As the PCI Security Standards Council prepares to release version 2.0 of the payment security guidelines on October 28, many are reviewing the Council’s summary of changes to prepare for the new guidelines. While the PCI DSS draft doesn’t outline any major changes to the requirements, mostly clarification and guidance, the biggest impact of the new changes will give merchants more flexibility in becoming PCI complaint. These new additions are a direct result of business owners and operators voicing concerns that previous versions eliminated alternative means of meeting requirements, and thus made it more difficult. What does this mean for merchants?

This means that while merchants may not have to make huge leaps in their modifications, businesses still need to be aware of the ways to meet requirements.  The following table provides the proposed changes.

Along with all of the edits to version 2.0, the Council has also decided to extend the PCI Security Standards lifecycle. The lifecycle, which is the time needed to develop a new version of the PCI DSS, has been changed to three years from the previous two-year cycle. The longer lifecycle will provide extra opportunities for more feedback, a more-friendly start date and longer lifespan for existing versions.

As version 1.2 ends and version 2.0 goes into in effect on Tuesday, January 11 2011, we will see what affect it  will have on businesses, merchants, QSAs and  PCI compliance and security overall. Look for my blog in November for a final overview of version 2.0.

Does PCI education really still matter? It’s a question that many middle managers and even some internal IT professionals are asking. After all, PCI compliance has become a pretty hot subject, and if you’re already in the tech world, you might wonder whether or not you even need to bother really learning much about PCI education.

The reality is that most people still don’t know the ins and outs of PCI compliance, and everyone in an organization has to work together to preserve security. For non-technical employees, this could simply be a matter of protecting their logon credentials and using strong encryption whenever possible. Any link in the chain that’s weak will cause the entire organization to be vulnerable to exploitation, and that’s never a good thing.

PCI education bridges the gap between ignorance of security policies and enlightenment through better security methods without making anyone feel like they’re part of the problem. When you’re trying to get your team on the same page, the last thing you want to do is assign blame. This will only make people feel attacked and less likely to embrace the training.

If you’re ready to step up to top notch PCI education, your next step is to contact an external PCI compliance consulting company and see about getting them to lead a class or two for your team today!

Even though most companies think first of physical security, the reality is that data security is just as important. Indeed, you will need to make sure that your company’s computer network is as solid as possible, especially if it’s also connected to the Internet. Although the Internet is a powerful resource that everyone can benefit from, the reality is that you will still need to really raise your company’s defenses against unauthorized users and other Internet-related security issues.

However, the reality is that a lot of companies don’t put everything they can into security they way they should. It’s not because they don’t want to — the reality is that not every company has the internal resources required to truly defend themselves against the massive amount of online threats.

However, the truth is that you don’t have to fight the good fight all on your own. You can get solid Internet security services that are automated, leaving you free to focus on other components of your business.

Where can you pick up a great set of Internet security services? Well, many companies that offer compliance-related consulting and data security assistance can help you shape the perfect security package — why not contact a company today and hit the ground running?

The financial consequences following a data breach can be truly astronomical for business owners. Card replacements costs, stiff penalties and lost of customers confidence can dramatically cut into a business’s profits.

As one of the biggest areas overlooked by business owners, not becoming PCI compliant can be damaging to the welfare of organizations. It is easy to see how the average cost of a data breach can quickly rise to over a million dollars when the cost of replacing a single compromised card amounts to more than $200, according to the Ponemon Institute. Then, businesses can also receive stiff penalties from not only credit card companies but even government institutions. The Federal Trade Commission is currently pushing legislation to mandate that companies take the correct steps to protect consumers and in certain cases, bringing cases against those who don’t.  Lastly, if customers don’t feel that you can safely protect their sensitive financial information; they will take their business to your competitors instead.

It is clear that increasing your security and becoming PCI compliant is as good as protecting your profits. SecureConnect is the most comprehensive solution to the overwhelming aspects of PCI compliance and network security. Our cost-effective packages are easy and flexible to integrate with your business. To protect your profits, contact SecureConnect today!

A new study conducted by Verizon Business has found there is a significant link between PCI compliance and a decrease in data breaches. The study, called the “Verizon 2010 Payment Card Industry Compliance Report”, found that PCI compliant businesses are less likely than those who aren’t to experience data breaches. In addition, 50 percent of all breached businesses were not compliant at the time of the incident.

Becoming PCI compliant and securing your network environment is the best defense against a data breaches. To make sure that your business is properly protected, it is best to choose a multi-layered system, like SecureConnect, that is able to adapt to your business while adhering to the newest regulations of the PCI DSS.

Within the study, companies struggled to meet three requirements that are also the most vulnerable to security breaches. The three requirements are

1. Requirement 3: Protecting stored data

2. Requirement 10: track and monitor access points

3. Requirement 11: regularly test systems and processes

However, by working with SecureConnect, you can receive all the necessary features and tools to become PCI compliant. Our firewall logging and reporting, which monitoring security threats and ensuring network protection, directly applies and meets requirement 10. Also, SecureConnect provides Intrusion Prevention and Detection systems, File Integrity Monitoring and certified quarterly vulnerability scanning needed to meet requirement 11. 

To find out more about our services and how SecureConnect can help you become completely compliant, contact us today!