PCI Compliance: Why You Should Take It Seriously

By slpowers on April 9, 2015 • ( 0 )

Online retailers are struggling with an increased number of security breaches and 80 percent of businesses fail interim PCI compliance assessment.

According to the Verizon 2015 PCI COMPLIANCE REPORT, “in 2014, two-thirds of organizations did not adequately test the security of all in-scope systems.” An astonishing number considering the risk.

Payment Card Industry (PCI) security standards are minimum requirements for protecting your customers’ payment card information. Adopted by Visa, MasterCard, American Express, Discover Card, PCI compliance is required for all merchants that store, transmit, or process payment card information in an effort to keep that valuable information secure.

As more and more credit card processing takes place online, hackers see a feasible way to profit. And while PCI noncompliance is just one cause of data breach, it should be a forewarning to businesses that have left PCI compliance on their To Do list.

The data from the Verizon report shows that the volume and scale of data breaches in the last 12 months proves that current techniques are not stopping attackers — in many cases they aren’t even slowing them down, “$20 trillion in credit card transactions expected for 2015, security has become a top priority for organizations that accept credit cards.”

A report by Century Business Solutions shows that an astonishing 70% of data breaches occur in small business.

Data breaches and losses incurred by small businesses may not even appear as a statistic in the grand scheme of things, but they sure matter to the business, the business owner and their customers. More than ever, it is crucial for businesses to be aware of the significant challenges they are facing in the online threat landscape.

According to the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime each year. And of those, some 60 percent go out of business within six months after an attack.

As stated by PayPal, “Businesses that want total control of their online payment process can choose to meet the requirements themselves. These measures include implementing quarterly scans and audits, passing security assessments, building and maintaining a secure network, and other controls.”

However, the three key areas where organizations fall out of compliance are: regularly testing security systems, maintaining secure systems and protecting stored data,

Reported in the PCI Council Guidance On Penetration Testing,

Organizations can use penetration testing to identify and exploit vulnerabilities to determine whether unauthorized access to their systems or other malicious activity is possible. It is also a critical tool for verifying that segmentation is appropriately in place to isolate the cardholder data environment from other networks and to reduce PCI DSS scope. Often times, networks considered out of scope are compromised because of poor segmentation methods.

That’s a lot to take on when you’re already trying to run a business.

Verizon also mentioned in their report that, PCI DSS compliance should not be seen in isolation, but as part of a comprehensive information security and risk-management strategy. And we couldn’t agree more.

SLPowers’ Managed Security solution makes sure your business is in compliance at all times. PCI DSS can be complex and difficult to manage. It’s a delicate task to balance the importance of defending your network and the integrity of your sensitive or mission critical data, while satisfying regulatory compliance and an ever-shrinking budget. We take a systematic, integrated, multi-phase approach to managing risk, maintaining your compliance and protecting your network. Let SLPowers’ suite of Managed Security Services allow you to focus on your day-to-day operations, while our team of security experts manages the critical components of your organization’s security posture.