“The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.”
What do I need to do?
Did you know PCI DSS requires Quarterly Vulnerability Scans?
One way to improve your security posture is by performing Quarterly scans, which are required in accordance with PCI DSS. In order to comply with PCI Security Scanning requirement, merchants and service providers must have their web sites or IT infrastructures with Internet facing IP addresses scanned. TruShield recommends “internal and external” scanning of all IT infrastructures due to the numerous viruses and methods of the attacks per your environment which can go undiscovered. Viruses and attacks often go unnoticed and undetected therefore TruShield highly recommends internal and external scanning of your entire IT infrastructure and assets.
Who regulates these standards?
PCI Security Standards Council regulates these standards and recommends continuously monitoring and enforcing the use of controls specified in the PCI Data Security Standard. Major concerns and gaps are being recognized by only focusing on annual compliance assessments. However, by working continuously through monitoring and scheduling quarterly vulnerability scans; it will improve your cyber security posture.
What organizations should be aware and why?
Data breaches are escalating at a rapid pace. Small merchants, retailers, and enterprises are all prime targets for data breaches. PCI Compliance is designed to protect cardholder data and identify vulnerable endpoints to prevent organizations from becoming tomorrow’s news headlines. This is why TruShield recommends monitoring down to the endpoints using a multipronged approach as opposed to monitoring the perimeter. We have seen numerous reports from our 2015 Annual CTI report, which has identified IOCs within the environment, such as registry changes, which would be identified quicker through our approach.
Several Malicious Viruses:
“If you lose card data i.e. suffer a data breach and you are not PCI DSS compliant you could incur Card Scheme fines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. Your customers may also not want to do further business with you.”
More companies are being driven to become compliant, however considering the monumental amount of information surrounding compliance, each company cannot implement and re-mediate their compliance issues on their own and it is best to rely on the experts. It may seem cost prohibitive at first, but in the long run your company will benefit from entrusting your PCI DSS compliance standards to the professionals.
Great references on PCI compliance:
For additional information, please refer to https://www.pcisecuritystandards.org/