CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING

Three (3) - Day Course

On

Card Fraud Prevention & PCI DSS Compliance Training

For Executives of CBN,

Banks, EFT Switches, NIBSS And Payment Service Providers

Organized By

Ethnos IT Solutions Ltd, Lagos

And

Mindset Resource Consulting, UK

Facilitated By

Trustwave Ltd, South Africa

South AfricaAugust 27- 29, 2012

1

CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING

Date: August 27-29, 2012

Venue: Trustwave Academy, Regus, 2nd Floor, West Tower, Maude Street, Nelson Mandela Square, Sandton, Johannesburg 2196, South Africa

Course Fee: NGN250,000 Per Participant (Excluding airfare, hotel accommodation and feeding)

Keynote Address by Mr. Dipo Fatokun, Director, Banking & Payments System Department,Central Bank of Nigeria

Course Introduction:In view of the growing concern by the Central Bank of Nigeria and the stakeholders in the electronic payment industry to combat card fraud and ensure integrity and sustainability of the on-going cash-lite initiative, we propose to hold a 3-day intensive training workshop on Preventing Card Fraud and PCI DSS Compliance Certification and Management.

The electronic means of payment for goods and services has gone on to become one of the major contributors to economic growth; it brings enormous value into the global financial services and has made business transactions all over the world effortless. In Nigeria, the CBN has recently introduced the cashless policy which will go a long way to position Nigeria as a seriously developing economy. However, reports available shows that on-line fraud in Nigeria is on the increase and posing a threat to the success of the cashless policy and on the long run could cripple the noble intension of the apex bank. Given that Nigeria is a grossly unregulated economy, the need for the apex bank to inculcate a holistic approach to help securing the electronic payment system is urgently required judging from the alarming rate of intentional and non-intentional threats and attacks, sophisticated cybercrimes locally as well as globally. We therefore recommend that the central bank of Nigeria has to be on top of its game in terms of providing the regulatory oversight to strengthen the policy implementation, bearing in mind that customers are already expressing apathy on the meaningful implementation of the cashless policy. 

2

CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING

The course will cover critical component of security compliance program designed to educate attendees on general overview of the PCI DSS regulatory environment, payment card threats, and an in-depth review of the gains and pains of compliance and noncompliance. The training program provides an overview of the PCI DSS regulatory environment, card processing vulnerabilities and threats, and an in-depth review of each requirement to help build an organizational PCI DSS understanding and implement a methodology for the compliance process. 

Course DescriptionThe Course consists of three sessions held over three days. The first session highlights card fraud & data compromise as well as payment card acceptance mechanisms and provides an overview of the PCI regulatory environment. The second session sheds light on the inherent vulnerabilities and threats to payment card processing. This session also focuses on the PCI DSS validation process and the preparation of a PCI DSS Report on Compliance (ROC). The third session is devoted to the 12 requirements of the PCI DSS. Each PCI DSS requirement is reviewed in depth, enabling participants to gain a better understanding of PCI DSS compliance validation requirements and regulatory processes.

This Course is tailored to meet the needs of a global audience, and will be delivered by a team of QSAs that have regional experience and expertise. Regional differences in PCI DSS compliance monitoring and validation will be addressed based on audience need. Acquiring banks, global merchants, service providers, enterprise corporations, will benefit from a better understanding of the role they play in enforcing and adhering to the PCI DSS.

AudienceThese sessions offer a practical and procedural overview of the PCI and the requirements of the PCI DSS to the following:

• Executives that play a role in the processing, storage, availability and protection of payment card data will benefit most from the full series.

• Senior executives, security consultants, project managers and internal auditors who play a role in the PCI DSS compliance validation process within their organizations will also benefit from the first half-day session.

• Banking & Payment Systems Department of CBN and others involved in supervising and regulating the payment services.

Topics/Course Schedule

3

CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING

Day OneCard Fraud & Data Compromise:

Attack vectors Elements of a successful attack Understanding the attackers mindset Social engineering Real vs perceived security Security procedures impact on real risk Systemic fraud Typical attacks Race condition attack Data acquisition as part of well organised attack How to recognize attack patterns for zero-day attack approach,

Day TwoIntroduction to the PCI Regulatory Environment:

• Identify the PCI regulatory bodies and stakeholders• Describe PCI transactions and security vulnerabilities• Identify merchant PCI DSS compliance obligations and workflow• Describe the PCI DSS 6 goals and 12 requirements Protecting

Payment Card Data and Managing Compliance (half day session):• Describe the inherent and increasing value of payment card data• Identify PCI data risks and threats• Describe common strategies for segmenting data networks,

protecting data at risk and controlling validation scope• Plan and manage a PCI DSS assessment engagement• Describe the sections of a PCI DSS compliant ROC

Day ThreeInterpreting the PCI DSS Requirements:

• Describe each PCI DSS security requirement• Interpret the intent of each requirement• Identify the accepted minimum controls to meet each requirement• Managing PCI DSS program • Sustaining Compliance

About TrustwaveTrustwave is a global leader in security and compliance, and are the experts when it comes to helping organisations comply with the Payment Card Industry Data Security Standard (PCI DSS). Utilizing this specialized knowledge, Trustwave developed the PCI DSS training course that provides a technical overview of the Payment Card Industry (PCI), its stakeholders and the security measures taken to guarantee the security of payment card data globally.

4

CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING

Participants in this series will go away with the knowledge necessary to understand the PCI DSS and how it impacts their respective organizations, as well as how to implement a full compliance validation and maintenance program.

Trustwave has the largest, most experienced team of QSAs, with more than 100 of Trustwave’s data security experts certified by the PCI Security Standards Council as QSAs. This certification enables QSAs to conduct on-site data security assessments for PCI DSS compliance. These experts are held to the highest standards, and QSAs must recertify every year by attending training and passing an exam.

Drawing on this wealth of global experience and insight into the PCI, Trustwave designed the PCI DSS Course Series to help organizations fulfil their PCI compliance obligations and build trust with their customers while empowering regulators with knowledge and capacity to support the stakeholders in securing customer card holder data.

5

CARD FRAUD PREVENTION AND PCIDSS COMPLIANCE TRAINING

Contact Details:For more information concerning this training course, please contact:

Peter Ejiofor - President/CEO Ethnos IT Solutions Ltd+234 (0)1 8447001, Cell: 08084074763pe@ethnosit.netwww.ethnosit.net

Victor Ekpu -Managing Consultant/CEOMindset Resource Consulting UKTel: +44 (0) 141 959 3189 | Mobile: +44 (0) 794 733 3314victor.ekpu@mindsetrc.co.uk www.mindsetrc.co.uk

RegistrationYou can register online thru: www.ethnosit.net/cardfraudtraining or our office: 15, Kusenla Road, Ikate Elegushi, Lekki Victoria Island Lagos. 01-8447001, 08084074763, mail@ethnosit.net

PaymentYou can either pay in the office or directly to the bank account that will be provided to you after registration.

ACCOUNT NAME: ETHNOS IT SOLUTIONS LTDAccount Numbers: 1012898672Bank: Zenith Bank PlcBranch: Idumagbo Branch, 82 Enu-Owa Street, Idumagbo, LagosBranh Sort Code: 057150039Bank Swift Code: ZEIBNGLA

Visa (If required)We would issue you Trustwave will send you invitation letter after registration with full payment

Any Other Information:Please contact: Peter Ejiofor - 15, Kusenla Road, Ikate Elegushi, Lekki Victoria Island Lagos. 01-8447001, 08084074763, pe@ethnosit.net

6