Last month Jeremy King, the European Director for the Payment Card Industry Security Standards Council (PCI SSC) had an interview with BankInfoSecurity.com, in order to address pain points they encounter as they continue to shape the Payment Card Industry Data Security Standards (PCI DSS). The issues of new technology and the propensity for more organized criminal activities creates unique problems for the council.
Any company that stores, transmits, or processes credit cardholder data must be PCI compliant, and as a council it’s important that the processes used by these companies is taken into consideration to ensure the safety and security of the broader public. King points out to BankInfoSecurity.com that a large issue is keeping pace with the proliferation of different tech:
“The biggest similarity and the biggest challenge going forward is new technology, new technology, new technology. As fast as we’re gaining and driving security, there seems to be a new payment technology, technique or method coming online. Whenever you get new technology, you get new security challenges and new ways that criminals can break into your systems, which means this is an ongoing problem for everybody.”
An example given by King is the use of kiosks at brick-and-mortar stores, so if there isn’t an item in stock the consumer can immediately buy the correct item from the online store. This integration of e-commerce and physical stores causes unique issues for security. The council works through these new processes by creating new requirements and updating the PCI DSS continually.
Another focus of the PCI SSC and their special interest groups is third party processors. Many vulnerabilities are exploited through third party providers, which puts the merchant and customers at risk. As a merchant, one way to cover your bases is to check their compliance audit reports. With an independent audit under their belt, third party providers, such as PCI compliant hosting providers, should have a Report on Compliance (ROC) available to show you. This piece of due diligence can provide lots of valuable insight into a company before partnering with them.
One of the biggest global challenges that King describes is an increasing number of breaches involving organized criminal gangs. The crime ring that breached NASDAQ, Visa, JetBlue, and others isn’t an isolated incident. With more organized crime getting involved in PCI data breaches, the ability to share their capabilities rises, and spreads. King states that this is a legitimate reason for the ability to see many of the same kinds of attacks in many different areas around the world. Getting more community involvement with the council, in King’s opinion, is a good way to shed light on legitimate and widespread problems, and can help to more quickly develop solutions.
For more information about other ways to secure your servers, read about our Technical Security services.
Or, if you’re confused about how to meet technical security requirements of PCI DSS, read our PCI Compliant Hosting white paper. It discusses the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center both technically and contractually, and outlines the benefits and risks of data center outsourcing, and vendor selection criteria.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.