Roland bouman modern_data_warehouse_architectures_data_vault_and_anchor_modelling
TrustGuard presentatie - PCI brings more! - Hans Bouman
-
Upload
safeshopsbe -
Category
Technology
-
view
23 -
download
2
Transcript of TrustGuard presentatie - PCI brings more! - Hans Bouman
Bus
ines
s to
You
1992 – 2000Product manager e-Commerce
2001 - currentSecure eCommercewww.b2u.nl
2002 – 2005Country Manager Ogone
2006 - currentPreferred Partner www.internetkassa.com
2015 - currentEmail/SMS + payment linkwww.paybylink.eu
NL
Background
2015 - currentSales platform WebshopSolutionswww.webshopsolutions.com
Bus
ines
s to
You PCI as best practice for…
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &applicationbuilders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You PCI or other standards?
I S O 2 7 0 0 1 OTHER ALTERNATIVES
ATIS, ETSI, IEEE, IETF, ISO/IEC JTC 1, ITU-T, OASIS, 3GPP and 3GPP2
Bus
ines
s to
You PCI as best practice for…
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &applicationbuilders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You Credit cards vs Privacy Sensitive data
Basket/products
First name, Surname
Financial information
Credit card numbers
Storage: more and more in the CLOUD
Social Security Number
Passport numbers
Driver's license number
Delivery address
Mobile number
Email address
Date of Birth
Passwords
Bus
ines
s to
You Credit card rules OR LEGAL REASONS
EU Directive 95/46/EC “(46) Whereas the protection of the rights and freedoms of datasubjects with regard to the processing of personal data requiresthat appropriate technical and organizational measures be taken,both at the time of the design of the processing system and at thetime of the processing itself, particularly in order to maintainsecurity and thereby to prevent any unauthorized processing;whereas it is incumbent on the Member States to ensure thatcontrollers comply with these measures; whereas these measuresmust ensure an appropriate level of security, taking intoaccount the state of the art and the costs of theirimplementation in relation to the risks inherent in theprocessing and the nature of the data to be protected;”
Personal Data Protection Act
Bus
ines
s to
You Responsibility vs Liability
àThe OWNER of the domain.
àThe OWNER of the domain.
Who is responsible for the security of the website?
Who is legally liable?
àThe OWNER of the domain.
Who has to pay the costs and penalties?
Bus
ines
s to
You That’s easy: owner is 100% liable…
Hosting1Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
www.domain.nl
InternetDNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
login.domain.nl
Hosting2
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
SuppliersShoppingportals Logistics
Bus
ines
s to
You “So, where are your monitoring reports?”
“We have a great website builder with good reputation”“We have the most secure hosting company”
“It’s their risk a well, so they will manage it…”“Other companies check it, so…”
Bus
ines
s to
You How to involve suppliers?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You Hacked; blame your hosting & site builder…
Help hosting companies and site builders to get out this “who is responsible” discussions.
New website Hacked
Security maintenancedelivered and invoiced (Y/N)?
time line
Solution “PCI as zero-point”
Merchant responsibleHosting & site builders solve (& invoice) issues
time line
Bus
ines
s to
You How to involve all departments?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reportsMarketing
Partnerschain
protection
Bus
ines
s to
You Sorting options
Sorting on:• Severity• Scan
frequency• Domein• PCI-status• Port• Group• User
Bus
ines
s to
You All internal staff & external partners involved
and fully committedwww.domain.nl
Hosting1Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
InternetDNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Helpdesk
Responsible:Board
ManagersMayors
login.domain.nl
Hosting2
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
SuppliersShoppingportals Logistics
System ownersProgrammer
External partners Marketing
ExecutiveReport(PDF)
Bus
ines
s to
You How to involve partners?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You PCI/DSS 12.8 “shared c/h data”
www.domain.nl
Hosting1Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
InternetDNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
EmailserversHelpdesk
System ownersProgrammer
External partners Marketing
Responsible:Board
ManagersMayors
ExecutiveReport(PDF)
login.domain.nl
Hosting2
Websites(n)
Applications, CMS, scripts, XML-
interface, API’s
Firewalls, IDS, DMZ, Routers,
Gateways, Ports, Services,
Emailservers
SuppliersShoppingportals Logistics
Bus
ines
s to
You C/H example: BOOKING & Hotels
More and more non-creditcard companies demand PCI-certification !
Bus
ines
s to
You How to involve marketing?
Privacylegislation
Legalliability
QualitySyst.ownProgram.
Educatemerchants
Hostingissues
Website &application
builders
Management
& reports
Marketing
Partnerschain
protection
Bus
ines
s to
You PCI brings more… involvement & commitment
• PCI became a stable, clear and worldwide accepted standard• By positioning PCI/DSS next to CC’s also for privacy information,
it supports a more generic approach for other sectors • PCI-scanning provides a tool and checks to support & increase quality• Use PCI-reporting for employees, managers & partners, not only acquirers• Use PCI/DSS for shared information between companies (not acquirer driven)• Use security for trust and marketing, “Market your Security”
Bus
ines
s to
You
BUSINESS TO YOU
www.b2u.nlwww.trustguard.eu
www.webshopsolutions.com
Office: +31 (0)297 381303Email: [email protected]
THANK YOU