Your rotation assignment takes you to the Office of theChief Financial Officer (CFO).

An external audit of the company’s financial operations has just beencompleted. Last week, an “early look” copy of the audit was sent tothe CFO with a request for a formal written response for each of the findings.Some of the problem areas were known to the CFO’s staff and they were alreadyworking on the required responses. But, there is one set of findings that cameas a complete surprise — Shadow IT — the unauthorized / unapproved use ofcashless payment technologies by certain locations and offices within thecompany. These technologies included:

Micro payments using a payment card issued by guest services to hotelguests and via unattended vending machines to visitors. These payment cards areloaded with a cash value deposited to the card’s account via a credit cardcharge. Guest services also credits some of these payment card accounts with”reward dollars” for guests who belong to the hotel’s affinityprogram. The payment cards are used at service locations which do not have acashier station. e.g. game arcade, self-service laundry or sales kiosk, etc.The payments are processed by a third party service provider which then uses anelectronic funds transfer to pay the hotel its share of the income.

The CFO must make a presentation to the IT Governance board about thesepayment systems as a first step towards either getting approval for continueduse or issuing a “cease and desist” directive to force the rogueoffices and locations to stop using the unapproved payment systems. The presentationmust include information about known or suspected compliance issues forPCI-DSS. The IT Governance board has previously asked project sponsors forinformation about potential privacy and security issues.

Your team leader has asked you to read the provided backgroundinformation (4 links below) and then put together a 2 page summary ofthe important points from your readings. You have also been asked to helpidentify and describe / explain 5 or more privacy and security issues thatcould arise in conjunction with the use of the technology being studied by yourteam. Remember to keep your focus on the financial aspects of the technologyimplementation since you are contributing to the CFO’s effort. (Financialaspects include how payments are made, what types of information are exchangedand with whom, how that information is protected, etc.)

Provide in-text citations and a reference list at the end of yoursummary paper (APA format recommended).

https://www.americanbar.org/groups/litigation/committees/minority-trial-lawyer/practice/2019/the-payment-card-industry-data-security-standard/

https://www.pcicomplianceguide.org/2019-pci-compliance-annual-plan/

https://www.creditcards.com/education/emv-faq-chip-cards-answers-1264/

https://www.consumerfinance.gov/consumer-tools/credit-cards/