The E3 Blog

PCI DSS: It’s Just the Beginning

by Gayle Hoskinson | Wednesday, August 4th, 2010

Payment Card Industry Data Security Standard (PCI DSS) compliance is just the beginning of creating a strong data security environment. The PCI DSS introduces the various facets of security and provides merchants with an overview of the security elements they have in place, those they need to tweak and those that must be added to provide the security needed to protect cardholder data and their businesses. Becoming PCI DSS-compliant is accomplished with two tools: the Self-Assessment Questionnaire (SAQ) and the vulnerability scans for merchants who use internet connectivity in their businesses. 

The SAQ is a group of questions that point out many of the necessary avenues for creating a secure business as well as any deficiencies in a merchant’s current environment. The questions cover the policies and procedures in place for employees, system security measures and many other areas that may not initially be thought of as important to security.

The vulnerability scans are required on a quarterly basis for merchants who have internet connectivity.  The purpose of the scans is to determine how easy it would be for someone to hack into a merchant’s business. Identifying these vulnerabilities is the first step in correcting them.

Merchants who complete the SAQ, vulnerability scans and address any issues raised during those processes are much better prepared against an intrusion than those who have not. A hacker is more likely to be successful with a location that has not taken the steps to be PCI compliant. The questionnaire is just a list of questions, but contemplating each one — and preparing to be able to  answer ‘yes’ to each one — helps increase awareness of security and its importance.

The same is true for vulnerability scans. While the scans check for 30,700+ known vulnerabilities, they are not true penetration tests. No one is actually trying to penetrate the system during the scans … nor are the 20 new vulnerabilities that are discovered each day being reviewed — but again, they increase security awareness. Merchants who complete these scans know their systems are not as vulnerable as others who have never completed a vulnerability scan. 

To maintain a secure environment, merchants must consider security in everything they do. Following the PCI DSS validation process is a great start in securing a business and lays the foundation for incorporating security in all business practices. However, as recent data breaches suggest, PCI compliance alone isn’t enough to prevent intrusions. Enter enhanced security technologies — like end-to-end encryption.

Leave a Reply

 
You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue