ANTenna Blog -- Security
PCI Compliance Questions? You're Hardly Alone.
Posted by Keith Ferrell Thursday, Feb 26, 2009, 10:59 AM ET
The more companies breached, the likelier we are to hear more clamor for for tighter, stricter, tougher compliance standards for companies handling customer credit card information. But some feel it will take a lot more breaches before standards get a lot tighter.
The effects of the massive Heartland payment processing breach as well as other high-profile data breaches involving customer credit card and other confidential information, continue to be felt, and not just by customers whose data got compromised or, for that matter, the companies that allowed their data to be hacked.
The buzz-o-sphere, in fact, is, well, buzzing with chatter, speculation and rumors about the steps needed to tighten the Payment Cards Industry (PCI) standards intended to keep (or help keep) data from being compromised in the first place.
A lot of the speculation wonders if it will take even more breaches before the payment processing industry enacts heavier duty standards, such as end-to-end encryption practices.
That these sorts of questions are being raised just weeks after the latest iteration of the PCI standards went into effect is a good indication of how tricky the task of creating effective standards is.
A precis of the current PCI standards is here.
As standards go. these go a ways, as intended, toward establishing the minimum requirements businesses that handle customer account information must meet, but some attention should be paid to that "minimum" modifier.
To pick an example not quite at random, the opening requirement -- Build and Maintain a Secure Network, includes the requirement that companies "Install and maintain a firewall" to protect cardholder data on the secured network.
So far so good. But the devil's in the details, and the details are what the hackers get in through or around). Once that firewall is installed, the maintenance part of the standards gets pretty lax, requiring that firewall and router rule sets be reviewed "at least every six months."
Twice a year? At least is exactly right, though one suspects that irony wasn't what the standards council had in mind.
That said, the standards are at least a good beginning place, and if your business handles customer credit card data, you're well-advised to be familiar with them, and to make sure that your network meets them.
Just check your firewalls more than a couple of times a year, will you?
The PCI Security Standards Council is here.
A good PCI resource, the PCI Knowledge Base is here.
Security
Business & E-Business
| Finance/Accounting
| Finance/Banking/Insurance
| Retail
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
- Phone Systems Guide - What kind of phone system is right for your business
- Web Design Guide - What to look for in a Web designer
- Merchant Services Guide - Credit card processing and more
- Online Marketing Guide - Leverage the Net to market your business
- Alternative Financing Guide - How to find the cash your business needs
- View all guides
Explore ANTenna Blog
Most Recent Posts
- Verizon Introduces 'Security-As-A-Service' Packages
- Why Google Buzz Could Be A Bust For SMBs
- Nasuni Offers Cloud-Based Primary Storage
- Automobiles: The Next Network Security Challenge?
- Cachengo Rolls Out Appliance + Cloud Storage Option
ANTenna Blog Topics
- Apple
- Backup
- bMighty
- Business & E-Business
- Business Continuity
- Cloud Computing
- Company Size: 1,100-1,500
- Company Size: 250-999
- Company Size: 50-249
- Company Size: 1-49
- Disaster Recovery
- Economics
- Education
- Entrepreneurs
- Finance/Accounting
- Finance/Banking/Insurance
- Government
- Green Business
- Hardware & Software
- Healthcare
- Hospitality
- How-To
- HR
- Imaging How-To
- International
- Internet/Web
- iPhone
- IT
- Linux
- Management
- Manufacturing/Mining
- Messaging
- Mobile
- Networking & Communications
- Non-Profit
- Open Source
- Operations
- Piracy
- Printers/Printing
- Professional/Creative Services
- Retail
- Unified Communications
- Sales/Marketing
- Start-Ups
- Security
- Server How-To
- Services
- Social Networking
- Software-as-a-Service
- Storage
- Strategy/Analysis/Biz Dev
- Technology/Telecom
- The rANT
- Transportation
- Travel
- Windows
- Web 2.0
- Women in Business
ANTenna Bloggers
ANTenna Blog Roll
- ANTenna Archive
- Ars Technica
- Business Know-How
- ChannelWeb Hot Topics
- ChannelWeb The Chart
- Datamation
- Duct Tape Marketing
- The Entrepreneurial Mind
- Freakonomics
- GigaOmNet
- Guy Kawasaki
- Inc.com
- IT Organization Management
- IT Manager's Journal
- IT Toolbox
- LifeHacker
- Mashable
- MonkeyBrains
- Network Computing Blog
- Scott Berkun
- Search Engine Land
- Search Engine Watch
- SmallBizResource
- SmallBizTechnology.com
- SmallBusinessHub
- Small Business Trends
- TechCrunch
- Technologizer
- Tech Republic
- The Secret Diary of Steve Jobs
- USA Today Small Biz Connection
- Valleywag
- Walt Mossberg Feed - All Things Digital
- Web Worker Daily
- WorkHappy.net
- WSJ's Business Technology
InformationWeek SMB email newsletter!
Browse by Category
IW SMB Tech
Term Of Day:
Boost your tech
vocabulary!
InformationWeek SMB's
TechEncyclopedia
defines more than
20,000 IT terms.
FREE Technology Services Locator!
Search our database of 200,000 solution- provider locations by business activity, technology, vertical market, and customer size. Find a technology partner NOW.
go
|
