Protecting information is not optional

September 2008 Cyber Security

Horror stories of companies carelessly losing thousands or even millions of records containing customers’ credit card information will soon be a thing of the past. A new compliance standard, designed by Visa and MasterCard, and endorsed by other card giants, now forces merchants that retain clients’ personal information to efficiently safeguard the information.

“The Payment Card Industry (PCI) Data Security Standard creates common industry security standard that effectively eliminates the possibility of careless or malicious loss of information,” says Amir Lubashevsky, director of Magix Integration. “Merchants wanting to continue accepting credit or debit card payments, collect, process or store credit card transaction information, regardless of their transaction volume, are required to meet the PCI standard. Failure to comply may result in substantial fines or permanent expulsion from card acceptance programmes.”

Amir Lubashevsky, director of Magix Integration
Amir Lubashevsky, director of Magix Integration

Lubashevsky adds that the demands of the PCI standard extend much further than simply protecting a database or a server. Everything from the network to the database must be protected according to best practice standards and certified by the card companies. And even this is only the beginning.

Organisations must also ensure they encrypt any and all transmissions of data including this sensitive information to prevent it from falling into the wrong hands. Additionally, to be fully compliant steps must be taken to ensure an employee is not able to copy data onto a USB drive, walk out the door and give it to unauthorised parties.

“This is not a exercise in risk mitigation and it is definitely not one of those nebulous risk minimisation processes organisations undertake to project an image of security,” Lubashevsky explains. “Since failure is not an option, organisations involved with card transactions will have to implement a PCI compliance process of risk elimination. This process can not allow for the continued existence of gaps or unsecured connections.”

To accomplish this difficult task requires more than a once-off risk management project. It requires an organisation to run an initial compliance audit to identify and eliminate its current vulnerabilities. Thereafter it needs to continually audit its systems, processes and infrastructure for new vulnerabilities and resolve them as they occur. This is a resource intensive task and is best done via automated compliance tools that operate seamlessly in the background and only require human intervention in exceptional circumstances.

Paying lip service to data protection in the world of credit and other transaction cards is over. Once the grace period is over and merchants are forced to comply, failure will not result in a public relations challenge, but serious financial penalties and even the inability to transact with plastic – a death knell in today’s society.

For more information contact Amir Lubashevsky, Magix Integration, +27 (0)11 258 4442, amirl@magic-sa.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Introducing adaptive active adversary
Cyber Security Products
New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and improved frontline defences against advanced cyberthreats and streamline endpoint security management.

Read more...
Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Read more...
Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.

Read more...
Recession? Do not skimp on cybersecurity
Cyber Security Security Services & Risk Management
While economists are studying their crystal balls, businesses have to prepare for the worst, and preparing for a recession means cutting costs and refocusing resources; however, they must ensure they do not end up creating an enormous risk.

Read more...
Organisations are increasing modern data protection for cloud workloads
Cyber Security
The Veeam Cloud Protection Trends Report for 2023 identifies what is driving IT leaders to change strategies, roles and methods related to both production and protection of cloud-hosted workloads.

Read more...
Cybersecurity in Africa: The challenges and solutions
Training & Education Cyber Security
Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talent and secure IT infrastructures. Facing this challenge will require supporting and nurturing the next generation of security graduates and professionals.

Read more...
Zero Trust to dominate 2023
Cyber Security Access Control & Identity Management
Traditional ways of safeguarding data are no longer sufficient in 2023. Zero Trust has emerged as a more proactive way for businesses to keep their systems, data, and networks protected against compromise.

Read more...
Cybersecurity in 2023
Technews Publishing Gallagher Cyber Security
What is on the cybersecurity menu in 2023? Hi-Tech Security Solutions offers two views from industry players on the risk environment and what to look out for in the cyber world in the coming year.

Read more...
Hardening physical security against cyberattacks
Genetec Editor's Choice Cyber Security IT infrastructure
As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cybercrime has risen steadily, along with tools to combat it. Geopolitical tensions have the potential to rapidly unleash devastating cyberattacks worldwide.

Read more...
Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Read more...