Breaches in card processing security are in the news all the time. Even the largest payment processors are not immune from attack.
The rewards of a successful breach are enticing for cybercriminals. Millions of card numbers can be stolen at one time. Cards are used to buy goods which are shipped out of the country before card owners are aware that a security breach has taken place.
For organizations that are not in compliance of with PCI-DSS security standards, the downside of security breaches are onerous to consider. Organizations can be held financial responsible for losses. And reputations of businesses can be ruined and consumer trust eroded.
Companies that are serious about protecting business operations must make card holder security a number one priority. And security standards apply to every aspect of the company.
Following is an excerpt from Version 1.2 of PCI-DSS security standards:
"The PCI DSS security requirements apply to all system components. 'System components' are defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, application, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (Internet) applications.
"In addition to the network, server and application components noted above, every single laptop, backup tape, point-of-sale (POS), POS terminal, and so on, which process, transmit, and/store cardholder data, are in-scope for your PCI assessment. Also in-scope: Every location which processes, transmits, and/stores cardholder data (whether printed or electronic), along with every individual (whether employed by your organization or a third-party) who views, touches and works with the systems in-scope."
PCI compliance is vital to protect your payment processing accounts. Most merchants offload the heavy lifting of compliance to their processing gateway. Thereby, reducing the time, effort and expense required for payment processing compliance.
Interesting in finding out how you can protect your business?
Contact firstname.lastname@example.org today