PCI, What is it Good for?: Absolutely Everything

By

All retailers and merchants strive to be PCI compliant, yet how do organizations cost effectively protect payments and accompanying data when the customer is buying everything from a $1.00 parking pass to a $100k car?

To better understand how PCI works, this article will address the history, outline the benefits of PCI compliance, and discuss ways to ensure the proper systems are in place, no matter the size of the purchase or organization.

History

The Payment Card Industry (PCI) standards group was created by five leading financial institutions; American Express, Discover Financial Services, JCB International, MasterCard and Visa, to pioneer a unified security standard as the foundation of the payment card industry.

The PCI Data Security Standard provides an action plan for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents, which must be followed by any entity that processes payment cards.

Organizations rely on PCI to flag data security issues that occur through the use of payment processing. In a time of omni-channel purchasing via mobile devices, it takes a significant effort to prevent data breaches that could lead to a loss of reputation and loss of revenue.

The string of high profile breaches over the past few years, including Target and Living Social, collectively affected more than 120 million customers by exposing credit card numbers and personally identifiable information to cybercriminals.

Ensure

PCI requirements are positioned to help with the following:

  1. Protect cardholder data
  2. Build and maintain a secure network
  3. Ensure the maintenance of vulnerability management programs
  4. Implement strong access control measures
  5. Regularly monitor and test networks
  6. Ensure the maintenance of information security policies

For many, maintaining compliance is a herculean effort, but failure to comply with these standards may leave a company’s Achilles heel exposed.

The PCI Security Standards Council is constantly working to mitigate threats, with enhancements to PCI standards and through proactive training of security professionals. However, it is also the responsibility of the organization to ensure compliance is maintained and proper systems are in place.

Staying Compliant

Here are some helpful hints to stay compliant:
 

  1. Maintain systems so all your patches are up to date: Patch management systems enable full control of your systems’ patching activities. You can deploy security patches to test machines, and then push them out to all the rest of your environment, while running reports to ensure that there is 100 percent compliance across all servers and workstations. Organizations utilize patch management systems to provide reports, to management as well as auditors.
  2. Who, what, when and where: Keeping a record of all activities will prove to be very useful, even as a proactive prevention of breaches. As data breaches become more frequent and sophisticated, having standards in place that ensure compliance allows peace of mind for customers, employees and investors alike.
  3. Great wall of fire:  The “set it and forget it” firewall is only slightly better than no firewall at all. According to the United States Computer Emergency Readiness Team (US-CERT), the most common configuration mistake is not providing outbound data rules, which can leave the business open to external attack. The PCI standards group recommends that your business review firewall and router configurations every six months.

While some may see avoiding a failed audit as the only reason to maintain compliance, it is in fact an opportunity to ensure the protection of not only your organization, but your customers as well.

For more information: https://www.pcisecuritystandards.org




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More