COMPLIANCE

eCommerce and PCI DSS In the Compliant Cloud

Posted 2.12.21 by
Carrie Kennedy
Blog

eCommerce exploded in 2020. In the US, as reported by DigitalCommerce360, Consumers spent “an incredible 44.0% more online”, year over year- 3Q 2019 to 3Q 2020. The rest of the world also grew eCommerce at significant rates, including previously sluggish online markets.

DigitalCommerce360 reports that Russia online sales increased 45% Y/Y, Brazil 66% Y/Y, and Mexico, where less than 5% of retail sales occurred online pre-pandemic, increased online sales by 54%. While eCommerce has facilitated essential services for the world during the pandemic, there’s a dark side to the increase in transactions, minting tons of new consumer data and records so highly prized by the cybercrime community.

Increased Breaches and Credit Card Fraud Follows eCommerce Growth

According to CNBC and Aite Group “at the end of 2020, the U.S. was seeing about $11 billion worth of losses due to credit card fraud.” Looking at the increase in cybercrime from a breached record perspective, there were almost 8.5 million records lost in Q1 2020 alone. Almost 1,200 breaches were reported as the container for those 8.5M lost records with “hacking” identified as ~70% of the root cause.  With the record-breaking increases in eCommerce and associated waves of cybercrime, how do we consider the role of PCI DSS compliance to reduce the number and frequency of breaches?

PCI DSS Would Help…If More Organizations Were Compliant

The Payment Card Industry Data Security Standard (PCI DSS) sets security standards for the storage, transmittal and processing of records and data. These are comprehensive and broad standards that offer not only compliance requirements, but also layout best security practices for technology and human interactions with data, records, and transactions.  Tying together the increases in cybercrime and the lack of adherence to the sound principals of PCI DSS, the 2020 Verizon Payment Security report reveals that- less than 30% of organizations achieved full [PCI DSS] compliance during [their] interim validations in 2019. Lack of compliance generally indicates that PCI DSS best practices aren’t fully adopted and practiced as part of day-to-day business thereby increasing the organizations risk and vulnerability to hacks and cybercrime.

There’s Potentially a Significant Cost Element to Reduced Compliance 

The 2020 IBM Cost of a Data Breach report puts the average cost for a breach at $3.86M globally ($8.64M US) including Detection and Escalation, Notification, Lost Business and Ex-post Response. That’s a significant cost for all businesses especially when you consider the time and resources required to unwind the damage from a hack.  An interesting Breach Cost Calculator from the same IBM report shows that employee training could reduce the cost of a breach by $370,000+ and Business Continuity by $470,000+; both of these areas are covered in specific PCI DSS recommendations/standards.

A Partner to Improve Your PCI DSS Compliance and Reduce Business Risk

In summary, growth in eCommerce and the resulting increases in cybercrime mean your business needs to enhance its security profile through better alignment to the requirements of PCI compliance. To bring your business in line with PCI, it may be in the best interest of the organization to partner with a vendor that can assist you with the following:

  • Assessment of current PCI DSS compliance efforts.
  • PCI Level 1 auditing, compliant clouds and colocation facilities built upon high-availability, fully redundant infrastructure.
  • Managed and self-managed clouds with native encryption to the hardware level.
  • PCI compliant recovery sites to keep your core systems fully tested, managed and protected.
  • PCI compliant Disaster Recovery as a Service and Managed Backup.
  • Understanding and preparation for upcoming PCI DSS 4.0.

 

Additional Information

To understand more about how security and compliance can save you and your customers, you might be interested in watching the Otava Security and Compliance Webinar (full recording and presentation)

PCI DSS 4.0 and Cloud Services

PCI DSS 4.0, the proposed revision to the Payment Card Industry Data Security Standards V3.2.1, is currently scheduled for completion by mid-2021

Cloud-based cybercrime: Is there hope?

It seems almost weekly there is new information related to cybercrime and the cloud.

Video:  Ransomware preparedness with Otava, Veeam and MSPs: Our panel covered many topics in a roundtable-style discussion, starting first by reviewing the main strains of ransomware prevalent in the industry today, and what they’re seeing in terms of risk mitigation.

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.