Episode 6
Why Compliance Makes You Vulnerable
Setting your target as compliance with a security standard like PCI-DSS or SWIFT-CSP means you are accepting an older standard as your minimum. In this podcast, Craig Jeffery interviews Mark Cuneo a card security expert from CardConnect, a First Data Company to explore why that target is a problem and what the proper security viewpoint should be. Listen in to this conversation at strategictreasurer.com/podcast or from wherever you normally download podcasts.
| Time | Discussion Topic |
| 0:54 | Why does compliance make you vulnerable? |
| 3:50 | Instances of card breaches where the companies were compliant |
| 5:44 | Known and unknown threats and your ability to respond |
| 9:10 | PCI time from publishing standard to compliance requirement |
| 9:42 | What should be done to better protect your company and data |
| 10:20 | Importance of guidance |
| 13:17 | Hardware to Education of your professional staff |
| 14:41 | Tokenization explained from the view of the thief |
| 18:47 | Point to point encryption |
| 20:56 | Vulnerability examples: HVAC, Defense Department |
| 22:07 | Card theft and PII theft |
Related Resources
Secure Training & Fraud Awareness for Corporate Treasury Teams
SecureTreasury Training Course
With fraud on the rise, corporate coffers are being targeted by increasingly sophisticated criminals. One of the best ways to protect your organization is to educate your people.
SecureTreasury is a cloud-based program designed to reduce the risk of corporate payment fraud by educating interdepartmental staff on common approaches to fraud, areas of organizational vulnerability, and leading practices for increased controls within a complete treasury security framework.
Compliance: 2018 Survey Results Webinar Replay
This webinar cover some of the more salient data points obtained through the survey, including which areas of regulation treasury struggles with the most and the specific aspects of the environment that practitioners are most concerned about. Areas of analysis will include sanctions screening and KYC requirements, FBAR, the use and traction of eBAM solutions, and the current strategies, practices, and plans that practitioners are leveraging to manage their compliance-related operations now and into the future.
