Why Comply With PCI?

Why Comply With PCI?

There were 26.2 billion credit card transactions, 47.0 billion debit card transactions, and 9.2 billion prepaid card transactions that occurred in the U.S. in 2012. 1 That totals 82.4 billion transactions required to fall under PCI DSS Compliance and this number is only predicted to rise each year.

Any business that stores, processes, or transmits any of this cardholder data is required to comply with PCI DSS (Payment Card Industry Data Security Standard). The PAN (Primary Account Number) on the front of a card, and any other sensitive data physically present on the card or stored on the card’s magnetic strip must all be protected. Additional sets of security standards for organizations to abide by are set by the individual payment card brands.

81% of companies in the U.S. and Europe store payment card numbers, putting these organizations at risk for both internal and external threats. 2 Data breaches seem to be occurring every day and are making news headlines across the globe. Rather than pressing your luck and breathing a sigh of relief that you were not the next victim, an easier (and more cost effective) solution is to implement a safeguard against the risk.

There are six goals of PCI DSS with subsets of requirements for each. 2 STEALTHbits’ suite of data, infrastructure, and application security solutions, including StealthAUDIT®, StealthINTERCEPT®, and other Sensitive Data Discovery solutions, address subsets of all six goals, as seen below.

Goals Requirements STEALTHbits
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel

The first, and perhaps most critical step in ensuring compliance with PCI DSS, is to discover where data subject to the standard exists. Our Sensitive Data Discovery solutions were designed to:

  • Quickly and efficiently identify where data exists across Desktops/Laptops, Servers, and Network File Shares
  • Profile where your greatest risks exist based upon key factors such as the number of people with access to the data
  • Discover sensitive data conditions with surgical accuracy

By pinpointing the location of unprotected cardholder data, organizations can secure their data through a variety of built-in actions and reporting capabilities, aligning with PCI DSS goals.

1 2013 Federal Reserve Payments Study
2 PCI DSS Quick Reference Guide

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.