SPIguard CharitySecure Handbook 12 Steps to Peace of Mind Protecting Your Reputation and Your Donors

About This Presentation

Title:

SPIguard CharitySecure Handbook 12 Steps to Peace of Mind Protecting Your Reputation and Your Donors

Description:

24% of consumers report shopping less online due to security concerns ... Do you take credit cards online or over the phone or in the field? ... – PowerPoint PPT presentation

Number of Views:112

Avg rating:3.0/5.0

Slides: 41

Provided by: richar743

Category:

more less

Transcript and Presenter's Notes

Title: SPIguard CharitySecure Handbook 12 Steps to Peace of Mind Protecting Your Reputation and Your Donors

1
SPIguard CharitySecure Handbook12 Steps to
Peace of Mind!Protecting Your Reputation and
Your Donors From Fraud and Identity Theft
2
Introducing Security Compliance Protecting Your
Donors from Fraud and Identity Theft

You will learn the mandatory security
fundamentals and options available to create a
trusted fundraising environment to minimize
online and physical world criminal activity.
Regulations, best practices, resources and
references provided will help the participant
understand the necessary action required to
develop a compliant risk management strategy.
This Handbood offers an overview of the security
regulations required today for all fundraising
world-wide, policies, procedures, and the tools
necessary to assure a donors privacy is
protected. This session will prepare IT
professionals, development officers and other key
nonprofit administrators to take the steps for
PCI DSS compliance, to prevent compromise of
confidential donor information and protect their
donors from fraud and identity theft.

3
C.N. Wylie Group Inc.www.cnwylie.com

Founded 1994- Socially Responsible
Developed proprietary infrastructure of
e-solutions to faciliate positive change by
helping to create permanent sustainable
communities for a sustainable future!
Security 1
Never compromise security for convenience, speed
or
Proprietary Infastructure
Web and Payment Hosting
Web and Payment App Dev
Database Application Dev
Complete online solutions for donation management

Online anti-fraud tools
VBV/Secure Code
IP guard
CVV/AVS
Began performing IT audits for Visa Canada AIS
June 03 to Feb. 04
Global auditor MasterCard SDP Feb/04
SPIguard Security Solutions Inc. certified QSA
and ASV by PCI SSC (Security standards Council,
L.L.C.!
Fourth year certified under PCI without
remediation required
Bring real world experience and knowledge to our
security education audit process and training
Never been compromised

4
Why Mandatory PCI Security Regulations? Its
Been the Wild, Wild, West and the PCI Sheriffs
have riding in to clean up!

Internet inception no rules or regulations a
free for all for the hope of Big
Fraud, Identity Theft and other criminal
activities online and in physical office space on
the rise.
Costs to the card cos and consumers in the
hundreds of million of annually - One set of
global requirements to get everyone using one set
of policies, procedures, methodologies to reduce
crime to a minimum. Been going on for years well
hiddenbut now forced to disclose.
Examples
Hackers grab donor info from U.K. charityBy Andy
McCuehttp//news.com.com/Hackersgrabdonorinfo
fromU.K.charity/2100-1029_3-5991361.html Dec
12, 2005
Red Cross Identity Theft Case May Turn Up More
Victimshttp//www.news-leader.com/apps/pbcs.dll/a
rticle?AID/20060520/NEWS07/605200358 May 20,
2006 By Jim Salter THE ASSOCIATED PRESS
Ohio University Suffers Massive Security
Breachhttp//news.zdnet.co.uk/internet/0,39020369
,39268534,00.htm Greg Sandoval CNET News.com May
12, 2006

5
Growing Concerns

53 million people have had data about themselves
exposed in the the past 13 months
24 of consumers report shopping less online due
to security concerns
Fraud is now the top reason given for chargebacks
Avg. consumer losses are between 500 (if theft
found early) and 4500 if they wait for paper
records
43.4 of U.S. adults have received a phishing
e-mail and almost 5 are successful
Mar. 2006 - Major security flaw uncovered on
PayPals site that could allow scammers to send
phishing emails
Mean amount lost to consumers to identity theft
is 1,089, Harris Interactive reports.
Source www.auctionbytes.com, Zdnet, Visa,
Information week

6
Identity Theft and Fraud
7
The Changing Faces of the Social Engineers of
Online Crime!

Social Engineers used to be high school and
college kids like
Chen-Ing Hau the author of the CIH virus,
Joseph McElroy who hacked the Fermi lab network
Today we are fighting sophisticated business
types and organized crime figures such as
Jeremy Jaynes, millionairre and a spammer
Jay Echouajni, CEO and a DDoS attacker
Andrew Schwarmkoff a member of the Russian mob
and a phisher

8
What Are We Doing About It?History of Payment
Card Industry Data Security StandardsPCI DSS

Visa International created the regional Account
Information Security Program in 2001-CISP in US
Goal to minimize criminal activity online
initially, now physical world as well
Slow to implement and enforce
MasterCard developed their program Global
Secure Data Protection with its own set of
requirements in 2003/04

Dec. 2004 formed Payment Card Industry
association and aligned the card programs into
one
Endorsed by Visa, MasterCard, Amex, JCB,
Discover, Diners
New PCI SSC (Standards Security Council)
responsible for training and certifying QSA and
ASV
Card Companies have different requirements so
must coordinate all
Creates confusion without guidance
Key to winning war against crime is EDUCATION AND
ONE SET OF GLOBAL REQUIREMENTS!

9
PCI DSS Purpose

The purpose of the PCI Data Security Standards
Council, LLC is to foster broad adoption of the
PCI Data Security Standard (DSS). The PCI DSS
represents a unified, industry standard for
protecting account data that is stored,
transmitted or processed to enhance the security
of electronic payments.
The PCI DSS version 1.1 was developed by the
founding members of PCI Security Standards
Council, LLC, including Discover, American
Express, JCB, MasterCard and Visa International,
to help facilitate the broad adoption of
consistent data security measures on a global
basis. The PCI DSS is a multifaceted security
standard that includes requirements for security
management, policies, procedures, network
architecture, software design and other critical
protective measures.
This comprehensive standard is intended to help
organizations proactively protect customer
account data. PCI Security Standards Council,
LLC, will enhance the PCI DSS as needed to ensure
the standard includes any new or modified
requirements necessary to mitigate emerging
payment security risks while continuing to foster
wide-scale adoption.
Source http//www.discovernetwork.com/resources/
data/data_security.html

10
PCI DSS Mandatory for all Merchants with Visa,
MasterCard, Amex, JCB, Discover and Diners
Merchant Accounts!

Using the PCI Data Security Standard as its
framework, provides the tools and measurements
needed to protect against cardholder data
exposure and compromise.
PCI consists of Four Merchant Levels
The PCI DSS consists of twelve basic
requirements and corresponding sub-requirements.
SafeHarbour If your organization has a PCI DSS
compliant certificate and is compromised, you
will be exempt from any penalties(fines/loss of
M/A) once a review has been completed by the PCI
Association.

11
Risk Exposure

What risk is a business exposed to by not
complying with Visa's Account Information
Security Standards Program?
Failure to protect Account and Transaction
Information may result in financial loss due to
fraud, or a decrease in business caused by lower
consumer confidence. Because the AIS program is
mandatory for all Visa-accepting merchants, those
merchants found not complying with the AIS
program may be subject to penalty by Visa, such
as fines, and/or removal from the Visa program.
MasterCard and American Express will fine without
compliance in place.
TJX exposure to millions upon millions of
dollars in Card Association fines and class
action lawsuits.

12
Visa Merchant Level Described

Acquirers are responsible for determining the
compliance validation levels of their merchants
Merchant Level Description and Validation
Summary
Level 1
Any merchant-regardless of acceptance
channel-processing over 6,000,000 Visa
transactions per year.
Any merchant that has suffered a hack or an
attack that resulted in an account data
compromise.
Any merchant that Visa, at its sole discretion,
determines should meet the Level 1 merchant
requirements to minimize risk to the Visa system.
Any merchant identified by any other payment card
brand as Level 1.
All Brick Mortar, MOTO, E-commerce
Validation
Annual Self-Assessment Questionnaire,
Quarterly Vulnerability Scan if risk highest
this could go to daily or weekly
Annual On-site Review

Level 2
Any merchant processing 150,000 to 6,000,000 Visa
e-commerce transactions per year
Validation Summary
Annual Self-Assessment Questionnaire
Quarterly Vulnerability Scans
Deadline for compliance was Dec. 31, 2005
Level 3
Any merchant processing 20,000 to 150,000 Visa
e-commerce transactions per year.
Same as Level 2
Level 4
Any merchant processing fewer than 20,000 Visa
e-commerce transactions per year, and all other
merchants processing up to 6,000,000 Visa
transactions per year.
Annual self-assessment questionnaire and
vulnerability scan unless deemed high risk by the
auditor.
In Canada 4a. All brick and mortar and MOTO
Level 4b is B/Mlt 1,000,000 transactions and E-com
lt20,0000
Looking to achieve compliance for 2007/08

13
MasterCard SDP for PCI DSS

Merchant Definition Criteria
Onsite Review
Self Assessment
Network Security Scan
Initial Compliance Validation Date
Level 1 Onsite Review
All merchants, including electronic commerce
merchants, with more than 6 million total
MasterCard transactions annually
All merchants that experienced an account
compromise
All merchants meeting the Level 1 criteria of a
competing payment brand
Any merchant that MasterCard, at its sole
discretion, determines should meet the Level 1
merchant requirements
Required Annually
Quarterly Scans
Validation Date 30 June 2005
Level 2 no onsite unless compromised or a PSP
All merchants with more than one million total
MasterCard transactions but less than six million
total transactions annually
All merchants meeting the Level 2 criteria of a
competing payment brand
Self Assessment Questionairre (SAQ) required
annually

Level 3 -no onsite unless compromised or a PSP
All merchants with annual MasterCard e-commerce
transactions greater than 20,000 but less than
one million total transactions
All merchants meeting the Level 3 criteria of a
competing payment brand
Self Assessment Questionairre (SAQ) required
annually
Quarterly Scans
Validation Date 30 June 2005
Level 4 no onsite unless compromised
All other merchants
Self Assessment Questionairre AnnuallyRequired
Quarterly Scans
Consult Acquirer for Validation Date
1. For Level 1 merchants, the annual onsite
review may be conducted by either the merchants
internal auditor or a Qualified Security
Assessor.
2. To fulfill the network scanning requirement,
all merchants must conduct scans on a quarterly
basis using an Approved Scanning Vendor.
3. Level 4 Merchants are required to comply with
the PCI Data Security Standard. Level 4 Merchants
should consult their acquirer to determine if
compliance validation is also required.
Sourcehttp//www.mastercard.com/us/sdp/merchants/
merchant_levels.html

14
American Express Data Security Operating Policy
(DSOP)

IMPORTANT! Demonstration of
Compliance with Data Security Operating Policy
Merchants must take the following steps to
demonstrate their
compliance with this Data Security Operating
Policy.
Step 1 Determine your Merchant Level and
Compliance
Requirements
Most Merchant Levels are based on the merchants
volume of
American Express Card transactions submitted by
its
Establishments that roll-up to the highest
American Express account level. Merchants fall
into one of three levels specified in the table
below.
Level 3 Merchants need not submit Validation
Documentation, but nevertheless must comply
with, and are subject to liability under, all
other provisions of this Data Security Operating
Policy.
Determine your level and the documents that you
must send to American Express in order to
validate your compliance with this policy.
Level
Definition
Validation
Documentation

Requirement
Level 1
2.5 million American
Express Card transactions or more per year or
any merchant that has had a data incident or any
merchant that American Express otherwise deems a
Level 1
Annual Onsite
Security Audit
Report
Quarterly Network Scan Mandatory
Level 2
50,000 to 2.5 million
American Express Card
transactions per year
Quarterly
Network Scan
Mandatory
Level 3
Less than 50,000 American Express Card
transactions per year
Quarterly Network Scan
Strongly Recommended

15
PCI DSS 12 Basic Requirements and
Sub-Requirements Standards

Build and Maintain a Secure Network
Install and maintain a firewall configuration to
protect data
Do not use vendor-supplied defaults for system
passwords and other security parameters
Protect Cardholder Data
Protect stored data
Encrypt transmission of cardholder data and
sensitive information across public networks

Maintain a Vulnerability Management Program
Use and regularly update anti-virus software
Develop and maintain secure systems and
applications owasp.org
Implement Strong Access Control Measures
Restrict access to data by business need-to-know
Assign a unique ID to each person with computer
access
Restrict physical access to cardholder data

16
PCI DSS 12 Basic Requirements and
Sub-Requirements Standards

Maintain an Information Security Policy
Maintain a policy that addresses information
security

Regularly Monitor and Test Networks
Track and monitor all access to network
resources and cardholder data
Regularly test security systems and processes

17
Cardholder Data Definition

Applicable Information
Account and Transaction Information includes
information that is necessary to process Card
transactions correctly, including all information
recorded electromechanically or otherwise on a
card, and more specifically includes

18
Most Common Methodologies for Committing Crime
Social Engineering

Social Engineering is a serious problem as people
are usually the weakest link SE is the
acquisition of sensitive or inappropriate access
privileges by an unauthorized outsider, based on
the building of inappropriate trust relationships
with insiders. The goal of the unauthorized
outsider is to trick an insider into providing
valuable information or to gain access to that
information.
The social engineer preys on the qualities of
human nature such as the tendency to trust people
and the fear of getting into trouble. Successful
defense of a social engineering attack depends on
having clear policies in place and providing
ongoing security training to all staff and
volunteers on how to follow these policies.

19
Common Crime Methodologies Online and OffSocial
Engineering Human and Computer

Human-based Social Engineering
Impersonation Pretends to be someone important
in the organization to gain passwords or access
to private data.
Important User Pretends to be a Management or
Supervisor and threatens employee position if
they dont gain access to sensitive data.
Third Party Authorization Pretends to be an
outside valued source with authorization to gain
access to sensitive data.
Tech Support Pretends to be someone from the
technical department with a legitimate reason for
gaining access to passwords or sensitive data.
Dumpster Diving Going through garbage for
cardholder data.
Shoulder Surfing Looking over your shoulder to
gain access to sensitive data.

20
Action Required

DO NOT give out confidential or access
information or re-set passwords without following
the approved security policy procedures.
Be aware of any person or person(s) that do not
have the proper authorization to be in the
workplace.
Follow the security policy procedures for
disposing of all confidential data and media such
as disks, CDs, DVDs, backup tapes.
Be aware of any unauthorized person(s) that are
trying to eavesdrop on confidential conversations
or may have access to look over your shoulder to
gain access to confidential.
Report any unusual behavior, phone calls or
activities that could fall into the above
outlined activities to appropriate person in
charge.

21
Computer-based Social Engineering

Phishing
Action- DO NOT follow the email instructions. If
in doubt forward the email to the actual
organization for review and further instructions.
Report this email to the appropriate authority.
Popup Windows
Action - do not re-enter your username or
password. Restart your system and log in.
Report the incident to the appropriate person in
charge.
Mail attachments
Action - DO NOT open any attachments at work or
at home that you are not expecting from a trusted
and authorized person.
Spam, Chain Letters and Hoaxes
Action DO NOT open or respond to anything or
anyone you dont know personally. If in doubt
check with authorities.

22
Other types of Criminal Activity

Mac OS X viruses are here
Mobile for-profit viruses prolific10s of
thousands of infections world-wide
For-profit virus writers getting more aggressive
DDoS attacks increasing and causing Big loss
Ranson trojans
Global Phishing
Pharming modifying a PC with a virus or trojan
so that access to the correct URLs goes to the
wrong server
DNS poisoning BC government system was
compromised
the hacker tried a DNS poisoning against our
systems over two days
It failed as we monitor but the Gov.t had no clue
it was happening!

23
Action RequiredThings to do to minimize the
social engineering risk.

Cross-cut shred any phone lists, email lists or
other important documents before recycling them
or throwing them in the trash
Give extra security training to the people on the
company's perimeter -- security guards, help desk
workers, receptionists
Pay help desk workers well and try to keep the
turnover rate down. They have route access and a
tremendous amount of power. Treat them with
respect
Put procedures in place that outline what to do
if someone calls needing assistance with a
password, user ID or other form of
authentication
Give the chief security officer access to top
executives. Put him or her in the boardroom so
security concerns are given the corporate
attention they warrant
Have a security assessment test performed and
heed the recommendations. Make sure you test the
company's ability to protect its environment, its
ability to detect the attack and its ability to
react and repel the attack-- Have the first
test performed when the company is expecting
it-- Do a blind test the second time around

24
Action RequiredThings to do to minimize the
social engineering risk.

Train ALLof your employees and let them know they
all have a role in protecting the company and
that means they're protecting their own jobs
Let employees know they don't have to be pushed
around. If someone calls and tries to threaten
them or confuse them, it should raise a red flag
Remember to update training and train new
employees as they come on board
Set up policies for what can be discussed over
the telephone, what can be discussed outside the
building, what can be posted in news groups, what
can be written in instant messages and what can
be written in an email
Don't forget the security basics, like never
leaving a password on a sticky note on the
computer monitor
Encrypt information on desktops, laptops and
PDAs
Install cameras so you can see who is coming and
going
Use biometrics or electronic security badges to
limit access to the building
No one should hold the door open for anyone not
showing proper ID
Don't allow employees to leave email notification
or voicemails alerting callers that they are away
on a business trip or vacation. It sets up the
replacement as a target

25
How to PCI DSS Certify In Your Organization!

Are you PCI DSS certified now
if not- determine transaction level
Review your IT and office security policies
against the PCI requirements documents and create
a risk assessment report including all staff and
volunteers! https//www.pcisecuritystandards.org/p
dfs/pci_dss_v1-1.pdf
Make a list of all your third party vendor
suppliers handling cardholder data and ensure
compliant dont assume they are secure no PCI
cert they are not secure!
Web, Mail and Payment Hosting
Software suppliers
Couriers
Pay particular attention to how cardholder data
is handled and transported online, in the office
and in the field(events, door/door).
Locked up, cross-cut shredded, locked boxes for
large volume disaster data
Encrypted
Do you have all the correct compliance equipment?
Is your privacy policy posted for easy viewing
Create a preliminary budget for security audit,
remediation, training costs current and ongoing.
Hire an auditor from the PCI SSC approved vendor
site.

26
Auditing Process

Review audit quote
Hire an auditor from the Visa or MasterCard
vendor lists depending on the size of your
organization and region
Complete the Self-assessment Questionnaire,
prepare remediation action plans, implement and
enforce
Schedule your scans, prepare remediation action
plan, implement and enforce.
Prepare ongoing training if required and schedule
quarterly reviews to monitor behavior changes
Once compliant, certificate will be issued and
re-certification is required annually. See our
certificate on our site at www.cnwylie.com

27
What will Impact Your Organization the Most!

Audit costs range 150 to 100,000 depending on
size.
Human cost to prepare, train, implement and
enforce staff and volunteers to the new security
policies, procedures and methodologies for both
IT,Office and field
Cost of equipment
Cross-cut shredders
Locking files, boxes, drawers
Hardware and software upgrades and purchases

Cost of the Criminal Record checks
If you dont implement according to the mandatory
guidelines you are subject to
Fines
Loss of merchant account use
If Compromised
Damage to Reputation
Losing Donor Revenues
The cost of the Audit is just a small part of
compliance budget.

28
What to Do if a Compromise is Discovered

Contain and limit the exposure
Inform PCI Association within 24 hours
Alert all necessary parties.
Within four business days of the reported
compromise
Provide Visa with an incident report.
Depending on the level of risk and data elements
obtained, complete an independent forensic review
and conduct a compliance questionnaire and
vulnerability scan upon Visa's discretion.

29
What You Can do to Get Your Non-Profit Secure Now!

Be proactive and ASK the decision makers in your
organization
Do you take credit cards online or over the phone
or in the field?
Do you have a security policy manual governing
both your IT and physical security in the office
and in the field?
Are you passing cardholder data unencrypted over
email or storing unencrypted in computers or
servers.
Do people handling cardholder data have criminal
records checks done if not why not?
Does your nonprofit and your third party vendors
have a PCI DSS certificate? If not go through the
audit and tell your vendor/suppliers they have to
as well.

30
What You Can Do Today Before PCI to Reduce Fraud
and Identity Theft in Your OrganizationClean
Desk Policy

Clean Desk
The principle of a "clean desk"
Staff members and volunteers must leave their
desks, workspace, or work environment in the
field including special fundraising events,
"neat and tidy", as if it is messy, you may not
notice when something is missing.

31
Clean Desk Policy

An IT user, volunteer or other staff member must
see to it that, when leaving his/her workplace,
the appropriate arrangements have been made to
prevent unauthorized persons from having access
to IT applications or to card holder data. He/she
must also just as conscientiously check his/her
workplace and must ensure that no loss of
availability, confidentiality or integrity will
be entailed by any access of unauthorized persons
to data media (diskette, hard disk) or to any
documents (print-outs, checks , etc.)
For short absences during working hours, it will
suffice to lock the room or file sensitive data
in a locked filing cabinet. Outside working
hours, the workplace must be tidied up so that no
media or documents requiring protection that are
not locked away, will be left behind at the
workplace.
If no locking desk or appropriate filing cabinet
exists to lock away confidential material outside
work hours, then the room must be locked and
absolutely no unauthorized personnel can have
access to the locked room

32
Clean Desk Implementation

Implementation responsibility to be outlined to
Staff members including Volunteers with access to
sensitive data.
Must create an inventory list of all available
lockable office equipment available in each zone
for employees and volunteers to lock up
confidential account/cardholder data.
Create an inventory of lockable boxes or files
for employees and volunteers to use to lock up
and transport confidential data in the field
outside of the workplace, at special fundraising
events, new disaster relief campaigns, and for
door to door campaigns.
Must create roles and responsibility outline and
list of authorized person(s) for those handling
the keys or cards for locking equipment, the
workspace, and transporting secured confidential
account/cardholder data to and from the field
and special fundraising events.

33
Clean Desk Implementation

Must create the procedures for the lockup and
transport procedure
Throughout the day
Lock sensitive confidential documents and
computer media in drawers or filing cabinets
Physically secure laptops with security cables
Secure your workstation before walking away
Ensure you are logged off your terminal when
leaving your terminal unattended.
If no locking desk or file cabinet exists, store
sensitive/confidential documents and computer
media in a filing cabinet or desk drawer, then
lock the work environment/room before leaving to
assure no unauthorized personnel can access the
work environment/room where sensitive/confidential
data is stored

34
Do Not Post Sensitive Data

Examples include
User IDs Passwords
IP addresses
Contracts
Account numbers
Checks
Client lists
Intellectual property

Employee records
Anything you wouldn't want disclosed
At the end of the day, take a moment to
Tidy up and secure sensitive material
Lock drawers, file cabinets and offices
Secure expensive equipment (laptops, PDAs, etc.)

35
What You Can Do Today to Minimize Fraud, Identity
Theft and Criminal Activities Online and in the
Office and Field!

Be a Leader in attaining and maintain PCI DSS
compliance in your organization
Get PCI DSS certified through SPIguard
CharitySecure Compliance Seal Program
Review other vendors for compliance at the PCI
SSC site
https//www.pcisecuritystandards.org/resources/qua
lified_security_assessors.htm
https//www.pcisecuritystandards.org/programs/asv_
program.htm

36
SPIguard CharitySecure Seal Program

Review of current Security Risk Management
Strategy
Aligns all the Card Companies PCI DSS Dates and
Validation
Review of Self-Assessment Questionnaire
8 Scans Annually
Remediation Action Plan
Templates for Documentation
Remediation Implementation Review
Letter of Finding and Report on Compliance
PCI DSS Certificate and Seal
Quarterly Review
Annual Review for Re-certification

37
SPIguard CharitySecure Seal Program IFC Delegate
Pricing!

Level 1 merchants are excluded from special
pricing for IFC delegates
Level 2 merchants - 2500
Review of current Security Risk Management
Strategy
Review of Self-Assessment Questionnaire
8 Scans annually
Remediation Action Plan
Templates for Documentation
Remediation Implementation Review
Letter of Finding and Report on Compliance
PCI DSS Certificate and Seal
Quarterly Review
Annual Review for Re-certification
Price for IFC delegate organizations if you sign
up during the Conference 1250.00

Level 3 and 4 merchants 1000.00
Review of current Security Risk Management
Strategy
Review of Self-Assessment Questionnaire
8 Scans annually
Remediation Action Plan
Templates for Documentation
Remediation Implementation Review
Letter of Finding and Report on Compliance
PCI DSS Certificate and Seal
Quarterly Review
Annual Review for Re-certification
Price for IFC delegate organizations if sign up
during the Conference 500.00

38
Resource Links for PCI DSS

https//www.pcisecuritystandards.org/index.htm
http//usa.visa.com/merchants/risk_management/cisp
.html
Sourcehttp//www.mastercard.com/us/sdp/merchants/
merchant_levels.html
https//www209.americanexpress.com/merchant/single
voice/pdfs/en_GB/UK20Merchant20DSOP.pdf
http//www.discovernetwork.com/resources/data/data
_security_overview.html
https//www.pcisecuritystandards.org/pdfs/pci_dss_
v1-1.pdf
http//www.spiguard.com/charitysecure

Catherine Pagliaro, B.B.A. ePMT
CEO, C.N. Wylie Group Inc.
Catherine is a Social Entrepreneur by nature. In
1993, the Internet caught Catherines attention.
She understood immediately the Internets vast
commercial opportunity as well as the mediums
eventual ability to aid human development and the
planet. Catherine envisioned the creation of a
global hi tech solutions services organization
that would be both profitable and socially
responsible.
In December 1994 she founded C.N. Wylie Group
Inc. and Strategic Profits Inc. to create
profitable enterprises using knowledge, expertise
and technology solutions for the purposes of
spiritual advancement, human development and
bringing balance to the planet. To create
permanent sustainable communities for a
sustainable future for all! Catherine believes
that profit and social responsibility go hand in
hand by creating the circle of money flow. It is
her corporate mandate to work with people and
organizations with similar philosophies with a
strong focus on women and children's programs, to
facilitate positive changes for all inhabitants
of our planet and for our planet.
Catherine has an extensive knowledge and
expertise of e-commerce gained through creating,
with her team of experts,, a proprietary, secure
infrastructure of e-solutions, from creating and
teaching her Surefire series of Internet
educational seminars, with a focus on security
and privacy through hundreds of workshops,
consultations over the last thirteen years. Mrs.
Pagliaro is an excellent speaker including
engagements with e-Philanthropy.org, Industry
Canada, Soft World, Internet World, Comdex, and
many other venues.
Catherine is married with five grown children and
one grandson.

40
C.N. Wylie Group Inc.703-889 West Pender
StreetVancouver, B. C. CanadaToll Free N.A. 1
800 811-7811Toll Free Intl coming 44 (0)20
4067 7993 www.cnwylie.comwww.helpforcharities.co
mwww.spiguard.comcc_at_csfm.comToronto, Ontario
Canada905 910-0575

Write a Comment

User Comments (0)