May 28 2009

PCI compliance is essential and why you have to

Category: pci dssDISC @ 3:18 pm
Image result for pci dss compliance

 

During this down turn economy organized cyber crime is a booming underground business these days. Most of the security expert and FBI agree that cybercrimes are on the rise and pose a biggest threat to US vital infrastructure. Cybercriminals are thieves in cyberspace who will swipe the sensitive data and sell to other criminals in their community, who might turn around and ask for ransom to keep the data private or perhaps resell to the highest bidder again in the black market. The risk of getting caught is minimized by legal jurisdiction and neglected by huge monetary gains. Motivated by potential gains, cybercriminals are determined to exploit the vulnerabilities of the target rich environment. Another issue to this problem is that our personal and private information has potential to be exploited at various locations such as banks, credit card companies, credit debit card processor, credit report companies and merchants etc…

Level 1, 2 and 3 merchants usually follow security best practice, allocate enough resources and try to maintain PCI compliance. On the other hand level 4 merchant are usually not compliant and have security vulnerabilities which are easy picking for cybercriminals, which is a primary reason why more security breaches happens to level 4 merchants. PCI was apparently created to safeguard the credit card and debit card data. PCI DSS standard are managed by PCI Security Standard Council.

The most significant reason to comply with PCI is because you have to.

 

PCI DSS address the baseline security for payment card infrastructure and ROI is a total cost of ownership. PCI DSS cannot guarantee absolute security but making organization to adhere to due care security justify its cost and use. As far as liability goes the security breach will be very detrimental in the state of non compliance which will include fines, legal fee and possibly lose the credit card processing ability. To motivate themselves, merchants should also remember that their customer’s data is worth a lot of money to cyber criminals.

The trick is keeping the state of compliance – true security of credit card holder data requires nonstop assessment and remediation to ensure that likelihood and impact of the security breach is kept as low as possible. PCI compliance is not a project; it’s an ongoing process of assessment. PCI assessor utilized defined set of controls objectives to assess the state of compliance. PCI provides an option of doing internal assessment with an officer sign off.
Merchants should monitor and assess to keep compliance on ongoing basis. Implement defense in depth mechanism and apply security control at every layer (network, application, operating system, and data). The idea is to make their job hard enough so the attacker moves on to easier target.

Check my previous posts regarding PCI DSS.
pci-dss-misconceptions-and-facts
pci-dss-significance-and-contractual-agreement

Vulnerability Scanner that scans your machine, reports back on vulnerabilities, and provides solutions to fix them

 

Recommended books to implement PCI DSS compliance process

 

Tags: Credit card, defense in depth, level 4 merchant, Merchant Services, pci dss, PCI Security Standard Council, roi, Security, Total cost of ownership

3 Responses to “PCI compliance is essential and why you have to”

  1. PCI compliance is essential and why you have to comply « Emerald Business Systems Blog says:

    […] PCI compliance is essential and why you have to | DISC InfoSec blog. Leave a […]

  2. Hackers steal credit-card numbers from restaurant customers | DISC InfoSec blog says:

    […] compliance is essential and why you have to comply « Emerald Business Systems Blog on PCI compliance is essential and why you have toHackers steal credit-card numbers from restaurant customers | DISC … Boat by about on Hackers […]

  3. Immigration Lawyers says:

    Immigration Solicitors…

    […]while the sites we link to below are completely unrelated to ours, we think they are worth a read, so have a look[…]…

Leave a Reply

You must be logged in to post a comment. Login now.