I was on Tim Whitehorn’s blog site on Electronic Payment Security this past week. Whitehorn is the founder and CEO of ServiceU Corporation, a Level 1 Payment Card Industry Service Provider, so he has first-hand experience with just how demanding PCI compliance is becoming.
In a recent post, Visa Issues Alert and Steps Up PCI Enforcement, Tim shared that Visa, in conjunction with the US Chamber of Commerce, has published an alert that identifies the leading causes of data breaches.
The five leading causes of card-related breaches are:
1) Storage of mag stripe data
2) Missing or outdated security patches
3) Use of vendor supplied default settings and passwords
4) SQL injection
5) Unnecessary and vulnerable services on servers
Recent news stories make it clear Visa is going to be vigilant in ensuring merchants and service providers comply with PCI data security standards.
Robin Sidel, of the Wall Street Journal, reported that, beginning October 1st, Visa began focusing on compliance among its largest US merchants – a total of 334 merchants who collectively represent nearly 50% of Visa’s annual US volume. The GreenSheet reported that Visa has already cited approximately 20 level 1 merchants with fines ranging from $10,000 to $100,000 per month for failure to comply.
It is clear that Visa and all of the other major credit card companies are serious about ensuring merchants and service providers implement controls in their IT infrastructure to protect consumers and their privileged credit card information.
I’ve spent a great deal of time reviewing PCI Data Security Standard 1.1 released in September. I’ve taken my findings and created a four-part web presentation detailing each of the 12 requirements and how you can ensure you are prepared to pass your next PCI DSS audit.
After you’ve viewed these presentations, I’d like to hear your feedback.
For more information about PCI DSS and compliance issues, check out our blog:
http://datasecurity.wordpress.com/
Posted by: Datasecurity | November 07, 2006 at 05:45 PM