Compliance Standards

Consistently testing and quickly addressing risks to your network security system is not just one of the common security controls that can be looked over, it is imperative to effective and safe performance. If your companys security system does not receive the necessary updates to its infrastructure, it can be potentially devastating for your organization.

Not being on top of these essential tasks can open the door to a myriad of cyber security threats from internal and external sources that could take years to recover from. However your business plans to approach security system testing, you should make sure you efforts fall in line with Payment Card Industry Data Security Standard (PCI DSS) requirements.

Were not even midway through 2018, and this year has already seen some of the most high profile companies and brands become victims to potentially malicious cyber attacks. Delta Airlines, Sears, and Panera Bread are just a few examples of high-profile companies that have had to contend with data breach and unauthorized access by outsiders so far this year.

The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa. Non-compliance with the 12 requirements specified in the PCI Data Security Standards (DSS) puts your company at greater risk of a future data breach that comes with a steep financial cost as evidenced by the plethora of well publicized data breaches last year alone. Of the 12 PCI DSS requirements, it was found that 79% of failed PCI Compliance assessments were in non-compliance because of not being able to protect cardholder data via requirement 3. Thats huge.

Keeping cardholder data safe and secure is an important part of your business as well as an agreement with your payment card brands and acquirers in order to accept the credit card based payments. Compromised data has a negative impact on everyone involved. Protecting data can help:

• Improve customer relationships
• Increase overall profitability in any program
• Prevent damage to your business’s reputation

This blog is part of our series of articles that will address frequently asked questions and provide a comprehensive guide on PCI DSS requirements and compliance.

Before we talk about QSA and on site assessment process for PCI compliance, heres a quick recap of the basics on PCI DSS.

Credit cards hold a remarkable amount of cardholder data. If that data were to fall into the wrong hands, it could ruin a persons life. Now, imagine your company has a database of millions of credit cards that are unique to their cardholder. If that database were to be remotely breached via a phishing scam or hack, your entire database of payment cards could be stolen in a blink of an eye. In 2012 alone, attackers posing as legitimate service people substituted the payment devices and subsequently compromised three large retailers. It was found that 39% of organizations had been breached through insecure remote access (which was the single largest origin of compromise that organizations encountered).