Addressing PCI not only protects businesses and merchants from cardholder fraud, but also satisfies a broader mandate for information protection and security. Several retailed stated that complying with PCI makes them automatically compliance with SOX, due to more stringent and more specific requirements described in the PCI standard. Additional benefits include improved operational efficiencies through broad compliance (even likely with future regulations!), reduced IT administration and maintenance costs, reduced IT labor costs and greater IT productivity. At the same time, some see complying with PCI as another compliance burden for companies, especially if IT resources are limited and focused on a day-to-day grind of “firefighting.” To cost-effectively and efficiently comply with PCI, companies should look at log management and intelligence (LMI) solutions to simplify the process of collecting, storing and managing log data to both satisfy the reporting and monitoring requirements, audit log collection requirements as well as enable better incident response and forensics.
PCI Compliance Combats Fraud and Improves Security
In most cases, when a customer clicks the “buy” button on a web site, a number of things happen on the backend. An application server connects to a database, multiple records are updated and sometimes a connection to a separate payment application is initiated. All those activities generate log files in various places: on the servers, applications, databases as well as on network and security infrastructure components. At the same time, the attackers know that there might be vulnerabilities in these processes and technologies that leave data unprotected. Internal threats such as insider misuse are of even greater concern in this case, since there are no perimeter defenses stopping such attackers.
According to recent FBI survey, financial fraud is the second-largest category of hacking events on the Internet today. Similarly, Gartner estimates that 20-30% of Global 1000 companies suffer losses due to mismanagement of private and confidential information. The costs to recover from these mistakes could reach up to $5-20 million per company, as it happened in a few recent cases affecting both commercial and government entities. Additionally, it is well known. brand damage results from waning consumer trust.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.