The Payment Card Industry Security Standards Council (PCI SSC) announced earlier this week that it will move to a three-year cycle related to its main security standards, allowing retailers more time to adopt them, Network World reports.
The next Data Security Standard (DSS) revision will be released this October as planned. However, the current version (1.2) will stay in effect until January 1, 2011 so merchants have more time to transition to the changes that are made. Future versions of the DSS, as well as the Payment Application DSS and the PIN Transaction Standard, will follow in these footsteps and move along a three year review and issuance cycle.
As Network World reports, Bob Russo, general manager of the PCI SSC said this of the changes:
“We’ve gotten feedback that people want this. It gives merchants more time to understand them. It gives us the ability to gather a lot more feedback, and consider market dynamics and emerging threats.”
Complaints have surfaced in regards to confusion over DSS requirements. Many merchants allege that the PCI DSS is far too comprehensive to follow, arguing that responsibility should lie with the card brands instead of business owners. Despite the complaints, merchants will have to surrender their objections and follow the requirements if they expect to continue running successful businesses.
The PCI DSS revision planned for October of this year is expected to provide guidance and clarification to questions that merchants have regarding some of the complex requirements. Following the new three year cycle, the subsequent publication will be released in October 2013.
If you have questions about PCI compliance and its standards, give us a call or send us an email! We can help you achieve compliance with convenience and ease.
Included on the list at #81 is “credit card data breaches.” Although it did not round out the top ten, its mere presence on the list proves that retailers and industry veterans are starting to take notice of the importance of network security.
An excerpt from the Top 100 list:
“As if retailers didn’t have enough to worry about, credit card data breaches are reaching crisis level, if only in the mind of consumers. A new Gartner study reveals that 7.5 percent of U.S. adults lost money as a result of financial fraud in 2008, mostly due to data breaches.
Making mention of the well known Heartland and TJX breaches, the list does not speak to the impact a breach can have on smaller merchants and single store business owners.
As large organizations make note of its importance, companies and their franchisees must begin to take action if they want to minimize the chances of a devastating breach. If you have questions regarding network security and your risk for a breach contact SecureConnect® for a free PCI consultation.
Blake Huebner, Director of Information Security at BHI SecureConnect®, was invited to spend some time discussing PCI compliance and how it relates to the restaurant industry.
Understanding both the time constraints and network complexities common in the restaurant industry, SecureConnect® has tailored its PCI solution to provide restaurant owners with the tools to achieve compliance with convenience and ease.
qsrbuzz™: How can restaurants evaluate their needs for a PCI compliance program?
Any merchant that stores, processes or transmits credit and debit cards accepts the responsibility of securing card transactions and must implement a PCI compliance program in his/her restaurant environment. Although needs vary slightly by a merchant’s level of card transactions, data retention and cardholder data environment, PCI compliance does apply to all businesses. Unless you only accept cash (which is highly unlikely for any business today), you will need to comply with the PCI DSS in order to secure your business, protect your customers and meet the requirements established by the Security Standards Council.
In addition to following general good business practices, merchants are required by their acquiring banks to comply with the PCI requirements. Non-compliance fines and penalties can be very costly for those that do not report their successful compliance. We encourage merchants to contact their acquiring bank for more information.
A recent article from Fast Casual calls security “the trend that restaurants should put at the top of their list.” Numerous studies have strengthened this argument, finding that the hospitality and restaurant industries have seen an increase in security breaches within the past couple years. The Payment Card Industry Data Security Standard (PCI DSS) is in place so credit card brands like Visa and MasterCard can monitor and stipulate security requirements among restaurant owners. Simply stated, the PCI DSS provides guidelines for proper storing and handling of credit card data.
The biggest concern, however, is the misconception surrounding the PCI DSS and security in general. Many restaurant operators have falsely reported compliance, believing that a flick of the pen signifies innocence and deflects responsibility. Despite the size or scope of your restaurant, the PCI standards are required by credit card brands and acquiring banks; ignoring these standards could lead to significant fines and even worse, a security breach within your restaurant.
It is important to understand that proper security will help you achieve compliance, secure your business and protect your customers. The scope of PCI extends to anything or anyone that touches your payment card environment. This most commonly includes, software (i.e., digital menus), hardware (i.e.,POS systems, back office computers, etc.) and employees. Taking precautions as a proactive measure is the only way to minimize your risk of suffering a security breach.
Although PCI compliance may seem overwhelming, SecureConnect® has helped many restaurant brands and franchisees take steps to achieve both security and compliance. We encourage you to contact us for a free PCI consultation.
Most security guides advise companies to set up a strong firewall in order to make sure that access control is strict at all times. Indeed, a well configured and managed firewall can make all the difference between a secure system, and a system that could be attacked and breached rather easily.
If your organization already has a firewall protecting the network, it can be easy to feel like all the hard work has already been done. However, this is not the case at all — you will need to look at the firewall and make sure that there are no vulnerabilities in the system. For example, if a firewall stops blocking a certain port, it can be disastrous for the network as a whole if an intruder uses that weakness to invade the entire system.
Securing your firewall starts with looking first at whether or not there are any holes that need to be addressed. This means that a good vulnerability assessment is truly worth its weight in gold, as long as you take action on the results it provides.