CNP Expo: PCI – Baseline, Not Failsafe
May 19, 2015
The message to attendees at a late-afternoon session of the CNP Expo in Orlando, Fla.? Know your data, who can get to it and where it is. With 80,000 malware variants published daily, businesses must answer those basic questions as they try to comply with new PCI security standards, panelists agreed.
“The first important step is making sure somebody’s in charge of finding out where all the data is,” said Gary Glover, director of security assessment at SecurityMetrics. Glover advised that companies establish the importance of security. “It really is something that needs to be emphasized all the time.”
A merchant should put data-storage information in writing to be sure of what is being done to meet security standards and also to be sure nothing has been forgotten.
“Part of it is building a security culture within the organization,” panel moderator Tony Leach, CTO of the PCI Security Standards Council, said.
While the PCI security standards and terms are very technical and intimidating to those who don’t understand them, ignoring them comes with dire consequences.
“If you go into a business and you’re talking in all technical terms, they’re just going to shut down,” said Kelly O’Brien, owner of K&S Assoc., a PCI compliance consultant. “PCI compliance isn’t just a checkbox. You have to be compliant every day.”