Strengthening PCI DSS Compliance – Some Considerations

 

If you are in the financial services industry, how do you create a secure environment that is compliant with the Payment Card Industry Data Security Standard (PCI DSS)?

Every other day, the Internet is flooded with reports of card holder information theft, financial data loss due to misconfigured ‘secure network environment’, identity theft and so on.

To start with, the PCI DSS compliance standard defines various merchant levels, validation types, and most importantly, PCI requirements (12 requirements) and hundreds of controls/sub-controls that ought to be followed to the letter.

According to a recent Verizon 2014 PCI Compliance Report, only 11.1% of companies passed all 12 requirements, and a little over 50% of companies passed 7 requirements.

 

Hackers are upping their ante. Getting into the specifics of PCI DSS compliance to protect financial data can be daunting, yet unavoidable. Well, the good news is, with a proper NCCM software, you can ensure that:

  1. Your network is secure and compliant
  2. You efficiently pass audits and avoid ‘last minute’ pressure (not to mention that unique combination of surprise audits & Murphy’s Law!), and
  3. You don’t contribute to the ‘cost of non-compliance’

Cost of PCI DSS non-compliance

Costs incurred in terms of heavy fines (millions of USD) for regulatory non-compliance, and/or, losing financial data amounting to millions/billions of dollars.

Some inconvenient stats: Global card fraud – over $11 billion in 2012 (The Nilson Report, 2013). Losses from fraud using cards issued in Single Euro Payments Area (SEPA) is about €1.33 billion, in 2012 (Third Report on Card Fraud, European Central Bank).

Ensuring 100% PCI compliance in your network can be challenging due to one or more of the following:

Of course, all network admins try their best to ensure compliance and keep their networks secure, doing so in their own style. A few important things they may need, to better manage compliance would be:

The PCI DSS standard is here to stay, and it’s only going to get tougher and tougher to counter the rising fraud rates. So, how are you coping up in complying with PCI standards?

 

Originally published on thwack | Image

Exit mobile version