Protecting information is not optional

September 2008 Cyber Security

Horror stories of companies carelessly losing thousands or even millions of records containing customers’ credit card information will soon be a thing of the past. A new compliance standard, designed by Visa and MasterCard, and endorsed by other card giants, now forces merchants that retain clients’ personal information to efficiently safeguard the information.

“The Payment Card Industry (PCI) Data Security Standard creates common industry security standard that effectively eliminates the possibility of careless or malicious loss of information,” says Amir Lubashevsky, director of Magix Integration. “Merchants wanting to continue accepting credit or debit card payments, collect, process or store credit card transaction information, regardless of their transaction volume, are required to meet the PCI standard. Failure to comply may result in substantial fines or permanent expulsion from card acceptance programmes.”

Amir Lubashevsky, director of Magix Integration
Amir Lubashevsky, director of Magix Integration

Lubashevsky adds that the demands of the PCI standard extend much further than simply protecting a database or a server. Everything from the network to the database must be protected according to best practice standards and certified by the card companies. And even this is only the beginning.

Organisations must also ensure they encrypt any and all transmissions of data including this sensitive information to prevent it from falling into the wrong hands. Additionally, to be fully compliant steps must be taken to ensure an employee is not able to copy data onto a USB drive, walk out the door and give it to unauthorised parties.

“This is not a exercise in risk mitigation and it is definitely not one of those nebulous risk minimisation processes organisations undertake to project an image of security,” Lubashevsky explains. “Since failure is not an option, organisations involved with card transactions will have to implement a PCI compliance process of risk elimination. This process can not allow for the continued existence of gaps or unsecured connections.”

To accomplish this difficult task requires more than a once-off risk management project. It requires an organisation to run an initial compliance audit to identify and eliminate its current vulnerabilities. Thereafter it needs to continually audit its systems, processes and infrastructure for new vulnerabilities and resolve them as they occur. This is a resource intensive task and is best done via automated compliance tools that operate seamlessly in the background and only require human intervention in exceptional circumstances.

Paying lip service to data protection in the world of credit and other transaction cards is over. Once the grace period is over and merchants are forced to comply, failure will not result in a public relations challenge, but serious financial penalties and even the inability to transact with plastic – a death knell in today’s society.

For more information contact Amir Lubashevsky, Magix Integration, +27 (0)11 258 4442, [email protected]

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Defining the resilience of cybersecurity
Cyber Security Security Services & Risk Management
Cyber resilience is less buzzword and more critical business strategy as the cybercrime landscape grows in intent and intensity.

How to stay cybersafe on business trips
Cyber Security
No matter where you are in the world, tech-savvy criminals are looking for ways to exploit email addresses, social media profiles, passwords, financial data and stored files.

The challenge of data safety and availability
Technews Publishing Editor's Choice Cyber Security
Veeam offers backup and recovery software that presents the user with one interface to manage backups to and from almost any platform.

How safe are your backups?
Technews Publishing Cyber Security
Immutable backups prevent malware from compromising your data and ensure the right data is restored in an emergency when following a four-step backup process.

Growing cyber resilience portfolio
Technews Publishing Cyber Security
Hi-Tech Security Solutions spoke to Richard Frost, who heads up Armata, to find out what the company offers in terms of cyber resilience.

Adopting a cyber-secure mindset
Security Services & Risk Management Cyber Security
Adopting a cybersecure mindset is the key to mitigating the risk of falling victim to the growing cybercrime pandemic.

Advanced technologies to curb corruption
News Cyber Security IT infrastructure
The use of advanced technology to curb fraud, corruption and cyber-related crimes received a massive boost as the Council for Scientific and Industrial Research (CSIR) and Special Investigation Unit (SIU) agreed to work together.

Reversing the hidden risk of permission creep
Cyber Security
Employees can collect a range of access rights to business systems throughout their tenure. It's a phenomenon called 'permission creep': one of the biggest cybersecurity risks for organisations today.

Mitigating the risk of zero-day attacks against Microsoft 365
J2 Software Cyber Security
Microsoft 365 servers contain extremely sensitive information and most organisations simply cannot do without it for an extended period of time.