PCI Compliancy and the Credit Card Conundrum
It’s a fact of life for businesses that they must accept credit cards for payment. Even more so with the move to the “always on” omnichannel. However, credit cards come with their own sets of worries, namely the associated set of fees for processing and staying compliant with the mandatory Payment Card Industry Data Security Standard (PCI DSS).
However, just because a company is complying with PCI DSS doesn’t necessarily mean they won’t get breached. Just ask any of the companies in the news over the past few years who, despite security precautions and PCI compliance, suffered significant breaches and had large amounts of credit card information stolen.
The goal of PCI DSS is a good one—to protect both cardholders and merchants from the damaging effects of data breaches and theft. However, with over 300 controls to address, the effort to comply is complicated, and potentially costly, for businesses of all sizes and industries.
An industry-accepted best practice to help reduce the cost and effort of compliance is to shrink the scope of PCI compliance. Logically, keeping the cardholder data environment (CDE) as small as possible by minimizing the systems that touch cardholder data, shrinks the size of the compliance and audit effort, in turn reducing cost and complexity. The question is how best to shrink the CDE, especially given multiple channels of sale?
Does EMV cards help with PCI compliance?
EMV chip technology, named after the original developers (Europay, MasterCard, and Visa), offers enhanced anti-fraud capabilities compared to traditional magstripe cards at the physical point of sale. However, EMV alone doesn’t satisfy PCI requirements or reduce PCI scope. While it protects against counterfeit card fraud, it does not protect against malware and hacking, which aim to steal primary account number data between the card reader and point-of-sale device or from other security gaps in the payment ecosystem.
Using Data-Centric Security to Shrink PCI Compliance Scope
What if there’s a better way to comply with PCI DSS that saves time, money, and effort—while doing a better job of protecting your data at the same time? A new ebook from the CyberEdge Group titled Using Data-Centric Security to Shrink PCI Compliance Scope does just that. It provides insight into how IT and security professionals can help their companies both shrink their PCI compliance scope and costs, and improve data security across the omnichannel landscape.
The credit card conundrum and what to do about it
This eBook discusses the credit card conundrum, how to minimize PCI compliance efforts and costs, how to shrink scope reduction with tokenization, what data-centric security is and how it helps in an omnicannel business, and finally how companies can maximize data protection and return on investments. Further, readers will learn about second generation technologies such as Format-Preserving Encryption (FPE), Secure Stateless Tokenization (SST) and Page-Integrated Encryption (PIE) and how these solutions bring unique capabilities to solve customer challenges around meeting PCI and omnichannel requirements.
Download Using Data-Centric Security to Shrink PCI Compliance Scope, a best practices guide to reducing compliance costs while improving security for omnichannel business from the CyberEdge Group.
About CyberEdge Group
CyberEdge Group is an award-winning research, marketing, and publishing firm serving the needs of information security vendors and service providers. Our highly experienced consultants have in-depth technical expertise in dozens of IT security technologies.