We use cookies to improve your online experience. For information on the cookies we use and for details on how we process your personal information, please see our cookie policy and privacy policy. By continuing to use our website you consent to us using cookies. Continue

PCI DSS Compliance Reduces the Risk of Data Breaches

Mon, 13 Aug 2018 11:20

The payment card industry data security standard (PCI DSS) is designed to protect consumers by encouraging businesses to do more to protect payment card details. A recent survey by US Internet giant Verizon found that compliance with PCI DSS can be a powerful force in fighting cyber-crime – but many organisations struggle to maintain full compliance with the standard.

Speaking to Computer Weekly, Verizon's head of advisory services Gabriel Leperlier commented: "Since 2010, not a single organisation that has been breached was 100% PCI DSS compliant at the time of the breach." This is a remarkable finding. Why are so few organisations struggling to comply with the standard?

Firstly, it helps to examine the 12 requirements of PCI DSS:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update antivirus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

In addition to these 12 requirements, digital security teams must contend with changing technology, workplaces that are riddled with web-connected devices, malicious employees and a host of determined hackers, criminals and foreign agents – who are all working day and night to access a company's valuable data.

As Leperlier puts it: "Many organisations struggle to keep up with the continual cycle of scanning, testing and patching, which is why it is important to involve all employees, so they understand why certain security controls are in place and will be more likely to stick to them rather than finding ways around them."

Achieving and maintaining PCI DSS compliance does not guarantee that you won't be hacked – but failing to maintain compliance is a sure-fire way to attract the attention of hackers and criminals. After all, dropping the ball on PCI DSS compliance effectively means you're making life easier for anyone who wants to steal your data.

There are many examples of companies that have paid a heavy price for data breaches that could have been prevented by complete compliance with PCI DSS. For example, US retail giant Home Depot agreed to pay at least $19.5 million to consumers harmed by a data breach in 2014. The breach occurred because Home Depot used inadequate security software and weak data protection policies. Under PCI DSS, companies are required to conduct vulnerability scans – something that was not carried out fully at Home Depot.

PCI DSS compliance may be difficult to achieve and maintain, but it seems the costs of dealing with a major data breach are likely to be far higher than the price of meeting the 12 requirements outlined above.

Click here to learn more about PCI DSS eLearning from Deltanet International.

Get in Touch

* Required Field

Get in Touch

Get in Touch

Get in Touch

+44 (0)1509 611 019

We'd love to talk to you about how we can help. Please leave your details below and a member of our team will get back to you.

* Required Field

Get in Touch