Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Children's Hospital Los Angeles

No description

on 3 March 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Children's Hospital Los Angeles

T-Mobil Loses 15 Million Customer Info
Safety starts with YOU
Experian Files Breached!
Dos and Don'ts
Who at CHLA Needs to Comply?
Limit access to cardholder data to only those individuals whose jobs require such access.

Securing cardholder data does not only apply to electronic records. Any donation forms, pledge cards, reports or other paper records that contain credit card numbers should be destroyed (or at least stored in locked files) once they have been processed.

Interview personnel and examine procedures to verify that hard-copy materials are crosscut shredded, incinerated, or pupled such that there is reasonable assurance the hard-copy materials cannot be reconstructed

Do not store sensitive authentication data after authorization (even if encrypted). If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process.

It is permissible for issuers and companies that support issuing services to store sensitive authentication data if:
There is a business justification
The data is stored securely

Retain or share sensitive information like credit card numbers or donor check without crossing out the account information.
(This also applies when sending information electronically, i.e. on gift notifications and for the Central File.)

Leave live checks unattended or locked in a drawer. Forward any live checks to the Finance team for deposit

We Treat Kids Better
Vol XCIII, No. 311
What is PCI?
Payment Card Industry
Contact our Foundation Finance Team

Payment Card Industry (PCI) is all of the organizations which store, process, and transmit consumer cardholder data such as major debit, credit, prepaid, or ATM cards. In our case, our consumers are our donors.

The security standard for the industry—set by the Payment Card Industry Security Standard Council (PCI SSC)—was created to increase controls around cardholder information to reduce credit card fraud via its exposure.

Tin Pham (x14609)

Tessa Gunawan-Gonzalez (x11726)

Ani Gabouchian (x14259)
Children's Hospital Los Angeles
Credit bureau and consumer data broker Experian North America disclosed that a breach of its computer systems exposed approximately 15 million Social Security numbers and other data on people who applied for financing from wireless provider T-Mobile USA Inc.
Experian said the compromise of an internal server exposed names, dates of birth, addresses, Social Security numbers and/or drivers’ license numbers, as well as additional information used in T-Mobile’s own credit assessment. The Costa Mesa, Calif.-based data broker stressed that no payment card or banking details were stolen, and that the intruders never touched its consumer credit database
Anyone with access to donor financial records - credit card numbers, checks, financial statements - at any given time!
You can find the PCI Data Security Standard (PCI DSS) at:

Why Security Matters
The security of cardholder data affects everybody.
The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants or financial institutions, their credit can be negatively affected -- there is enormous personal fallout. Merchants and financial institutions lose credibility (and in turn, business), they are also subject to numerous financial liabilities.

“The security benefits associated with maintaining PCI compliance are vital to the long-term success of all merchants who process card payments. This includes continual identification of threats and vulnerabilities that could potentially impact the organization. Most organizations never fully recover from data breaches because the loss is greater than the data itself.”
— Quick Service Restaurant (QSR) Magazine
Source: Trustwave®
Source: PCI Security Standards Council
Source: Krebs on Security
Hilton Acknowledges Credit Card Breach!
Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems.

“Hilton Worldwide (NYSE: HLT) has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems,” the company said. “Hilton immediately launched an investigation and has further strengthened its systems.”
Hilton said the data stolen includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

In March, upscale hotel chain Mandarin Oriental acknowledged a similar breach. The following month, hotel franchising firm White Lodging allowed that — for the second time in 12 months — card processing systems at several of its locations were breached by hackers.
Source: Krebs on Security
Full transcript