When businesses don’t apply software patches from vendors, they open themselves up to attacks, which can lead to devastating data breaches.
Often, software has flaws or mistakes made by programmers when they wrote the code. Hackers exploit these vulnerabilities to break into computers and systems and steal payment data.
Vendors regularly issue updates known as patches to fix software vulnerabilities. Timely application of these software patches is a payment data security essential for businesses. In order to apply patches quickly, it is critical to know how software is updated with patches and who is responsible for updating it.
To minimize the risk of being breached, businesses should find out which vendors send them patches, talk with them to make sure they receive patches, and apply patches to their systems as soon as they receive them.
The PCI SSC Questions to Ask Your Vendors resource can help merchants with identifying which vendors send them patches. Vulnerability scanning tools provided by PCI Approved Scanning Vendors can also help businesses automatically search their networks to find vulnerabilities and report when patches need to be applied. Additionally, merchants can refer to the PCI Qualified Integrators and Resellers list for companies and individuals that have been trained by PCI SSC on patching and other payment data security essentials.