馃攳
PCI-DSS - The Ultimate Guide for Founders - YouTube
Channel: unknown
[0]
business is booming world over more
[3]
companies are transacting online than
[5]
ever before bowler bear market payment
[8]
digitization is the way forward but with
[10]
more growth comes more risks and the
[13]
need to be secured has never been more
[15]
pronounced if you're watching this video
[17]
you're here to learn more about pci dss
[20]
because somebody has asked you if your
[22]
business was compliant or because you're
[24]
being proactive about data and payment
[26]
security there's a lot of information
[28]
about pci dss on the internet but not
[30]
all of it is immediately actionable so
[32]
in this video we're going to cover three
[34]
key topics one
[36]
what is pci dss and why is it important
[40]
two how do i get pci dss
[43]
and three how much will pci dss cost me
[47]
let's start with what pci dss is pci dss
[51]
stands for payment card industry data
[54]
security standard it was created in 2006
[57]
by representatives of the card industry
[59]
in question american express mastercard
[62]
visa discover financial services and jcb
[65]
international
[66]
they built this standard to address
[68]
rising cyber security risks to the
[71]
payment ecosystem
[72]
and to ensure businesses were adopting
[74]
best practices when storing processing
[77]
and transmitting card holder data that
[80]
was nearly two decades ago and today the
[82]
pci dss guiding principle that rings
[85]
truer than ever amidst a slew of high
[88]
profile cyber attacks that led to
[90]
cardholder information being exposed the
[92]
need for data and payment security is
[95]
highlighted more than ever before and
[97]
the impact of these hacks goes beyond
[99]
just brand damage and lawsuits there's
[102]
real financial repercussions too equifax
[104]
was fined more than half a billion
[106]
dollars capital one paid out 190 million
[110]
and british airways had its fine
[112]
downsized to 25 billion as humans we
[115]
tend to brush aside the likelihood of
[117]
bad things such as these happening to us
[120]
but pci also enforces non-compliance you
[123]
can process only a small number of
[125]
transactions and have nothing go wrong
[127]
but you can still be fined
[129]
non-compliance of pci dss leads to
[132]
monthly fines ranging from five thousand
[134]
dollars on the lower end to a hundred
[136]
thousand dollars or more on the higher
[138]
side and if you're a repeat offender you
[140]
could be banned from the credit card's
[142]
processing network entirely that's a
[145]
scary prospect protecting yourself
[147]
against these outcomes seems like a
[148]
herculean task but it's surprisingly
[151]
easy to do as long as you do it the
[153]
right way which brings us to our second
[155]
question how do you get pci dss the
[158]
security posture of a company is often a
[161]
response to its perceived risks the
[163]
bigger the company the greater its need
[165]
for security and pci dss agrees pci dss
[169]
is divided into four levels level four
[172]
less than twenty thousand transactions a
[173]
year level three between twenty thousand
[176]
and a million transactions a year level
[177]
two between one and six million
[179]
transactions and level one where you do
[181]
six million transactions and above in a
[183]
year
[184]
regardless of your level all companies
[186]
are tasked with fulfilling six broad
[188]
goals each of these goals have specific
[190]
standards outlined to achieve them
[192]
creating a holistic security environment
[194]
these 12 standards further break down
[196]
into 251 subsections and if that feels
[199]
overwhelming it is but don't worry
[202]
there's two things that you need to know
[203]
about pci dss one is that the fewer your
[206]
transactions the easier your compliance
[208]
process is and do you don't have to do
[211]
this manually before we get to that
[212]
let's just put everything together if
[214]
you're going to get pci dss here's how
[217]
to go about it one identify which of the
[219]
four levels you're in which brings you
[221]
to step two an internal risk assessment
[224]
where you identify and spell out what
[226]
your most pertinent and immediate risks
[228]
are then step 3 a gap analysis where you
[231]
alter existing processes or deploy new
[233]
ones in order to achieve pci compliance
[236]
step 4 is when you build out policies
[238]
and map procedures and step 5 is when
[241]
you monitor continuously the final step
[244]
involves a self-assessment questionnaire
[246]
and after that you get an attestation of
[248]
compliance report so how much does pci
[251]
dss cost the actual range of pci dss
[254]
compliance is quite hotly debated you
[256]
can find estimates on the internet
[258]
ranging from 300
[260]
to 30 000
[261]
this is for two reasons one different
[263]
people and companies simply quote
[265]
different prices pci dss is extensive in
[268]
nature and the information asymmetry
[270]
that exists around it means that vendors
[272]
can set prices to their own liking and
[274]
secondly the cost of a pci dsa support
[276]
varies significantly based on your
[278]
existing security standing for example
[281]
if you have a stock to report you're
[283]
halfway there to pci dss another factor
[286]
in pricing is that pci dss can also take
[288]
up a lot of time and effort leading to
[290]
invisible costs like lost productivity
[292]
and altered product road maps in an
[294]
ideal partner you need three things one
[297]
a predictable budget and effort forecast
[299]
two the ability to leverage existing
[302]
security protocols three as little
[304]
manual intervention as possible in
[306]
essence you're looking for automation so
[308]
if you want a better quicker and more
[310]
efficient pci dss compliance report you
[313]
need sprinter to get started book a demo
[316]
using the link in the description below
[328]
you
Most Recent Videos:
You can go back to the homepage right here: Homepage