Christine Speedy on ITPalooza Data Breach Panel

Posted on by
Reply

itpalooza south florida logoITPalooza is a key event that brings together the entire South Florida IT community from CIOs through Tech User Groups to top local, national and international presenters and guests. ITPalooza has a long history of presenting the region’s top subject-matter experts with passion and knowledge that both entertains and educates. Christine Speedy will be on the 2018 data breach panel December 13, 2018 at The Greater Fort Lauderdale-Broward County Convention Center.

According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 11,019,555,688 individual records containing sensitive personal information were involved in security breaches between January 2005 and May 2017. The data breach panel will be led by a knowledgeable moderator who will guide the panel guests to a variety of topics, including PCI Compliance.

About ITPalooza

ITPalooza is an annual gathering of South Florida’s nonprofit Technology User Groups featuring all day format, CIO only track, Marine Toys for Tots toy drive, and more. ITPalooza is about content and connecting you, the tech professional, with the information you need to make informed decisions about technology and trends. Over 2,000 attendees experienced the event in 2017.

About Christine Speedy

Christine Speedy is a Qualified Integrator and Reseller payments professional, certified by the Payment Card Industry Security Standards Council, and authorized CenPOS Reseller. Christine is a subject matter expert on PCI compliance and card network rules compliance, offering secure cloud payment technology to businesses, transforming the commerce and customer experience. South Florida Technology Alliance member.

Christine Speedy on Ask the Expert Panel in Boca Raton

Posted on by
Reply

Christine Speedy will be on the BocaJS experts panel in Boca Raton, Florida. Christine’s background in ecommerce stems from when the internet first started. With skilled coding labor shortages, Christine learned html to help get stuff done for clients which included the Miami Dolphins, Blockbuster, the Florida Marlins and many others. While leaving serious work up to the coders and integrators today, her payment checkout insights are unparalleled for PCI Compliance and card network rules compliance. Get to know the industries best experts on everything from Development, Design, IT, DevOps, Recruiting, and Learning in Boca Raton, Florida.

Cendyn Spaces, in the Atrium

980 North Federal Highway · Boca Raton, FL

About The BocaJS group

The BocaJS group is here to represent the best that South Florida can bring to the world’s best Language (Javascript). And any else web related as well! In addition to vanilla java script, we’ll be looking at frameworks such as Node, AngularJS (1, 1.5 AND 2,4,5,6,…. 7 beta? ), Ember.js, jQuery, ReactJS and Ionic. Founded in September 2014 by Adam & Hector, and Run currently by Damian Montero and Jermbo Lawson this group continues to grow and thrive. Website: BocaJS.org (https://bocajs.org/)

About Christine Speedy

Christine Speedy is a Qualified Integrator and Reseller payments professional, certified by the Payment Card Industry Security Standards Council, and authorized CenPOS Reseller. Christine is a subject matter expert on PCI compliance and card network rules compliance, offering secure cloud payment technology to businesses, transforming the commerce and customer experience. South Florida Technology Alliance member.

Christine Speedy is PCI Council QIR Certified

Posted on by
Reply

Christine Speedy is Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council. QIRs are integrators and resellers specially trained by PCI Security Standards Council to address critical security controls while installing merchant payment systems. QIRs reduce merchant risk and mitigate the most common causes of payment data breaches by focusing on critical security controls.pci qir certified logo

The council changed the QIR certification requirements after my certification in an effort to reduce barriers to certification, both financially and with the depth of training. While QIR certification always was for individuals, they were tied to companies. The tie to companies has been removed so as they change jobs the certification is not disrupted. Due to this change, the PCI council recently updated the web site search navigation. My company used to be the first listing when you clicked on the QIR link. Now, the only way to find me or any other QIR certified person is to do a search.

qir certified speedy

Before PCI QIR certification requirements change.

 

PCI QIR certified christine speedy

After PCI QIR certification requirements change.

While the Visa QIR mandate is for Level 4 merchants with card present transactions, I recommend that all merchants use QIR individuals for all transaction types. There’s a false sense of security that consultants and developers are guarding merchant security, but literally every day I find problems with companies of all sizes. Level 4 merchant is defined as less than 20,000 Visa or MasterCard e-commerce transactions annually, and all other merchants processing up to 1 million Visa or MasterCard transactions annually.

The Christine Speedy difference. PCI compliance is important to mitigate data breach risk, but equally important is compliance with complicated card network rules. Have you read any of the 1,000+ pages of Visa Rules? Or 300+ Mastercard transaction processing rules? Have any of the people you rely on? I’ve spent countless hours educating myself on them and learning about the nuances that impact your profit and risk. Technology directly impacts compliance. It doesn’t matter how big or how old a company is; the reality is most players in the payments industry fall behind with every new rule that comes out, even though these rules are usually announced years in advance so that they can prepare.

Resources:

Christine Speedy, QIR certified payments professional can be reached at 954-942-0483, 9-5 ET.

3 Ecommerce Checkout Payment Problems

Posted on by
Reply
Use of a PCI compliant payment gateway does not make a company PCI compliant, compliant with card network acceptance rules, or compliant with best practices to maximize profits. In other words, if you follow best practices and comply with all the rules, you’ll have a more secure and profitable company. A key ingredient to compliance is the payment gateway, however, the payment gateway has no specific requirement to ensure your compliance with all the card network rules and best practices, just those that pertain to Payment Card Industry Data Security Standards.Here’s a few costly merchant problems:

  1. Lack of brute force attack tools. These help prevent bots from testing thousands or millions of cards on your checkout form. The merchant is liable for all of the attempted transaction fees on the payment gateway and on the acquiring. A simple first line of defense is adding recaptcha. See Visa best practices to prevent brute force attacks. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html.
  2. Non-compliance with Visa Stored Credential Mandate, effective October 14, 2017? I’ve written extensively on this, for example here’s a B2B steps to compliance article. There are multiple elements, and many payment gateways do not yet have solutions, especially for ‘Unscheduled credential on file’. Do you have a checkbox in the sequence of checkout opting in to terms? https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf.
  3. Invalid authorizations. This is the most costly as it can lead to consumer generated chargeback, issuer chargeback, non-qualified interchange rates and penalty fees. Here’s a story about the new .25% MasterCard integrity fee. Do you have Standard/STD, EIRF, or Data Rate I on your merchant statement under interchange fees? Then you have an authorization problem.
  4. Cardholder authentication limitations. The security code has historically not been enough evidence to win customer disputes about unauthorized charges. With 3-D secure, fraud liability shifts to the issuer. Effective April 2019 based on region and industry, Visa mandates many merchants use Visa 3D Secure 2.0. Reference Table 5-18: Acquirer Support of Verified by Visa, Visa Public Rules.

The solution to all of the above is replacing outdated payment gateway technology with new technology that will help automate compliance with card network rules, while reducing PCI Compliance burden.

Why comply? Here’s an example of the cost difference between valid and invalid authorization.

interchange rate qualification

Resources and documentation /blog/merchant-bulletins-downloads – bookmark it!.  Join Christine Speedy’s email list.

DISCLAIMER: condensed and incomplete information! Information may be quickly outdated.

Need a solution? Call Christine Speedy, 954-942-0483, 9-5 ET, CenPOS authorized global reseller based out of South Florida and New York. CenPOS is an integrated commerce technology platform driving innovative, omnichannel solutions tailored to meet a merchant’s market needs. Providing a single point of integration, the CenPOS platform combines payment, commerce and value-added functionality enabling merchants to transform their commerce experience, eliminate the need to manage complex integrations, reduce the burden of accepting payments and create deeper customer relationships.