Many merchants will tell you that PCI compliance is time-consuming and a drain on resources that should be focused on attracting more business – there is even a well-established market of PCI consultants and businesses to hire.
The general sentiment is how to quickly and easily check the box. Monitoring and logging activity to create custom reports for the auditor is consuming; penetration testing is disruptive; and on top of this, a misperception is the idea that PCI is the security plan.
Unfortunately, recent breaches of well-known companies challenge this. PCI is important, but it does not mean PCI equals security.
The Value of PCI
The reality is PCI serves as a security foundation that is critical to the business, therefore, companies should leverage it to set the stage for their security strategy.
Furthermore, understanding how this compliance addresses specific security issues provides a deeper insight into a company’s threat vectors.
The box is there for critical purpose not to simply check. The recent PCI 3.1 speaks to the known vulnerabilities in Secure Socket Layers (SSL) and earlier versions of Transport Layer Security (TLS) protocols for encryption for data being transmitted – in particular Heartbleed and POODLE, both of which affect SSL/TLS implementations and can put payment data at risk.
I recently offered some guidance on PCI 3.1 based on our customer engagements. The value of PCI cannot be undermined or misrepresented; it’s a starting point for actionable security measures.
A Chance to Gain Better PCI Insight
There is more to offer you. We invite you to a webinar, “PCI Compliance: What Problem Are We Trying to Solve?” on Wednesday October 28th at 2 pm AEST (UTC + 10:00).
Join Mario Sist, QSA from Underwriter Laboratories, and David Bell, Systems Engineer from Tripwire, to learn what PCI compliance is really intended to help with.
In this webinar you will:
- Learn how PCI DSS fits into the security framework and understand why PCI should be important to your organisation.
- Understand the benefits of investing in a QSA.
- Learn how Tripwire solutions can make the job of the QSA and the PCI audit process easier, based on the recent findings of the UL white paper, PCI DSS 3.1 Compliance with Tripwire.
And an extra bonus if you attend live, you can earn one hour of CPE credit.
Title image courtesy of ShutterStock