The new Payment Card Industry’s Data Security Standards were recently released, which provide guidelines to improve card transaction security. All organizations that enable customers to pay using credit, debit or cash cards must ensure they are compliant with these standards to enhance data loss prevention efforts and improve customer security protections.
PCI DSS was first created in 2004 by major credit card companies Visa, Mastercard, Discover and American Express. The initiative has six major objectives: Maintaining a secure network, establishing data storage protection protocols, securing systems against cybercriminals, securing access to the network, controlling information access and network monitoring.
A focus on security training
Jeremy King, PCI Security Standards Council director, told ComputerWeekly that businesses should implement security into their daily habits.
“Organizations should aim to make PCI DSS as part of business as usual because the standard provides the best set of requirements and processes for protecting data,” King said.
The newest version of the guidelines aim to assist companies in taking a proactive approach to data loss prevention and protecting cardholder information. This is the third release of PCI DSS, and this report heavily focuses on security training, according to ComputerWeekly. The standards provide outlines for password security, as well as measures to ensure that payment card data protection practices evolve with the pace of technology and industry trends.
TechTarget stated that the new standard also calls for strict anti-virus, anti-spyware and anti-malware software for optimum endpoint data protection. Organizations utilizing payment cards need to ensure that all enterprise applications and endpoints do not contain security weaknesses or bugs that could lead to data leakage. Vendors should regularly update systems and patch all networks as they become available to mitigate the risk of security vulnerabilities.
Additionally, businesses should control the access to sensitive customer information, including cardholder names, addresses, Social Security numbers, birthdates and other data. This way, each individual who accesses this kind of information must be issued a unique ID name or number as a way to track who is accessing the information, TechTarget stated. In addition, all activity on the network should be closely monitored.
Because many different organizations utilize payment cards, they must ensure their compliance with these guidelines. Furthermore, the report outlined best practices to prevent data leakage and protect customers.
“From the world’s largest corporations to small Internet stores, compliance with the PCI Data Security Standard is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure,” stated the PCI Security Standards Council website.
However, the size and type of business will determine individual compliance measures. The payment brands are responsible for managing compliance and ensuring that agencies follow the set guidelines. These companies also sanction penalties for businesses found to be non-compliant with PCI DSS.
Organizations seeking to ensure compliance can turn to Ziften, a leading provider of compliance monitoring technology. Ziften can help businesses guarantee that they are running the software necessary to comply with industry standards and identify non-compliant programs on the network. In this way, companies can ensure the security of sensitive data within their systems.