If you already know about PCI Compliance but are yet to take action then you need to really understand why the importance of PCI Compliance and how it can save you money and make you money.
The Payment Card Industry Data Security Standard (PCI DSS) is a collaborative effort to achieve a common set of security standards for use by entities that process, and store payment card data. There has been a lot of talk about how effective PCI Compliance is and will it really protect you and your customers. What you need to remember is that PCI Compliance is not the end all of security. Security is a mindset and nobody can ever say that they are perfectly secure. PCI Compliance is the first step to building up your security by following the current security standards and scanning your servers for vulnerabilities.
Here are some great statements by Michael Dahn of PCIAnswers.com about Compliance vs. Validation and Compliance vs. Security:
“There is a difference between ‘compliance’ and ‘validation’. Compliance is a state of being, one that must be maintained at all times. Validation is a point-in-time check on that state of compliance. The example I give is auto insurance. In order to comply with state laws I must maintain auto insurance at all times. When I go to register my car I have to show proof of insurance. I am validating my compliance with the law. What if I decide to cancel my insurance because it costs too much? Am I still compliant? No. Now, I still validated, but remember validation is a point-in-time while compliance is measured day by day.
Another thing to remember is that compliance, even the continuous state of compliance, does not equal security if not done right. If a company focuses on check box compliance and doing the minimum they may be able to complete the baseline audit, but does that mean they are properly managing their risk and protecting payment card data? Let me explain, I’ve asked many people, “can a firewall be used to segment a network?” Everyone agrees YES, but they are wrong. Only a properly configured firewall can segment a network. So if I check the checkbox saying that something is out of scope of the audit because it is segmented off, the question remains: was it properly segmented? Did you really eliminate known attack vectors?”
So ask yourself what your mindset is and where you are with the PCI Compliance and security realms of your business. Becoming compliant and secure takes time and some money, let’s be honest. The amount of money and time you spend will save you in the long run and here is why.
• First of all if you are hacked and something does happen with your customer’s personal and private information you could potentially be liable for the money and information lost. Also imagine the PR nightmare.
• Next think of all the sales that you are missing out on by providing trust and confidence to your visitors because you are not showing them that your site is secure and that they can trust you.
So keep all of this in mind when you are reading and pondering PCI Compliance. A suggestion would be to work with a company that can help start the process to become PCI Compliant like vulnerability scanning. A company that I would suggest is Trust Guard PCI Compliance Scanning.
Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Clik here to view.
