PCI Compliance for 2013

With the new year, most people are making their resolutions, and taking a good, hard look at some of their personal habits. It also seems like a great time to focus on PCI compliance, if you’re within the banking industry or e-commerce. Verizon’s Data Breach Investigations Report for 2012 drew up some interesting figures worth taking a second glance at. 79% of breach victims were such out of opportunity. Having the vulnerability there and being easy to reach is much quicker for a hacker then choosing a specific target. A person or business doesn’t have to be large to be attacked, sometimes they just have to be easy to compromise.

Also, 96% of victims subject to PCI DSS were not compliant at the time of their breach. With many of the standards put forth being open to a certain amount of interpretation by the auditor, it can sometimes be difficult for a business to parse through the language and achieve compliance. What exacerbates the problem is businesses and auditors that aren’t thinking of PCI compliance as a series of risks and defences, but rather as a list of checkboxes they need to put a mark in. The changes made to PCI DSS in 2012 worked to mitigate that by adding the need for a risk based vulnerability assessment. The hope was that businesses start to think clearly and actively about what their risks are, and from there work to make sure they aren’t vulnerable to attack in the future.

It’s clear that merchants know they need to be secure for their customers as well as their reputation. Hearing some of the costs associated with breaches in 2012 (the Global Payments breach costing 84.4 million, or the SC Department of Revenue breach that costed the state upwards of $14 Million), adds emphasis to the point. And with more changes coming to PCI DSS in 2013, now is the best time to start working on compliance, or reassess processes that are already in place.

by Stephanie Vogel

For more inquiries on PCI Compliance please contact Tina Louise Penn at 888.413.9186