PCI Compliance Measures with Data in the Smartphone Era

| April 24, 2015

Every year data security breaches reach new all time record highs in the US. The threat of cyber security and the vulnerability of our data in the hands of business is reaching ever more critical levels. Estimations at the total number of individually affected records across all industries has reached 675 million. Over 30% of these data breaches affected the business sector directly. These have included some high profile names in business such as Target, P.F. Chang’s, and Goodwill Industries.

credit card hackers

credit card hackers

Business Compliance

Merchants and business are fighting back and becoming more proactive about their data security. Payment card industry compliance and security standards (PCI) are being highlighted and reviewed like never before according to industry security experts. With mobile payments beginning to enter the mainstream, it more vital than ever that businesses who process financial payments get their security correct. But why is it becoming increasingly easy for hackers to find the vulnerabilities that lie inside business networks when security software and hardware is more advanced than ever before? The Security Standards Council offer a data storage do’s and don’ts factsheet that should help you.

PCI compliance

Originally introduced by the major credit card companies, PCI standards are becoming stronger and more detailed in their fight against cybercrime. However like with all standard initiatives in business, compliance is the key to success. Its when companies don’t comply with these recommendations and legislation that huge data breaches take place. There is usually a heavy fine to pay for any companies that are found to be in breach of PCI standards. Sometime this type of fine can run into the millions. A simple approach used by many hackers to gain access to vulnerable networks is to access routers, where the default password has not been changed. This might seem like a low security issue, but to a hacker with sophisticated knowledge of networks and permissions, this is a backdoor sitting wide open.

Security Vulnerabilities

Billions of dollars of fraud takes place in North America. If you look at credit card and identity data fraud on a global scale, that number multiples significantly. Its this possibility of fraud on a grand scale that is the holy grail for hackers who are always searching for security vulnerabilities. Delego Software Vice President Richard McCammon has commented that hackers are targeting business that don’t have controls and security in place with their e-commerce operations. This tactic may appear to give hackers the upper hand, but it shouldn’t be considered that data breaches are just a fact of life. There are easy steps every organization can take to secure themselves against unwanted attacks.

Adapting in Business

Data breaches should be the centre focus of any business process, merchant marketing, or security initiatives used. If you make your business a difficult target for hackers, they will quickly get the message and move on to another easier target. Head of Security and Identity Management at SAP, Gerlinde Zibulski thinks that all business have within them the ability to prevent data breaches and hack attacks thanks to the advancements that have taken place in cloud computing over the past few years.
Deploying cloud applications and using the cloud to store and handle data is a much more secure and easier to control method of data handling than using on premise software, and local storage methods.

Future Security

The banking industry is one key industry that is targeted by hackers. There are many vulnerabilities along the lifecycle of a transaction from the initial payment by the buyer to the final credit taking place in the merchants account. Banks are not communicating with merchants proactively, and in some cases not providing them with fast access to support staff. The gateways for payments and the process used are not properly adhered to PCI standards in many cases. For some business they view the PCI compliance as unnecessary paperwork, and fill it in without any real implementation or understanding of the recommendations. There is much fanfare with technology that is being introduced through the smartphone payments wave that is coming. Tokenization technology is used by Google Wallet, and Apple Pay to bypass traditional methods of credit card transaction, and instead transmitting disposable transaction numbers for each of the purchases that the companies process. The numbers can’t be reused again, so if a hacker manages to somehow get a collection of them they are useless.



About the Author: