Join us on Thursday, November 20, 2014 at 11:30am for our latest webinar, “PCI Compliance” presented by Bashir Fancy is the Managing Director, Corporate Solutions & Services Inc.

At this Webinar, you will hear from the person directly involved with the development of the AIS-DSS (now PCI-DSS) standards, as to what challenges were intended to be addressed by it. You will hear Organizations and QSA are eager to either receive ROC or issue the same, whilst the Enterprise may not have enhanced its security posture. All major compromises involved Organizations that were supposedly PCI compliant (at least they were in possession of compliance paper -ROC). The question we will address is whether they were indeed compliant?

It is not the standard that is the problem, but how Organizations are approaching it. PCI is being approached as a compliance matter rather than a risk based journey. Organizations are happy to get a piece of paper declaring that they are “PCI compliant” rather than becoming secure. Corporate pressures, cost reduction, organization structure and also the culture play a significant role in declaring that “PCI compliance” is preferable and comparatively easier to achieve. Security never was and will never be a onetime effort. PCI is an ongoing journey that needs to be visited on regular basis to ensure that developments in technology, operations, company’s new products, new employees, acquisitions have not created new exposures and Organization culture should reflect that and include training.  The checklist/compliance approach used by many Organizations requires them to be lucky every time to be safe, but the criminals have to be lucky only once in order to cause major financial and brand damage. Whilst there is a lot of discussion about the external threat, similar emphasis and oversight is not in place on the internal side. It is a well-known fact that there is a significant internal component involved in lot of these compromises and therefore criminals may not to have too much luck as they already know the weaknesses. You will hear about what has changed in PCI-DSS 3.0 and more importantly what is working and what is not. Whilst the changes in PCI 3.0 do not appear major, it does have a major impact in order to comply and should not be underestimated. We will aggregate the information from recent breaches to share with you why Organizations that were “supposedly PCI compliant” were breached. We will discuss what has gone wrong and why.

We will outline how best to approach PCI Compliance This is an enterprise problem and requires enterprise approach and either ignoring it or simply throwing money at it without a clear strategy is not the answer. It requires involvement of all stakeholders and a carefully through approach and a risk based culture to deal with it can pay a lot of dividends. You will hear all that in this interactive session and be better prepared to deal with your own organizational challenges after attending this session.

Your Presenter

Bashir Fancy is the Managing Director, Corporate Solutions & Services Inc. He has previously held Senior Executive Advisor positions at Grant Thornton LLP until 2013 and as a Senior Executive Advisor at Deloitte & Touche until May 2009. In both these roles, he has assisted their clients globally in understanding and applying a risk-based approach to achieving sustainable compliance, governance, security and fraud prevention as it related to the Payments Industry as well as the broader Industry, creating a ”return on investment”. Prior to that Mr. Fancy served as the Executive Vice President of Risk Management & Security at Visa International. Mr. Fancy was also the Global Head of Internal Audit for Visa International. He was also part of the original team at Visa that developed the “Account Information Security” –Data Security Standards (now known as PCI- DSS), impacting any Organization that stores, and processes or transmits credit/debit card information. Bashir Fancy, in his role as the Head of Risk Management & Security for Visa Canada, developed & implemented a strategy of Fraud Prevention that led to 50% reduction in fraud losses, after a growth of 40% per year for 5 previous years.  This strategy was adopted globally. Mr. Fancy has been assisting Organizations and Governments globally with his extensive and broad background.

Mr. Fancy’s global experience and background includes hands on IT, Operations, Marketing & Sales, and Internal Audit, Finance and Risk Management & Security in Payments, Retail, Airline Industry, 3rd party processing and Auditing. Mr. Fancy was also responsible for building Issuer and Acquirer systems ground up. These senior roles included Grant Thornton, Deloitte & Touche LLP, Citibank, managing Payment division of SNS (initially subsidiary of Bell and now integrated into TELUS). Mr. Fancy also held senior management roles in Air Canada and the “Supermarket Group”, after starting his career at West, Wake & Price (Auditors).

You are encouraged to pass this on to other groups or individuals. To register for this event, simply visit the following link.