##firstname##

I wanted to follow up with some of the informatin that was discussed on the webinar yesterday with Thea Dudly, I decided to include some of the members who missed the call as there was some ineresting things discussed.

Here is a link to the fraud article where the US Postal service suggests not sending checks through the mail:

Link: https://apple.news/A7q2XrS4DThi83NnvZDEDtg 

I have also attached the slides used in the presentation because a number of members asked for them, please see attached slides.

Lastly I have included the Payment Card Industry(PCI) compliace requitements as requested.

The 12 PCI compliance requirements.

1. Install and maintain a firewall. That includes testing network connections, restricting connections to untrusted networks and other efforts.


2. Change vendor-supplied default passwords and security settings. This includes enabling only necessary services, removing functionality where warranted, encrypting access and other efforts.


3. Protect stored cardholder data. That includes having policies for disposing of data, limiting what is stored, avoiding storing certain types of data and other efforts.


4. Encrypt cardholder data when transmitting it across open, public networks. Among other things, don't send unprotected account numbers via email, instant messaging, text, chat or other end-user messaging technology.


5. Use and regularly update antivirus software. That means performing and documenting periodic scans, as well as ensuring the software is running and other activities.


6. Develop security systems and processes. This means creating processes to find and take action on vulnerabilities, as well as other efforts.


7. Restrict access to cardholder data to a need-to-know basis. That requires defining the access certain roles need, as well as creating user privileges and control systems, among other things.


8. Assign user IDs to everybody with computer access. Businesses should also ensure there's a way to authenticate users, document their policies in this area and take other actions.


9. Restrict physical access to cardholder data. This means using cameras or other tools to monitor who is in sensitive areas of the business or handling certain equipment, for example.


10. Track and monitor who accesses networks and cardholder data. That means having an audit trail, using time-stamped tracking tools, reviewing logs for suspicious activity and other activities.


11. Regularly test systems and processes. Test and inventory wireless access points, do quarterly vulnerability scans and monitor traffic, among other things.


12. Have a policy on information security. That means writing, publishing and disseminating a policy at least once a year that lays out usage rules for certain technologies and explains everyone's responsibilities, among other things.

Let me know if you have any questions or if we cn help in any way.

Dave O'Donnell

Nemeon Inc.

843-901-0467