SBN

A Potion for PCI Compliance

Click here to jump down to the infographic.

With the spooky season upon us, organisations must ensure they have all the right protections in place to avoid the common cybersecurity threats and scares!   Along with a sprinkle of ghost dust, the 12 requirements of PCI DSS compliance, and two pinches of troll’s teeth, we here at PCI Pal have identified the ultimate recipe for PCI compliance.  With 12 ingredients forming the basis of our potion, keep reading to find the vital secret thirteenth element. These 12 “ingredients” are the pillars of the 12 requirements for PCI DSS compliance set forth by the PCI SSC (Payment Card Industry Security Standards Council), but given a spooky twist:

  1. A spritz of firewall management
  2. A dash of vendor default controls
  3. A strong pour of data protection
  4. A hint of data transmission encryption
  5. A pinch of antivirus controls
  6. A splash of system & application security
  7. A toss of data access controls
  8. A sniff of personal access controls
  9. A twist of physical access controls
  10. A dollop of data and network access controls
  11. A splash of security testing
  12. A glob of an information security policy
  13. A heap of the special ingredient

What are the risks of non-compliance?

The risks of non-compliance are greater than a simple trick! If an organisation has systems that are compromised, and the business is found to be non-compliant, the organisation could face an assortment of punishments. The most immediate being severe penalties, lawsuits and legal costs, regulator fines, and higher bank fees. Residual harm could include brand damage, a drop in share price, and insurance claims. The time it takes to recover from compromised data within a security breach is debilitating for many organisations. We’ve seen that both insider and external threats don’t discriminate against the size of the business, no organisation is exempt from being a target.

How to secure against the scaries

To secure against the threats, these three steps should be taken routinely to ensure requirements are met:

  1. Assess – You must identify cardholder data and take an inventory of your IT assets and business processes for payment card processing, then assess them for vulnerabilities that could lead to a compromise of cardholder data.
  2. Remediate – You must fix any vulnerabilities and not store any cardholder data that you do not need.
  3. Report – The final step is to compile and submit compliance reports to the banks and card schemes you do business with, along with any remediation validation records if applicable.

Taking an annual risk assessment can help keep compliance top of mind. Also consider what new regulations, processes, and technologies may be at your fingertips to warn off the cybercrime ghouls! Regular updates are released by the PCI SSC and technology partners such as us at PCI Pal to help you remain educated with the most up to date information.

But what about the thirteenth ingredient for the ultimate protection?

With a plan in place to remain aware of the spooky threats, it’s time to shed some light on the thirteenth special ingredient. A PCI compliant contact centre solution. Often seen as the hardest component to reach compliance, securing contact centre payments have been a challenge for many organisations and an easy door to creak open for threats. With agents working remotely and in hybrid workspaces, 2020 is becoming the scariest Halloween yet!  By removing credit card data before it enters your call centre environment, you are effectively descoping your payments from the requirements of PCI DSS. So, ensure that the sensitive customer information never reaches your agents or infrastructure by passing card data from the cardholder through a secure cloud solution such as PCI Pal’s cloud solutions, and straight onto the payment processor. This means that call and screen recordings can continue to serve their original purpose without interruption, sensitive information handling no longer sits on the shoulders of the agent, and when it comes time for audit, and in case of breach, there is no information stored to steal.

Without a doubt, a special ingredient that grows with your contact centre and upcoming regulations, that scales and adjusts with your business, the ultimate protection from potential data security scaries!  To learn more about where you sit in your compliance journey, or to request a demo, connect with us via [email protected].


Save our Potion for Compliance infographic for a handy reminder of everything you need for PCI Compliance:

A Potion for PCI Compliance Infographics

The post A Potion for PCI Compliance appeared first on PCI Pal.


*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Nicole Von Seggern. Read the original post at: https://www.pcipal.com/en/knowledge-centre/publications/a-potion-for-pci-compliance/