Businesses that store, process or transmit credit card data must become compliant with PCI DSS 3.0 (version 3.0 of the Payment Card Industry Data Security Standard). The updated requirements will became mandatory as of January, 2015 and companies are expected to be compliant as of July 1, 2015. This gives merchants a few short months to learn how to become compliant.
Basically speaking, e-commerce businesses that re-direct customer to third parties for payment card data collection and third party service providers themselves are facing a new array of technical controls. Certain redirected scenarios, such as those using direct posts and side scripts, mean merchants will deal with many security controls including penetration testing, firewalls and more. The bottom line is to enhance payment card security.
Recently Network World reported merchants that redirect customer to third party can have such redirects hijacked. More than half the assets targeted in 2013 were e-commerce attacks. As a result, it has become a top priority to boost security. The new protocols will also help merchants to better protect the other valuable personal data that is frequently attached to payment card information.
Many retailers and restaurants outsource network, point-of-sale and system management to third party service providers. It is important for the provider to adhere to the most stringent security practices so the door is never opened to criminals. In accordance with PCI DSS 3.0, all such providers must state which controls they will address and which ones the merchant will be responsible for.
According to Tech Page One, is important to ensure physical POS hardware is secure. The effectiveness of network segmentation should be tested. Service providers must prove their commitment to maintain proper security of cardholder data obtained from its clients. A key factor is to have business contracts updated to reflect this crucial acknowledgment.
An example is the updated standard requires third party service providers use a unique password for each merchant they connect to remotely with dual factor authentication for such connections. This helps to eliminate a cookie-cutter approach that makes it easier for hackers to access sensitive information. A more complex protocol can deter hackers or at least make it more difficult to access personal data.
With just a few months left, now is the time to begin implementing these requirements to be compliant with PCI DSS Version 3.0. Businesses must first determine where they have valuable data and verify updated security services and technologies are implemented to prevent attacks. As cyber criminals become more savvy, merchants must take steps to ensure the data they collect is properly processed to protect themselves and their valued customers.
A secure environment makes customers feel more comfortable to do business with certain merchants, Security breaches can cause corporate profits to plummet. Many companies are providing updated PCI training through online courses and customized programs offered by e-learning educators. A short training session can go a long way in protecting sensitive credit card information and a company’s reputation in the future. Training courses also help companies pass a mandatory audit in the future.