It’s been shown that organisations who have had a credit card data breach showed lower than normal compliance with a number of PCI DSS controls, this highlights the need for enhanced security compliance and the need for greater market education regarding the services and technologies available which can reduce the costs, risks and lead times associated with compliance projects.
While compliance is no guarantee you won’t be targeted by hackers, it greatly reduces the likelihood and has also been shown to reduce the financial damages— that’s why the PCI DSS exist.
Any organisation that needs to be PCI compliant must firstly understand the scope of the problem (i.e. the number of unprotected cards and their locations), following compliance certification its also essential to ensure that companies doesn’t slide back into a less secure none compliant state, these are the key reasons why advanced scanning services are becoming essential in achieving and maintaining compliance. It’s important to remember that the standard does not allow for storage of card holder data (CHD) in an unencrypted manner.
In payment security, just like any other security initiative, it is important to remember this: you can’t secure something unless you first understand it. Most businesses believe they know what is in their systems and databases, but few are aware of what’s really in there — as well as what’s in other network locations.
The process of cardholder data discovery is used by organisations to analyse the contents of workstations and servers including memory storage on retail POS systems to verify no credit card details are stored without appropriate security.
The concept follows an important rule within PCI DSS 3.1 (the latest standard) which requires organisations to first understand what credit card data is being stored, remove any data that is not required and then take action to secure the remaining data.
The only real way to be sure there is no Card Holder Data lurking around (intended or unintended) in your environment is by a thorough search using a comprehensive software platform that looks for card data in File Systems (Workstations, Servers, File Shares, NAS, SAN etc) and Databases (SQL Server, Oracle, MySQL, Postgres, Sybase, MS Access etc).
Several studies have shown that looking for unencrypted credit card data at rest plays a vital role in protecting customer payment data. The price companies’ pay for skimming on data discovery assessments can have profound ramifications for their brand, business success and can ultimately have fatal financial repercussions.
Having the right scanning platform can be a huge step to help promote customer data protection and prevent your business becoming yet another data breach headline, it also significantly reduces the cost of compliance by reducing the risk of misallocated financial & human resources. Remember to scan for card data stored on smartphones, tablets, laptops or other BYOD computing endpoints.
To find out how IP Solutions can help you with the latest technologies to protect your credit card and other data, book in a demonstration here. Or Download your free copy of “Protecting your business from cyber-attacks using credit card scanning.”