1 / 21

Turn the Lemons of Compliance into Lemonade

Turn the Lemons of Compliance into Lemonade. How compliance affects portfolio value. Moderator: Linda Grimm CIPP/US, PMP - Director of Compliance Services- CSR, and WSAA Board Member Panelists: Steve Elefant - Managing Director - Soaring Ventures

flo
Download Presentation

Turn the Lemons of Compliance into Lemonade

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Turn the Lemons of Compliance into Lemonade How compliance affects portfolio value

  2. Moderator: • Linda Grimm CIPP/US, PMP - Director of Compliance Services- CSR, and WSAA Board Member • Panelists: • Steve Elefant - Managing Director - Soaring Ventures • Darrel Anderson CIPP/US - Executive Vice President - CSR • Heather Mark, PHD - SVP Market Strategy - ProPay

  3. Agenda • Has PCI really been effective at securing data? • Panelist point of view: • Steve Elefant --The risks of failure to secure date; real world examples of the impact of a data breach • Darrel Anderson -- Turning compliance lemons to lemonade, how to turn compliance requirements into revenue opportunities • Heather Mark -- The future of data security, what’s in store for the industry? • Audience Q & A

  4. Has PCI really been effective? The number of data compromises investigated has INCREASED since the introduction of PCI Data Security Counsel in 2006 Verizon Data Breach Investigation Reports, 2008-2012 2008 – 4 years worth of data

  5. Has PCI really been effective? The the number of compromised records shows significant fluctuation with steady INCREASE in number of records Verizon Data Breach Investigation Reports, 2012

  6. The Facts Smaller merchants are the new target: Survey by The Hartford – 85% of small businesses don’t believe they are at risk Number of employees Percent of breaches by business size Verizon Data Breach Investigations Report, 2012

  7. Personally Identifiable Information (PII): • Name • Address • Zip code • Date of Birth • Telephone number • Cell phone number • Email address • IP address • Business/employer address • License Plate number • Vehicle Identification number • Log-in credentials • Face, fingerprints, or handwriting Sensitive Personal Information: • Social Security Number • Bank routing and account number • Driver’s license number • Passport number • Medical records • Health information • Credit card information Just one of many forms of PII

  8. The Facts While only 4% of breaches contained PII, PII comprised 95% of the records lost Verizon Data Breach Investigations Report, 2012

  9. Steve Elefant Managing Director - Soaring Ventures

  10. What Happened? – After The Announcement • 1/20/09 – Call to arms of all Heartland employees to visit clients and talk to partners • HPY share price drops from $15.16 on 1/16 to $8.18 on 1/22 • HPY 4Q08 earnings call – HPY drops to $3.43 on March 12; a 77.6% drop since the breach announcement • 3/14/09 – Delisted from Visa list of approved vendors • 4/30/09 – Reinstated on Visa list of approved vendors • 1/8/10 – Settlement Agreement with VISA announced • 2/18/10- 4Q 2009 results reported. Share price opens at $15.13 on 2/19. • 09/30/2011 – Share price $21.07 after release of E3 and Mobuyle • 09/20/2012 – Current share price $33.00

  11. Turn Compliance Lemons into Lemonade Darrel Anderson, CIPP/US Executive Vice President - CSR

  12. The changing way ISOs make money 23% 25% 28% 38% 13% 18% 31% 24% Rev. 17.7¢ Cost 13.1¢** Profit 4.6¢ Rev. 11.9¢ Cost 8.1¢** Profit 3.8¢ *2005 Visa Functional Cost Study ** Including Sponsorship Fee *2010 Visa Functional Cost Study ** Including Sponsorship Fee

  13. How makes money on business Internet customers Average Go Daddy Client Revenue $38 / month Average ISO Level 4 Revenue $10 / month* *without interchange, VISA Functional Cost Study

  14. How would $5 per month extra revenue program affect ISO revenues and valuations? – Annual Revenue ** – EBITDA (3 yr)*** – Revenue Stream Valuation + $331,912 + $873,424 + $1,109,581 Or the equivalent of 827 new merchants *Based on 5,000 count portfolio ** 3 year average, 10% growth YOY, 4% opt out *** Assumes 15% commission rate

  15. How to Generate Portfolio Revenue with Compliance • Collect what is owed to you • 83% of accounts aren’t being billed 100% accurately • Use “GoDaddy” Mentality • Don’t be afraid to introduce new products, Don’t be afraid to sell, Don’t be afraid of attrition – it weeds out those that won’t generate revenues • Risk adjusted pricing for merchants that hold data • Merchants that hold more PII data are more risky. Charge them a premium • Opt out programs • They work, and they work well and they DO NOT cause attrition. They cause retention • Revenue outside the mid and track • 40% of your revenue should be coming from non-transactional sources, what is your number? • 2 Level Compliance and non-compliance fees • Create second level of both compliance and non-compliance fees

  16. Data, Data Everywhere Getting Beyond PCI DSS Heather.mark@propay.com Dr. Heather Mark, PhD SVP of Emerging Markets

  17. Data Protection is Like an Onion… …It brings tears to your eyes.

  18. Is this an ISO Problem? • Focus has been on Merchants and on Payment Card Data • Helping merchants be compliant can help secure the portfolio • But what data are YOU storing? • Protecting PII in your own environment can help secure your business • Employee information like SSN, health insurance • Merchant applications contain banking information

  19. Evolution • Definition of personal data is evolving • Payment information • Identifying information • What about answers to security questions? • Regulatory Environment is evolving • 46 state breach notification laws • 2 states (so far) mandating compliance with PCI DSS • FERPA; HIPAA/HITECH; GLBA • State level data security laws

  20. What to Do? • Look beyond PCI DSS • Conduct a regular inventory of data • Determine your data protection strategy • Stay abreast of regulation/court precedent • Help secure the portfolio

  21. Audience Q & A Contact Information: Linda Grimm – PMP, CIPP/US Director Consulting Services, CSR (707) 834-5147 lgrimm@csrcorporate.com Steve Elefant Managing Director, Soaring Ventures (925) 283-9311 steve@soaringvc.com Darrel Anderson – CIPP/US Executive Vice President, CSR (480) 603-6129 danderson@csrcorporate.com Dr. Heather Mark, PHD SVP, Emerging Markets, ProPay (801) 341-5563 heather.mark@propay.com

More Related