Tis the season for holiday shopping. That’s good news for retailers, but it’s also good news for cyber-criminals looking to capitalize on the larger number of transactions that are typical this time of year. Each year, and especially around Christmas time, hackers steal credit-card information from companies. Not only can this kind of data loss lead to thousands of dollars being stolen from customers (dollars that the company will be held liable for) but the negative reputation that stems from losing customers’ credit card information will cost many thousands more.
To protect consumers and business alike, the major credit card companies came together to establish the PCI DSS 3.0 standards. These standards apply to any organizations or companies that store, process, or transmit credit card data. If you aren’t compliant with this standard, you may be subject to fines or other penalties. But worst of all, you’re at a higher risk of becoming a victim of credit card data loss.
Here are some tips for staying extra safe this holiday season.
Know the regulations
The PCI DDS 3.0 standards include 12 major requirements and approximately 200 sub-requirements. It’s a lot to keep track of but business owners would be wise to at least familiarize themselves with the most important requirements which include:
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability and management program
- Implementing strong access control measures
- Regularly monitoring and testing networks
- Maintaining an information security policy
Automate compliance checks
Most businesses only check that they are in compliance periodically. This opens them up to cyber-attacks in between those compliance checks. Businesses can greatly reduce the risk of having cardholder data stolen if they automate compliance checks so that they’re always protected.
Invest in managed security services
The safest option of all is to invest in managed security services. This is an especially good option for small to medium-sized businesses that don’t have the resources to hire and staff a cyber-security team that will be responsible for keeping the company in compliance with the PCI DDS standards. By outsourcing cyber-security to a managed security provider that is already compliant with the 200 or so regulations set by the major credit card companies, smaller businesses can turn their attention to other matters and rest assured that their customer’s credit card data is kept safe and out of the hands of would-be cyber-criminals.
Source: Security Intelligence