Getting information on PCI DSS 3.0 compliance

Risk management specialist, Agiliance, has responded to the introduction of the latest credit card security standard with a Content Pack designed to help Businesses understand their new compliance needs

  • 10 years ago Posted in

Changes to the regulations surrounding the Payment Card Industry Data Security Standard (PCI DSS) could have a significant effect on how businesses manage their online security. The key change is that proving their security capabilities becomes a continuous process rather than an annual security audit.

That, in the view of Agiliance, a US-based provider of integrated Risk Management solutions for operational and security programs,  means one thing above all – that businesses working with customer credit cards need the right information on how to be compliant with the new regime. That is why it has today announced the release of the Agiliance Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 Content Pack.

This is geared to the new PCI DSS 3.0 information security standard, and provides organisations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and point-of-sales cards, with the guidance and best practices to increase controls around cardholder data to prevent data breaches and reduce fraud.

“One of the most significant changes introduced with PCI DSS 3.0 is the concept of making compliance a daily event, instead of an annual check-box fire drill to comply with an audit”

In light of recent data breaches at Target and Neiman Marcus, which resulted in the theft of personal and credit card information belonging to hundreds of millions of consumers, retailers are expected to accelerate their adoption of the enhanced information security standards outlined in the November 2013 release of PCI DSS 3.0.

However, implementing the new guidelines will be challenging since PCI DSS 3.0 mandates that retailers replace the current periodic `check-the-box’ approach to compliance with continuous security monitoring.

Furthermore, PCI DSS 3.0 extends the mandate’s scope of coverage to include any part of the IT infrastructure that is connected to or can affect the security of the cardholder data. This change creates a big security data challenge since the number of assets that need to be monitored will increase significantly.

The Agiliance Content Pack provides a framework to implement and maintain effective information security processes and internal controls. It’s goal is to minimise the risk of failing to conform to the PCI DSS 3.0 standards, which can result in hefty fines, class-actions lawsuits, and reputational damages. The content pack covers all technical and operational requirements, as well as guidance related to shared hosting providers.

These include building and maintaining a secure network and systems; protecting cardholder data; maintaining a vulnerability management program; implementing strong access control measures; regularly monitoring and testing networks; maintaining an information security policy; and protection for the shared hosting providers’ cardholder data environment.

The Content Pack can be used with Agiliance RiskVision, which provides a comprehensive view of an organisation’s PCI compliance posture to minimise the risk of data breaches. Using this,  organisations can gather, score, and review their data- and survey-driven control assessment results to identify and remediate control gaps that can be exploited by hackers.

Its data automation and correlation capabilities enable organisations to more quickly and easily conduct continuous compliance assessments and cover a far broader scope of their infrastructure without adding additional staff.

“One of the most significant changes introduced with PCI DSS 3.0 is the concept of making compliance a daily event, instead of an annual check-box fire drill to comply with an audit,” said Torsten George, vice president of worldwide marketing and products at Agiliance. “Continuous compliance is a considerable challenge that requires the rethinking of existing processes, including the tools organisations use to gather and analyse data. Agiliance RiskVision and the Agiliance PCI 3.0 Content Pack provide the controls, data automation, data aggregation, and workflow engine to streamline the overall compliance process and reduce the risk of data breaches.”

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.