartupBootcamp FinTech and four Asian payment startups. In addition, he is a tenured speaker and media commentator on security in digital transactions. He holds both CISSP and CFE certifications. A resident of Singapore, Tom has also lived and worked in the US, UK, UAE, Philippines and Dominican Republic.