Businesses that handle payment card data have to become compliant with the Payment Card Industry Data Security Standard (PCI-DSS) V3.0 by December 31, 2014.
If you handle card data, are you prepared for the challenge?
The changes introduced in PCI DSS V3.0 were made based on the feedback from the PCI community and focused on increasing awareness and education, flexibility and security as a shared responsibility.
The continued widespread global credit card breaches have touched everyone from large to small business and the individual – making the impact personal.
Technology has transformed the way consumers buy goods and services. However, with this transformation has come an explosion of the ways an attacker can steal payment card information.
Some challenges to consider are as follows:
- Compliance over Security – compliance does not equal security. Security must be a daily priority built into business processes. Security requires a daily coordinated focus on people, process and technology and must be part of business as usual.
- PCI-DSS represents a baseline of security measures. If your risks are greater, then additional and appropriate security measures must be implemented.
- Reducing the scope as much as possible will help keep the complexity, understanding and risks to a minimum of the Cardholder Data Environment (CDE).
- Understanding what is happening in your systems and then taking greater measures to protect the data within them.
- Mapping between technical risk and business risk to help businesses make informed long term decisions on compliance.
Please see the latest Verizon Reports (2014) on the global state of PCI-DSS compliance; http://www.verizonenterprise.com/pcireport/2014/