The Fork in the Road to PCI Compliance
|
|
- Solomon Ball
- 6 years ago
- Views:
Transcription
1 The Fork in the Road to PCI Compliance and How We Took It Purdue University April 24, 2017 Debra Wert Jefferson Hopkins
2 Yogi Berra If you come to a fork in the road, take it. Yogi Berra
3 University Environment The University has a mix of ecommerce, card present, and card not present operations at one primary and three regional campuses 35 SAQ A merchants - ecommerce uses TouchNet hosted sites or redirects 92 SAQ B merchants analog dialup terminals 11 SAQ C-VT merchants PC workstation to Internet 14SAQ D merchants non-redirected Website, Micros POS, Opera property management, multiple site Ticketmaster, multiple site Paciolan (Spectra)
4 University Network Environment
5 The Challenge End of life for CDE firewall Incorporating changing PCI DSS requirements As always, budget constraints Staff reductions in support areas Merchant requested scope expansion, wireless, remote, etc.
6 Do nothing Options to Compliance? Build a self-contained CDE that could be rolled out quickly with existing personnel at a reasonable cost that is PCI compliant Change the business process of merchants Scope reduction
7 Do Nothing Maintain non-compliant network appliances Report to acquirer as noncompliant Wait for the fines.
8 Full Replacement CDE Replace current environment with compliant network Creation of new physical server farm and multiple virtual servers POS sites connected to Data Center CDE via VPN workgroup firewall POS outbound traffic via proxy server
9
10 And the Cost?
11 High Level Worst Case Costs Infrastructure Acquisition Costs Maintenance Costs (14%) FTE* Notes Switches and Firewalls for 80 Network Client $150, $22, POS locations Network Servers $60, Switches and Firewalls for 2 $7, Data Center locations Virtual Environment $120, PCI Application Servers, System & Security $43, Management Support Infrastructure $75, Active Directory, Systems Monitoring, Systems $86, Management Licensing costs* $60, Potential Cost Backup $30, Dedicated hardware for $21, backup target Penetration Testing $25, ITCR $60, ITSP $ $68, Security Services + Pen Test Totals $520, $0.00 $308, Total Cost: $829, Set up time: 8-10 months
12 Full Outsource Designed for quick deployment Vendor manages all equipment and PCI requirements Minimal equipment and labor costs
13 Current Merchant Services Support Costs FTE Days Hours Hourly Rate Total Costs Treasury Costs ITIS - Hardware ITCR - Workstations Micros Opera ITSP Discovery Scanning $25, $45 $46, $45 $46, $45 $9, $46 $3, $42 $1,680 Salary & Wage $146,860 Fringes $42,682 Fee Remissions $975 Equipment - Captial & Non-Capital $1,200 Info Technology $15,600 Leasing & Maintenance $28,500 PCI Admin incorporated in Treasury Costs Other Expenses $500 Calumet/IPFW: Firewall review and maintenance 16 $42 $672 Supplies & Services $200 Calumet/IPFW/PNC: Rogue wireless review 8 $42 $336 Travel & Entertainment $6,800 Total IT Costs: $133,776 Treasury Total: $243,317 Treasury & IT Total $377,093 Supporting ITIS Information:
14 Full Outsource
15 Barebones CDE Designed to maintain compliancy of existing merchants as other scope options become available Relies on outsourced services and third-party agents on each workstation Vendor provided appliances located in the CDE
16
17 SneakerNet CDE Designed to support a small number of merchants for a short time in anticipation of scope reduction Updates, patches and password changes are accomplished at each computer and firewall with portable media Labor intensive to maintain and only tolerable for a brief duration
18 SneakerNet
19 SneakerNet CDE University Provided Hardware/Software Quantity Unit Cost Non-Recurring Recurring Total Workgroup Firewall - Cisco (5506-K9) 3 $ $ 2, Central Firewall w/ids - Cisco (5506-K9) 1 $ $ Unmanaged Switch - Allied (AT-FS708) 4 $ $ PC Vulnerability Scanner 1 $ 2, $ 2, Proxy Server Software: TBD 1 $ 2, $ 2, $ 8, $ 8, Services Required University Provided Hours Unit Cost Non-Recurring Recurring Workstation Build and Configuration 80 $ $ 3, Workstation Management Updates and Patching 60 $ $ 2, Desktop Support 24 $ $ 1, Proxy Server Build and Configuration 40 $ $ 1, Proxy Services Application Management 20 $ $ Firewall Build and Configuration 26 $ $ 1, Firewall OS Management Updates and Patching 28 $ $ 1, Firewall Ruleset Configuration and Management 80 $ $ 3, Firewall Ruleset Review - Bi-Annual 80 $ $ 3, Log Alert/SEIM Response and Remediation 80 $ $ 3, Internal Vulnerability Review and Remediation 80 $ $ 3, $ 9, $ 16, $ 26, Services Provided Outsource Quantity Months Non-Recurring Recurring Endoinpoint Security - File Integrity Monitoring Endoinpoint Security Anti-Virus Endoinpoint Security Policy Monitoring $ 2, Managed Compliance Monitoring 12 $ 11, Monitoring Hardware & Install $ 2, Onsite Install & Travel Expenses $ 2, VPN 12 $ 1, Penetration Testing Annual $ 25, $ 4, $ 39, $ 44, $ 22, $ 56, $ 78,804.60
20 Walter T. Conway If you want to be PCI compliant, go back to dial-up terminals. No, really. I mean it! Donations can be made to the Walter T. Conway, Jr. Fund at Episcopal Community Services, 165 Eighth Street, 3rd Floor, San Francisco, CA 94103, or online at
21 Scope Reduction Assessed all merchants to determine the best way to and the probability of reducing the scope of their operation Surveyed available encryption solutions and probability and timing of deployment Determined merchants that could change business processes Analog dial-up terminals ecommerce Website change to redirect
22 The Inevitability of EMV EMV is being deployed by most POS providers P2PE is being simultaneously incorporated by most POS providers Delay caused by technical complexity of EMV interfaces Acquirers were slow to on-board new POS EMV providers
23 A Sales Effort Present all options for compliancy and a recommendation Cost scenarios Time to implementation University impact
24 Mandate Either Create a new Compliant Cardholder Data Environment Or Change the Business Process and Mandate Encryption
25 Mandate Identified strategy for Scope Reduction Garnered support from Sr staff in IT/Business Requested a university wide communication from the VP s of Information Technology and Office of the Treasurer Communicated target date to implement P2pE or order analog dialup terminals.
26 Mandate High-powered patrons Senior Vice President and Assistant Treasurer Vice President for Information Technology and Chief Information Officer Mandated either encrypted solution or reversion to analog dial-up terminals Also mandated EMV
27 Mandate It is crucial for your merchant team to take immediate action to implement a solution that is EMV enabled and utilizes P2PE as quickly as possible prior to October 14, If a P2PE/EMV solution is not available from your vendor prior to that date, you will need to coordinate with Treasury Operations to order analog payment card readers as an alternative to meet compliance before December 1, 2016.
28 Merchant Response Expressed concern about impact to their operational/business processes. Sought commitment from merchant management for resources to address issue Willing to talk with Vendors and peers as to solutions available to reduce scope.
29 Investigating Solutions PUSHING POS vendors to identify P2PE solutions Working with merchants to pressure their vendors Using the PCI Listserve to coordinate efforts Educating POS vendors
30 Determining Direction Identifying the best option Working with POS vendors to provide documentation Determining if the solution can interface with our acquirer Determining a timeline Working with merchants to determine costs of solution Calming our merchants
31 The Timeline Dilemma Parking Control Oracle and MICROS and OPERA Success of Ticketmaster, Spectra, imodules PREMIS Website conversion Rack & Roll
32 Deployment Timeline Scope Reduction Estimate ACTUAL ACTUAL Projected Projected Completion Actual Completion ACTIVITY START DURATION Club Prophet (Golf) 9 8 Enterprise Facilities Management (Parking) 1 12 PREMIS Servers 1 21 MICROS 9 16 OPERA 13 8 Conqueror Qubicam AMF - Rack & Roll 25 6 Spectra (Paciolan) 1 25 United Healthcare - PUSH 1 1 QS1 - Pharmacy 1 1 Regional Bursars Touchnet Cashiering 1 1 Ticketmaster 1 V Neulion (IPFW) 1 V UDO imodules PREMIS Client 1 21 Busar Kiosks (West Lafayette) 1 M January February March April May June July August September New Cardholder Data Environment Creation V = Vendor has not specified (Card present transaction, EMV) N = Vendor has not specified (Card not present transaction) M = Dependant on management decision
33 The Procurement Process Obtained resources from Contracting team to focus on service agreements and equipment contracts. Required appropriate liability and PCIDSS compliance language in all documents. Requested vendor commitment that all solutions/equipment could be implemented within our timeline.
34 Working with the Solution Providers Chase Payment Solutions - Ingenico/Exadigm Touchnet Information Systems - Redirects Blue Fin - Spectra, Imodules Freedom Pay - Micros Ticketmaster Hardware Solution Club Prophet Shift 4 Parking 3c Payments
35 Implementation University Development Office Athletics Continuing Education and Conferences Hall of Music Retail Shops Parking Purdue Memorial Union Hotel
36 Gotchas! Timeline for upgrade of Oracle products Timeline for solution on OPERA Change of Parking application and hardware Being the FIRST implementation for some solution providers Not all solutions are P2PE validated
37 Benefits Reduced compliancy and reporting requirements Enhanced Security Greatly reduced costs of maintaining compliancy Staff hours Third-party services, scanning and penetration tests
38 Security Benefits Greatly enhanced security environment Remaining attack vectors Skimming devices and overlays (magstripe) Dishonest employee ecommerce re-directs and inline frame compromise ecommerce fraud
39 The Overlay
40 Business as Usual Focus on skimming education and prevention Focus on enhancing security of existing ecommerce Focus on device inspection and inventory Redesign compliancy process to business as usual Ongoing efforts to validate E2EE solutions and convert to P2PE when possible
41 We Started with This:
42 And Ended with This:
C&H Financial Services. PCI and Tin Compliance Basics
C&H Financial Services PCI and Tin Compliance Basics What Is PCI? (Payment Card Industry) Developed by the PCI Security Standards Council and major payment brands For enhancing payment account data security
More informationIntroduction. Scott Jerabek. The CBORD Group. Product Manager
PCI Compliance Introduction Scott Jerabek Product Manager The CBORD Group Founded in 1975 Foodservice, Campus Card and Security solutions to College and University and Healthcare markets CBORD Product
More informationMerchant Services What You Need to Know. Agenda 6/5/2017. Overview of Merchant Services. EMV, Tokenization/Encryption, and PCI (Oh My!
Merchant Services What You Need to Know Heather Nowak VP, CPP Senior Product Manager Agenda Overview of Merchant Services Why accept cards? What you need to know/consider Capabilities/Pricing/Contract
More informationSAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS
SAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS To protect your environment against payment data theft, you first have to understand how you accept payments. What kind of equipment do you use, who
More informationORACLE HOSPITALITY HOTEL CONSULTING SERVICE DESCRIPTIONS November 3, 2017
ORACLE HOSPITALITY HOTEL CONSULTING SERVICE DESCRIPTIONS November 3, 2017 TABLE OF CONTENTS Service Offerings CONSULTING SERVICE OFFERINGS Part Number ORACLE HOSPITALITY HOTEL PROPERTY MANAGEMENT SYSTEM
More informationPayment Card Industry Compliance. May 12, 2011
Payment Card Industry Compliance May 12, 2011 Agenda 1. Common Terms 2. What is PCI? 3. How Does PCI Impact YOU? 4. Levels of PCI Compliance 5. Self-Assessment Questionnaire (SAQ) 6. PCI High Level Overview
More informationSystem and Server Requirements
System and Server Requirements January 2019 For GreeneStep ERP, CRM, Ecommerce, Customer/Supplier Collaboration, Management Dashboards and Web Access Products Suite ON-PREMISE DEPLOYMENT MODEL & HOSTED
More informationCREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administration Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting Services
More informationAdopted Budget Personnel Services $ 994,440 $ 846,322 $ 1,157,260 $ 901,485 Materials & Services 710, ,850 1,153,653 1,528,524
Information Technology Program Description Fund 10 Directorate 02 Division 70 Department 215 The Information Technology (IT) Department is responsible for supporting the District's computing infrastructure,
More informationORACLE HOSPITALITY CLOUD CONSULTING SERVICE DESCRIPTIONS October 19, 2017
ORACLE HOSPITALITY CLOUD CONSULTING SERVICE DESCRIPTIONS October 19, 2017 TABLE OF CONTENTS Service Offerings CONSULTING SERVICE OFFERINGS Part Number ORACLE HOSPITALITY FOOD AND BEVERAGE POINT OF SALE
More informationPCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS
TRAILS INSIDERS LOGS MODEL PCI Compliance What It Is And How To Maintain It PCI COMPLIANCE WHAT IT IS AND HOW TO MAINTAIN IT HACKERS APPS BUSINESS PCI AUDIT BROWSER MALWARE COMPLIANCE VULNERABLE PASSWORDS
More informationPCI DSS Security Awareness Training. The University of Tennessee and The University of Tennessee Foundation. for Credit Card Merchants at
PCI DSS Security Awareness Training for Credit Card Merchants at The University of Tennessee and The University of Tennessee Foundation Presented by UT System Administration Information Security Office
More informationUnderstanding the SAQs for PCI DSS v3.0
Understanding the SAQs for PCI DSS v3.0 The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers report the results of their PCI DSS self-assessment.
More informationStraight Answers on PCI and EMV
Straight Answers on PCI and EMV Gray Consulting November, 2015 Why We Are All Here This presentation is an attempt to demystify the challenges faced by the car wash industry, in dealing with secure, electronic
More informationPCI Information Session. May NCSU PCI Team
PCI Information Session May 2014 - NCSU PCI Team Agenda PCI compliance process Security Training Why compliance is important PCI DSS update from NCSU ISA 2014 attestation process Questions PCI Compliance
More informationKACE SYSTEM MANAGEMENT APPLIANCE (SMA) ONSITE QUICKSTART (5 DAYS)
KACE SYSTEM MANAGEMENT APPLIANCE (SMA) ONSITE QUICKSTART (5 DAYS) Description This consultative service includes implementation and consulting service with respect to establishing of the KACE Systems Management
More information6. Understand Modern security and EMV payment authorization compliance, today s POS
Eight Step Checklist for Retailers Making the Move to a New POS System For many years, point of sale was simply a process to sell products to a customer and capture payment. As more functionally was needed,
More informationThe Changing Landscape of Card Acceptance
The Changing Landscape of Card Acceptance Troy Byram Vice-President Sr. E-Receivables Consultant February 6, 2015 Agenda EMV (Chip and Pin) PCI Compliance and Data Security New Regulations for Municipalities
More informationesocket POS Integrated POS solution Knet
esocket POS Integrated POS solution Knet 1 Summary Since 1994 when the first POS devise was deployed in the market, Knet had recognized the importance of this service and did take it up on it self to invest
More informationEngaging campus experience with transaction solutions CACUBO annual meeting
Engaging campus experience with transaction solutions 2017 CACUBO annual meeting Who we are 2 Dedicated to higher education 1,000+ Transaction solution clients Serve 2,100+ clients in 60 countries Staff
More informationWirecard CEE Integration Documentation
Created on: 20180827 02:16 by Wirecard CEE Integration Documentation () Created: 20180827 02:16 Online Guides Integration documentation 1/6 Created on: 20180827 02:16 by Securing your Online Shop Please
More informationFI0311 Credit Card Processing
FI0311 Credit Card Processing Topics: General Policy Scope Responsibilities Merchant Approval Process Requirements Noncompliance with Policy Procedures Forms Attachments Contact Outsource Requirements
More informationAttachment 2: Merchant Card Services
Attachment 2: Merchant Card Services Overview The County s primary purpose in seeking proposals for merchant card services is to provide a variety of card payment options and services to County customers
More informationSemi-Integrated EMV Payment Solution
acceo tender retail Semi-Integrated EMV Payment Solution tender-retail.acceo.com Take control of your payment transactions ACCEO Tender Retail is a semi-integrated payment middleware solution that handles
More informationCLOUD SOFTWARE, ACTIONABLE DATA, SCALABLE SOLUTIONS:
CLOUD SOFTWARE, ACTIONABLE DATA, SCALABLE SOLUTIONS: AS THE RESTAURANT INDUSTRY CHANGES, THESE ARE JUST A FEW ITEMS THAT ABSOLUTELY HAVE TO BE ON YOUR MENU The restaurant industry is changing at an unprecedented
More informationQuestions and Answers. For. NETWORK Services RFP #
Questions and Answers For NETWORK Services RFP # 13170501 1. Can a tour of the supported facilities be available to be scheduled this week or next week?*, not at this time 2. Can the points of contacts
More informationThe Evolution of Payments on Campus
The Evolution of Payments on Campus Mark Lucas, VP, Managed Services Senior Strategist, Higher Education CISSP, CISA, ASV, CGEIT, QSA, MCSD January 2014 Agenda I. About Coalfire II. III. IV. Campus Card
More informationEnd-User IT Outsourcing Contract Number DIR-TSO-3666
CATEGORY Management Services Provisioning of Equipment DESCRIPTION The management of customer owned equipment or vendor provided equipment. This category includes any information technology equipment that
More informationCOLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY
COLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY Effective Date: August 31, 2009 Latest Revision: March 28, 2017 Policy Statement This policy establishes the requirements for the acceptance
More informationPCI Toolkit
PCI Toolkit The following document will define "PCI-DSS" (The Payment Card Industry Data Security Standard) and why it is important for your business. As always, if you need further assistance, please
More informationREQUEST FOR PROPOSALS
` REQUEST FOR PROPOSALS Delivery of Information Technology Services Scott Simon Executive Director Greg Beck Assistant Executive Director/Point of Contact Response Deadline March 29, 2019 4:00 PM Page
More informationPCI & Small Merchant Compliance: What Does the Future Hold? Presenter: Chris Bucolo, ControlScan, Inc.
PCI & Small Merchant Compliance: What Does the Future Hold? Presenter: Chris Bucolo, ControlScan, Inc. Agenda Housekeeping Presenters About Conexxus Presentation Q & A 2 Housekeeping This webinar is being
More informationFebruary 19, RE: Addendum No. 1 Request for Proposal No IT Asset Management Solution. Dear Offeror:
February 19, 2016 RE: Addendum No. 1 Request for Proposal No. 10048 IT Asset Management Solution Dear Offeror: This notice shall serve as Addendum No. 1 to the aforementioned Request for Proposal ( RFP
More informationService Planning Survey
Attachment A Service Planning Survey Westchester Medical Center Information Systems Endoscopy Documentation and Imaging System Westchester Medical Center 15 Oval Connector Elmwood Hall Information Systems
More informationVersion 7.4 & higher is Critical for all Customers Processing Credit Cards!
Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software met the latest credit card processing requirements with its release of Version 7.4 due to the recently
More informationCITY OF KOTZEBUE REQUEST FOR PROPOSAL ADMINISTRATION IT SERVICES FOR FY18 REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES
CITY OF KOTZEBUE REQUEST FOR PROPOSAL 18-01 ADMINISTRATION IT SERVICES FOR FY18 REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES Vendors are required to provide as much detail as possible in
More informationFTFS. Fault Tolerant Financial Systems
FTFS Fault Tolerant Financial Systems Fault Tolerant Financial Systems - FTFS - is the modular solution designed to support Enterprises and Financial Institutions in channel management for POS, self service,
More informationZynstra Retail Edge Software Suite
Powering the Retail Edge Zynstra Retail Edge Software Suite Solution Brief Zynstra enables retailers to deliver superior customer and employee experiences through faster innovation and radically reduces
More informationCybex Systems Release 8.2
Release 8.2 POS, Head Office, Advanced Series www.cybexsystems.com Ongoing investment in technology Crystal Reports, Microsoft SQL Server 2005.Net Framework Visual studio 2008 Advanced Series, Visual Studio
More informationHow To have Your Own. Payment Gateway
How To have Your Own Payment Gateway Introduction...1 Do I Need My Own Payment Gateway?...2 Is A White Label Payment Gateway A Sensible Solution?...4 What Is A True Self-Hosted Payment Gateway?...5 Is
More informationGoal 1: CONTINUED DEVELOPMENT OF ADVANCED TECHNICAL SERVICES
INFORMATION TECHNOLOGY SERVICES University Technology Administration, Infrastructure and Support Computing Technology Support Fiscal Year 2016-2017 Overview Computing Technology Support provides centralized
More informationPerformance with a single touch
Need stock and employees control? Need fast check-out time and loyal customers? Need a powerful POS without implementation headaches? Your search is over! Performance with a single touch Whether you open
More informationFOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION
FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions PAYMENTS IN-STORE PAYMENTS ON-THE-GO PAYMENTS ONLINE Accept
More informationStreamline PCI Compliance in a Diverse Hospital Environment
Streamline PCI Compliance in a Diverse Hospital Environment Session #212, February 14, 2019 Philip Napier, Director, Enterprise Information Security, Bon Secours Health System Jon Bonham, Principal, Coalfire
More informationfalanx Cyber PCI-DSS: How can your organisation achieve and maintain compliance?
falanx Cyber PCI-DSS: How can your organisation achieve and maintain compliance? Contents What is PCI-DSS? 3 What type of organisation needs to be PCI-DSS compliant? 3 What do you need to achieve PCI-DSS
More informationPart IV: Developing an Extended Network Enterprise Part V: Obtaining Value beyond the Basic Enterprise
Contents at a Glance Introduction... 1 Part I: Developing the Architecture... 7 Chapter 1: Planning for Enterprise Realignment...9 Chapter 2: Exploring Tasks, Roles, and Tools...17 Chapter 3: Pondering
More informationSolving the PCI Puzzle with New Rules and Strategies
Solving the PCI Puzzle with New Rules and Strategies May 8, 2018 Austin, TX 1:00 pm 2:00 pm Kristy Pritchett, Director of Student Accounts University of Alabama John McElroy, Product Strategy TouchNet
More informationMATRIX PRIMUS BRAZIL ENTERPRISE and Residential VOIP PLATFORM
MATRIX PRIMUS BRAZIL ENTERPRISE and Residential VOIP PLATFORM This document describes the features, functionalities and implementation process of Primus Brazil s Open Source VoIP platform. Brief feature
More informationKACE Remote QuickStart (for KACE Systems Management Appliances)
KACE Remote QuickStart (for KACE Systems Management Appliances) Description The KACE Remote QuickStart service is a custom-tailored implementation solution designed to assist you with the initial implementation
More informationGetting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know
January 2015 Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2015 Heartland Payment
More informationtripos: Building a next generation POS starts with the right payment solution
tripos: Building a next generation POS starts with the right payment solution 1 Developers of integrated point of sale (POS) applications face a variety of challenges. From the shift to EMV, to concerns
More informationEMV: GET READY. Michelle Thornton, CO-OP Financial Services
EMV: GET READY Michelle Thornton, CO-OP Financial Services EMV Technology EMV and Chip Used Interchangeably In essence it replaces the functionality of magstripe with a computer chip making it nearly impossible
More informationREPORT EXTEND THE VALUE OF SAP TO LABOR MANAGEMENT
REPORT EXTEND THE VALUE OF SAP TO LABOR MANAGEMENT Corporate Headquarters Nucleus Research Inc. 100 State Street Boston, MA 02109 Phone: +1 617.720.2000 Nucleus Research Inc. THE BOTTOM LINE Most companies
More informationZynstra Software for the Retail Edge Datasheet
Powering the Retail Edge Zynstra Software for the Retail Edge Datasheet Zynstra enables the virtualization of retail back office and front office IT resources, and offers specific virtualization solutions
More informationMISCELLANEOUS REVENUE Miscellaneous Revenue 2,324,944 3,098,902 3,415,792 3,415,792
COUNTY OF MADERA Department: Information Technology BUDGET UNIT DETAIL 00240 BUDGET FOR THE FISCAL YEAR 2018-19 Function: General Activity: Other General Fund: General ESTIMATED REVENUES: BOARD DEPARTMENT
More informationSeverity Definitions. 24x7 Continuous Support
Severity Definitions Fast-Track support requests are prioritized by severity level (see Table 1, Severity Levels). RightStar will endeavor to resolve all issues as quickly as possible. Table 2. Severity
More informationSecuring Intel s External Online Presence
IT@Intel White Paper Intel IT IT Best Practices Information Security May 2011 Securing Intel s External Online Presence Executive Overview Overall, the Intel Secure External Presence program has effectively
More informationManaged IT Services OUR TECHNOLOGY & DELIVERABLES
Managed IT Services OUR TECHNOLOGY & DELIVERABLES Executive Summary s a CIO, the decision to self-manage or to rely on a third party to manage and maintain your IT infrastructure has always been an important
More informationCCV s self-service payment solutions drive PCI-DSS-compliant security
CCV s self-service payment solutions drive PCI-DSS-compliant security White Paper July 2016 1. Introduction This white Paper discusses the basic differences between the current PCI-DSS and the P2PE rules
More informationMITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates. An NCR white paper
MITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates An NCR white paper Don t let your aging ATM network put you at risk of non-compliance and the threat of liability for fraudulent transactions.
More informationSelf-Assessment Questionnaire (SAQ) A and Attestation of Compliance Guidance Document. Self-Assessment Questionnaire A
Self-Assessment Questionnaire (SAQ) A and Attestation of Compliance Guidance Document The intent of this guidance document is to assist Payment Card Managers in completing their PCI DSS Self-Assessment
More informationTHREE YEAR ON-SITE COMPREHENSIVE IT SERVICES FOR THE DES PLAINES PUBLIC LIBRARY, No
THREE YEAR ON-SITE COMPREHENSIVE IT SERVICES FOR THE DES PLAINES PUBLIC LIBRARY, No. 09-2016 The Des Plaines Public Library (DPPL) is requesting proposals from qualified IT service companies (hereinafter
More informationWe help solve business problems with technology
We help solve business problems with technology THE MICRO SOLUTIONS WAY VISION The vision of Micro Solutions is to ease our client s business pain and increase their productivity and profitability through
More informationLiverpool Hope University
Liverpool Hope University PCI DSS Policy Date Revision/Amendment Details & Reason Author 26th March 2015 Updates G. Donelan 23rd June 2015 Audit Committee 7th July 2015 University Council 1. Introduction
More informationUnattended Payment Terminal
UPT Vendors Terminal vendors Merchants Unattended Payment Terminal Best Practice: Unattended Payment Terminal - Ver D Final Type: Security 31 October 2011 In brief In (Payment Card Industry (PCI) PIN Tansaction
More informationOHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017
OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017 REQUEST FOR PROPOSALS TO PROVIDE CREDIT CARD PROCESSING SERVICES TO THE OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION ADDENDUM
More informationCA Network Automation
PRODUCT SHEET: CA Network Automation agility made possible CA Network Automation Help reduce risk and improve IT efficiency by automating network configuration and change management. Overview Traditionally,
More informationMaintenance and Service Interruption Alerts (archived)
Maintenance and Service Interruption Alerts (archived) 6/1/2018 12:00 pm EDT Paya has turned off communication via any protocol below TLS 1.2 as part of PCI Compliance At 12 pm EDT on Friday, June 1st,
More informationRequest for Proposal (RFP) for Purchase of service of inac-i6
Background As for Bank's mission to outreach in the card market and expand the card business, KBZ Bank is rapidly expanding its card acceptance base. KBZ Bank has strong brand equity in its core customer
More informationCREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 04/29/2016
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 04/29/2016 Updated: April 29, 2016 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
More informationOracle s Hyperion System 9 Strategic Finance
Oracle s Hyperion System 9 Strategic Finance June 2007 Light Use... 3 Heavy Use... 3 Client Machine... 3 Server Machine... 3 Client Machine... 3 Server Machine... 3 Data Integration... 3 The Hyperion System
More informationProtecting Payments Throughout the Ecosystem. Emma Sutcliffe Senior Director, Data Security Standards PCI Security Standards Council
Protecting Payments Throughout the Ecosystem Emma Sutcliffe Senior Director, Data Security Standards PCI Security Standards Council PCI Security Standards Council Founded in 2006 Guiding open standards
More informationMerchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014
Merchant Considerations for U.S. Chip Migration EMV Migration Forum/National Retail Federation September 2014 2 About the EMV Migration Forum The EMV Migration Forum is a cross-industry body focused on
More informationMerchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014
Merchant Considerations for U.S. Chip Migration EMV Migration Forum/National Retail Federation September 2014 2 About the EMV Migration Forum The EMV Migration Forum is a cross-industry body focused on
More informationNexo 2016 Annual Conference Arnaud Crouzet. Lessons learned in implementing and deploying standards
Nexo 2016 Annual Conference Arnaud Crouzet Lessons learned in implementing and deploying standards Faire disparaitre, rendre l acte de paiement Our journey into the standards 2012: our vision 1. The payment
More informationTransaction Management & Payment Solutions
Transaction Management & Payment Solutions SmartCard Marketing Systems Inc (SMKG:OTC) specializes in development of Payment & Incentive solutions as a service. Our team is dedicated from development to
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE Last Reviewed: December 13, 2017 Last Updated: December 19, 2017 PCI DSS Version: v3.2, rev 1.1 Prepared for: The
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
4:15 5:30 May7, 2018 Room 230 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Rafiu Ighile Chief Business and Technology Officer Howard County Public School System,
More information1.1.1 Timeline of Key Events
CLARIFICATIONS Modifying the deadline for proposal submission to accommodate extended period needed for responding to written questions. 1.1.1 Timeline of Key Events Reference Section Section 1.2.2 Section
More informationEMV and Educational Institutions:
October 2014 EMV and Educational Institutions: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks,
More informationGENERAL INFORMATION. Title: IT Systems and Infrastructure Administrator. Classification: Exempt
GENERAL INFORMATION Title: IT Systems and Infrastructure Administrator Classification: Exempt Reports to: Director of Technology and Digital Initiatives Date: 6/1/18 JOB DESCRIPTION Summary/Objective The
More informationICT budget and staffing trends in Germany
ICT budget and staffing trends in Germany Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... Error! Bookmark not 1.1 Introduction... Error! Bookmark not 1.2
More informationPosition Description. Job Summary: Campus Job Scope:
Position Description Requisition # 03020430 Position Number: 02019533 Dept: ENT APPS & INFRASTRUCTURE SVCS - 061419 Position: WINDOWS SYSTEM APPLICATION ADMINISTRATOR Approved Payroll Title 0520 Code:
More informationRisk-based Approach to PCI DSS Validation
Risk-based Approach to PCI DSS Validation Ingo Noka Regional Head, Data Security & ERM 25 June 2009 PCI SSC risk prioritized roadmap Milestone One Remove sensitive authentication data and limit data retention
More informationThe complete IT management solution
The complete IT management solution Introducing totalit totalit is much more than an IT support contract. totalit is a complete IT department. We take care of everything from supporting end users with
More informationJOHN W. R. SHAFFER 251 Middlebrook Dr. Fairfield CT 06824
JOHN W. R. SHAFFER 251 Middlebrook Dr. Fairfield CT 06824 203-767-0746 john_shaffer@hotmail.com CIO/CTO/VP INFORMATION TECHNOLOGY Technology executive with excellent strategic vision able to manage information
More informationWelcome. Reducing Your IT Costs. What do you hope to learn today? Please take a moment to fill out a yellow card.
Welcome Reducing Your IT Costs What do you hope to learn today? Please take a moment to fill out a yellow card. Our presenters will review the cards to ensure we cover the topics of interest. We will collect
More informationTHE UNIVERSITY OF GEORGIA INTERNAL AUDITING DIVISION INTERNAL CONTROL QUESTIONNAIRE GENERAL
GENERAL BACKGROUND MATERIAL A. Please provide an organization chart which shows lines of authority and responsibility for the unit. B. What department code(s) does your Office manage? C. Who is the contact
More informationPayment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide
Payment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide Prepared for: University of Tennessee Merchants 12 May 2015 Prepared by: University of Tennessee System Administration
More informationRequest for Proposal
Request for Proposal Outsourced IT & Managed Services Issued Date 10/13/17 Submission Deadline 11/3/17 RFP Coordinator: Scott deoliveira (779)777-7274 sdeoliveira@dekalbparkdistrict.com 1403 Sycamore Road,
More informationLIBRARIES OF MIDDLESEX AUTOMATION CONSORTIUM TECHNOLOGY PLAN,
LIBRARIES OF MIDDLESEX AUTOMATION CONSORTIUM TECHNOLOGY PLAN, 2007-2010 VISION: The Libraries of Middlesex Automation Consortium (LMxAC) provides cutting edge electronic library services to the patrons
More informationE M V O V E R V I E W. July 2014
E M V O V E R V I E W July 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution Decisions Market Certification Considerations Questions 2 E M V
More informationPayment Gateway Overview. Get familiar with credit card processing & our platform
Payment Gateway Overview Get familiar with credit card processing & our platform What Do Merchants Need to Be Successful Online? Understanding all of the working parts involved in your merchant customers
More informationWhat Do Merchants Need to Be Successful Online?
What Do Merchants Need to Be Successful Online? Understanding all of the working parts involved in your merchant customers success online Domain Registrar Web/App Developer Web Hosting Shopping Cart Accepting
More informationIBM Tivoli Configuration Manager
Comprehensive control over hardware and software across the enterprise IBM Tivoli Configuration Manager Highlights Provide comprehensive control Drive automated compliance for enterprise-wide software
More informationIT Sample Duties and Responsibilities Statements BAND A POSITION CONCEPT: ENTRY / INTERMEDIATE / INDEPENDENT WORKER
Multi-user System Administration Systems & Services Administration Installs, tests, implements, monitors, tunes, and maintains all related software products Rack-mounts servers and installs server hardware
More informationCHAPTER 9 Electronic Commerce Software
CHAPTER 9 Electronic Commerce Software 2017 Cengage Learning. May not be scanned, copied or duplicated, or posted to a. publicly accessible website, in whole or in part, except for use as permitted in
More informationPayment Card Industry Data Security Standard Compliance: Key Players and Relationships. By Jason Chan
WHITE PAPER: ENTERPRISE SECURITY SERVICES Payment Card Industry Data Security Standard Compliance: By Jason Chan White Paper: Enterprise Security Services Payment Card Industry Data Security Standard
More informationE-Certification, JC. 350 Office of Superintendent of Public Instruction Budget Period:
Agency: 350 Office of Superintendent of Public Instruction Budget Period: 2009-11 Recommendation Summary Text (Short Description): Superintendent Dorn requests $1,651,380 to develop and implement an online
More informationBest Practices for Securing E-commerce
Standard: PCI Data Security Standard (PCI DSS) Date: April 2017 Authors: Best Practices for Securing E-commerce Special Interest Group PCI Security Standards Council Information Supplement: Best Practices
More information