Shift4Word - The Shift4 Newsletter


Volume 7, Issue 1 - Page 3	Payment Processing News from Shift4 Corporation	September 2005


Summit Sessions The Transaction Security Summit, September 28 & 29 in Las Vegas , is designed to provide a detailed and in-depth look at the latest regulations, the certification process and the liabilities held by members of the merchant and payment application communities. The summit will cover both the Payment Card Industry Data Security Standards (PCI DSS) for merchants and the Payment Application Best Practices (PABP) guidelines for point-of-sale and property management systems. The Art of Deception: Are YOU In Danger of Being 'Conned?' *Kevin Mitnick, Founder, Mitnick Security Consulting LLC & the World's Most Famous Former Hacker* Join us to hear the world's most famous former hacker share his perspective on the threat of "social engineering" - a highly effective type of attack that exploits the human element of corporate security. While relatively unknown to the general public, the term "social engineering" is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole. Mitnick illustrates why a misplaced reliance on security technologies alone, such as firewalls, authentication devices, encryption and intrusion detection systems are virtually ineffective against a motivated attacker using these techniques. Although there are no reported statistics on the number of successful social engineering attacks, these ages-old techniques have been and continue to be extremely effective against unsuspecting targets, and pose the least risk and cost to your adversary. In the corporate environment, a large number of unsuspecting victims never realize they have been manipulated. Will your employees be next? Through concrete examples, Mitnick shares what your business can do to develop a creative and engaging security program that heightens awareness, motivates employees to change their attitudes, influences them to think defensively, and encourages the adoption of good security habits. Why You; Why Now? *Chris Mark, CISSP, MasterCard International* Hear first hand why the Card Associations created the PCI and PABP regulations, what they are meant to cover, who they are meant to protect and why the Card Associations are pushing them now. The Processor Perspective *Joe Musitano, Managing Partner, Solupay Consulting, Inc.* With decades of experience working for and with major processors, Joe Musitano will describe the inner workings of how processors view PCI and PABP. He will discuss legal/risk management in terms of both merchants and POS companies, as well as the affects these regulations have on the ongoing relationships between merchants and their banks and POS systems and their processing partners. Session will include real life examples of past security blunders and the fallout from them. Live Hack Demo *Wenlock Free, VP of Business Development, SecurityMetrics* So you think you're safe? This exciting, interactive session will show attendees just how vulnerable their systems are and just how important following these regulations and remaining vigilant is. CSI: Credit Cards *D.J. Vogel, CISSP, CISA, 403 Labs, LLC* Crime Scene Investigation for Credit Card Theft. This exciting session will provide a detailed look at what happens when there is a breach in credit card security. Understand the steps in a forensic investigation and the clues these experts follow to trace the data and uncover the culprit. Find out what the card associations expect from you and how to overcome and move forward with your business after an attack. Gateway to Security Dealing with regulatory requirements can be a significant drain on your organization's resources in terms of time and money. Find out how partnering with a gateway can help you quickly comply with today's requirements, and easily maintain compliance as regulations evolve. The right gateway can take the burden of data storage and protection out of your hands and provide insurance against future security problems. Security Round Table Join speakers from MasterCard, AmbironTrustWave, SecurityMetrics, 403 Labs and more as they discuss the current regulatory environment, debate the future of regulations and answer questions from the audience. MERCHANT TRACK PCI DSS Seminar *D.J. Vogel, CISSP, CISA, 403 Labs, LLC* This two and a half hour seminar will explore the specifics of the Payment Card Industry Data Security Standards (PCI DSS) and how they affect merchants today. The seminar will offer a detailed look at what the regulations mean, what they require and what they cover, as well as the process merchants need to follow to comply with these regulations. At the end of the session, merchants will be armed with the information they need to solidify and certify the security of their payment process. Internal Theft Trusted employee fraud does not receive the same coverage as external fraud and data theft, but it remains the most prevalent form of fraud facing merchants today. Find out just how common it is and what you can do to protect yourself, your funds and your customers. Who's Protecting the Merchant – Going Beyond PCI DSS PCI DSS is an excellent regulation put forth by the card associations and it's important that all merchants follow these regulations. However, these regulations are designed to protect the card holder; who is protecting you? Find out what simple and affordable things you can do to help you further protect your customers and, more importantly, yourself. Topics will include physical security, social engineering, training and more. PAYMENT APPLICATION TRACK PABP Seminar *Wenlock Free, VP of Business Development, SecurityMetrics* POS & PMS systems are being pressured to comply with Visa's Payment Application Best Practices (PABP) by processors and merchants alike. This two and half hour session will provide a detailed look at PABP: the exact requirements, the deadlines, the effect on legacy applications, the costs, the audit process, the legalities and more. What Your Merchants Are Facing *AmbironTrustWave* Your merchants are sitting across the conference center learning the ins and outs of the PCI DSS requirements. Once armed with this information, they are going to have questions and requirements for you, their POS/PMS provider. This session will provide you with a high level overview of the PCI DSS requirements merchants are facing today and how they will affect what merchants are asking for from their POS/PMS system providers. This is a great way to be prepared for the questions that are sure to follow. Legacy Systems The PABP guidelines can be a great way to cement customer relationships if handled correctly – unfortunately, if mishandled or ignored, it can lead to a great deal of customer service issues and eventually to lost customers. So, what must payment applications do to meet the needs of their existing customers currently employing their legacy systems? This session will discuss the importance of a proactive approach to assisting merchants with their PCI DSS requirements and the need for a well defined migration path.


Printer Friendly Version

Summit Sessions