Bus

ines

s to

You

PCI brings more !

Hans Bouman

26th of JanuaryAntwerpen - Belgium

Bus

ines

s to

You

1992 – 2000Product manager e-Commerce

2001 - currentSecure eCommercewww.b2u.nl

2002 – 2005Country Manager Ogone

2006 - currentPreferred Partner www.internetkassa.com

2015 - currentEmail/SMS + payment linkwww.paybylink.eu

NL

Background

2015 - currentSales platform WebshopSolutionswww.webshopsolutions.com

Bus

ines

s to

You

Marketing Payments Security Webshop Support

www.webshopsolutions.com

Bus

ines

s to

You PCI as best practice for…

Privacylegislation

Legalliability

QualitySyst.ownProgram.

Educatemerchants

Hostingissues

Website &applicationbuilders

Management

& reports

Marketing

Partnerschain

protection

Bus

ines

s to

You WWW.PCISECURITYSTANDARD.ORG

Bus

ines

s to

You PCI is so… credit card focussed

Bus

ines

s to

You PCI is so… credit card focused

Bus

ines

s to

You PCI or other standards?

I S O 2 7 0 0 1 OTHER ALTERNATIVES

ATIS, ETSI, IEEE, IETF, ISO/IEC JTC 1, ITU-T, OASIS, 3GPP and 3GPP2

Bus

ines

s to

You Stay in line with acquirers => PCI/DSS

Bus

ines

s to

You PCI as best practice for…

Privacylegislation

Legalliability

QualitySyst.ownProgram.

Educatemerchants

Hostingissues

Website &applicationbuilders

Management

& reports

Marketing

Partnerschain

protection

Bus

ines

s to

You Credit cards vs Privacy Sensitive data

Basket/products

First name, Surname

Financial information

Credit card numbers

Storage: more and more in the CLOUD

Social Security Number

Passport numbers

Driver's license number

Delivery address

Mobile number

Email address

Date of Birth

Passwords

Bus

ines

s to

You Credit card rules OR LEGAL REASONS

EU Directive 95/46/EC “(46) Whereas the protection of the rights and freedoms of datasubjects with regard to the processing of personal data requiresthat appropriate technical and organizational measures be taken,both at the time of the design of the processing system and at thetime of the processing itself, particularly in order to maintainsecurity and thereby to prevent any unauthorized processing;whereas it is incumbent on the Member States to ensure thatcontrollers comply with these measures; whereas these measuresmust ensure an appropriate level of security, taking intoaccount the state of the art and the costs of theirimplementation in relation to the risks inherent in theprocessing and the nature of the data to be protected;”

Personal Data Protection Act

Bus

ines

s to

You Responsibility vs Liability

àThe OWNER of the domain.

àThe OWNER of the domain.

Who is responsible for the security of the website?

Who is legally liable?

àThe OWNER of the domain.

Who has to pay the costs and penalties?

Bus

ines

s to

You That’s easy: owner is 100% liable…

Hosting1Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

www.domain.nl

InternetDNS

www.domain2.nl

Hosting3

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

login.domain.nl

Hosting2

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

SuppliersShoppingportals Logistics

Bus

ines

s to

You “So, where are your monitoring reports?”

“We have a great website builder with good reputation”“We have the most secure hosting company”

“It’s their risk a well, so they will manage it…”“Other companies check it, so…”

Bus

ines

s to

You How to involve suppliers?

Privacylegislation

Legalliability

QualitySyst.ownProgram.

Educatemerchants

Hostingissues

Website &application

builders

Management

& reports

Marketing

Partnerschain

protection

Bus

ines

s to

You Hacked; blame your hosting & site builder…

Help hosting companies and site builders to get out this “who is responsible” discussions.

New website Hacked

Security maintenancedelivered and invoiced (Y/N)?

time line

Solution “PCI as zero-point”

Merchant responsibleHosting & site builders solve (& invoice) issues

time line

Bus

ines

s to

You How to involve all departments?

Privacylegislation

Legalliability

QualitySyst.ownProgram.

Educatemerchants

Hostingissues

Website &application

builders

Management

& reportsMarketing

Partnerschain

protection

Bus

ines

s to

You Dashboard

Bus

ines

s to

You Scans overview

Bus

ines

s to

You Sorting options

Sorting on:• Severity• Scan

frequency• Domein• PCI-status• Port• Group• User

Bus

ines

s to

You Detailed information & links

Bus

ines

s to

You Scans per device & PCI-reports

Bus

ines

s to

You Multiple reports

Bus

ines

s to

You All internal staff & external partners involved

and fully committedwww.domain.nl

Hosting1Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

InternetDNS

www.domain2.nl

Hosting3

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

Helpdesk

Responsible:Board

ManagersMayors

login.domain.nl

Hosting2

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

SuppliersShoppingportals Logistics

System ownersProgrammer

External partners Marketing

ExecutiveReport(PDF)

Bus

ines

s to

You How to involve partners?

Privacylegislation

Legalliability

QualitySyst.ownProgram.

Educatemerchants

Hostingissues

Website &application

builders

Management

& reports

Marketing

Partnerschain

protection

Bus

ines

s to

You PCI/DSS 12.8 “shared c/h data”

www.domain.nl

Hosting1Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

InternetDNS

www.domain2.nl

Hosting3

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

EmailserversHelpdesk

System ownersProgrammer

External partners Marketing

Responsible:Board

ManagersMayors

ExecutiveReport(PDF)

login.domain.nl

Hosting2

Websites(n)

Applications, CMS, scripts, XML-

interface, API’s

Firewalls, IDS, DMZ, Routers,

Gateways, Ports, Services,

Emailservers

SuppliersShoppingportals Logistics

Bus

ines

s to

You C/H example: BOOKING & Hotels

More and more non-creditcard companies demand PCI-certification !

Bus

ines

s to

You How to involve marketing?

Privacylegislation

Legalliability

QualitySyst.ownProgram.

Educatemerchants

Hostingissues

Website &application

builders

Management

& reports

Marketing

Partnerschain

protection

Bus

ines

s to

You Seal options

Bus

ines

s to

You MORE TRUST = MORE SALES

Bus

ines

s to

You Certificate

Bus

ines

s to

You Mobile floating logo

Bus

ines

s to

You PCI brings more… involvement & commitment

• PCI became a stable, clear and worldwide accepted standard• By positioning PCI/DSS next to CC’s also for privacy information,

it supports a more generic approach for other sectors • PCI-scanning provides a tool and checks to support & increase quality• Use PCI-reporting for employees, managers & partners, not only acquirers• Use PCI/DSS for shared information between companies (not acquirer driven)• Use security for trust and marketing, “Market your Security”

Bus

ines

s to

You 14-days free trial

www.trustguard.eu

Bus

ines

s to

You

BUSINESS TO YOU

www.b2u.nlwww.trustguard.eu

www.webshopsolutions.com

Office: +31 (0)297 381303Email: trustguard@b2u.nl

THANK YOU