As an official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages.
Don’t prioritize security? It’s not a matter of if you’ll get hacked, but when.
Cybercrime costs 2.3 trillion pounds annually, or well over $2.8 trillion USD. As long as there’s money to be made we can expect criminals to continue their attacks on businesses worldwide. Whether you are a CEO of a Fortune 500 company, or the owner of a small business- any organization that handles cardholder has the obligation to its customers to prioritize security at every level of their organization. If your organization doesn’t have security baked into its DNA, it’s not a matter of if you’ll get hacked, but when.
That’s why building a culture of security- one that is layered and prioritizes people, process, and technology- is imperative in today’s rapidly evolving payment ecosystem.
People Criminals will always seek the path of least resistance- whether it’s an unchanged default password, unpatched software or a phishing scheme. Every person in your organization- whether they directly handle cardholder data or not- needs to be properly trained in security basics.
PCI Council Resource: Best Practices for Implementing a Security Awareness Program provides additional recommendations for educating staff on protecting sensitive payment information.
Process Unfortunately, too many organizations view security as a point-in-time activity. Criminals seeking to breach your organization don’t take a day off and neither should your security processes. Prioritize your efforts to reduce risk and increase security, every day, year-round, not just at assessment time.
PCI Council Resource: Best Practices for Maintaining PCI DSS Compliance will help organizations ensure ongoing security for cardholder data.
Technology Organizations need to use technology to make the data worthless to attackers. Used together, EMV chip, tokenization, and point-to-point encryption render cardholder data worthless. This layered approach will protect customer data even if a criminal manages to breach other controls.
PCI Council Resource: Approved PTS Device Listing will help you choose a payment terminal and devices which have been validated to the PCI PIN Transaction Security standard.
The importance of creating a culture of cyber security cannot be understated, which is why the latest version of the Data Security Standards requires that organizations establish responsibility for the protection of cardholder data and the PCI DSS compliance program at the executive management level. A layered approach to security will better protect your customer’s cardholder data.
Visit the PCI Council’s document library to access these resources and more: