Every security professional I know has looked at the stories that have emerged and thought about the risk of having their own organization in these headlines. For a moment, just imagine having your company's name in these data breach headlines. Do you really want that damage to your brand and reputation?
We know that the ramifications of these events are immense, with the potential to affect everyone in the payment chain. There are financial costs, brands lose goodwill and loyalty, and there can be a tremendous hardship placed on consumers whose sensitive personal data may have been compromised. In order to protect against such instances, we must continually evolve the measures and safeguards designed to secure sensitive payment data.
In September 2006, the PCI Security Standards Council was formed to help educate the payment card industry about the importance of securing customer and transaction data. We listened to the merchants, acquirers and vendors and recognized that there were implementation challenges and evolving security threats that needed to be addressed in an updated standard.
Subsequently, the PCI Data Security Standard (DSS) version 1.1 was released. Updates in version 1.1 of the DSS responded to feedback from the marketplace. As we look to future revisions of the DSS, incorporating a feedback component and allowing impacted organizations to provide comment will help us further strengthen the standard.
I see a growing awareness of the PCI Data Security Standard and its role in preventing breaches, but not a lot of people are knowledgeable about how it works.
So how do we evolve the Standard to anticipate and counter emerging threats and evolve to reflect the market challenges?
The short answer is: we need your help.
Right now, to make the standard more about the marketplace, the PCI Security Standards Council is engaging its participating organizations: industry merchants, vendors, electronic funds transfer networks, point of sale application developers, banks and other stakeholders with a regional and global view in this diverse business.
For the industry to effectively protect the payment chain, it is going to require very specific feedback from all types of organizations around the world.
30 SECONDS ON...
What can you do?
Seana Pitt encourages you to get involved by visiting the organization's website: www.pcisecuritystandards.org for more information about the PCI Security Standards Council and its role in evolving data security.
Learn about standards
It's not just a matter of knowing the regulations. Know how your system works, says Pitt. Don't store magnetic-stripe data, PIN (personal identification number) data and CVV2 (card verification value) codes.
Map the road
Become a participating organization and attend Council meetings and information sharing forums, says Pitt. Participate in the feedback process on the Data Security Standard and send the Council your questions.
The first step
Pitt says to influence the Standard, you first have to have a seat at the table. "Your customers are expecting you to keep their data safe. We all need to play a role in evolving the security necessary to protect sensitive account data."