Credit card merchants see the approaching Payment Card Industry Data Security Standard as an easily attainable goal, but IT security experts think otherwise.
The Payment Card Industry (PCI) Data Security Standard is a list of 12 items that retailers, online merchants, data processors and any business that handles credit card information must comply with by June 2005.
The standards push has a greater impact on medium-sized credit retailers rather than larger financial firms, according to Bruce Cox, American Express regional head of security and investigation.
This is because the standards are leveraging off best practice already used by international credit traders and Australian banks, which claim they are well ahead of the deadline.
For example, Cox said when it comes to securing databases Australia is ahead of the pack.
"If a criminal hacks into a company file server we are so well set up here that it has next to no impact on us at all, but this isn't the case in the US," he said.
"You read a lot about Australia being the world leader in adopting technologies like encryption and we really do have it well covered," Cox said, adding that the industry welcomed auditable controls such as the PCI security standard.
Merchants don't want to be compromised he said. He described the standard as a set of new brakes that will give business better response times.
"All these initiatives being pushed by Visa and others are running on the coat-tails of what we [American Express] have been doing for some time," Cox added.
The security standards mandate compliance for merchants that store or transmit credit card information; they include a specific set of information security requirements that companies must adhere to or risk facing heavy fines. Merchants that don't comply with the standards may also barred from processing credit card transactions in the future.
The requirements include annual security self-assessments and for online members quarterly security scans are mandatory.
This applies to merchants and service providers that process more than $125,000 gross per month in credit card transactions.
Not surprisingly, introduction of the standard has been good news for penetration testers.
One testing firm Security Assessment.com claims the standards have come out of the blue for some merchants and not everyone is as well prepared as American Express.
The company's managing director Drazen Drazic said some merchants are concerned they will not be able to meet the compliance deadline.
"While the actual standards are long overdue, they are quite detailed and will involve a good deal of financial investment which will threaten some merchants."
- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Email Archiving Implementation: Five Costly Mistakes to Avoid
Email Archiving is essential for managing email data, but is potentially expensive to implement. Read on to discover the five key areas where email archiving costs can be contained, including data capture methods and default configuration methods.
Buying Guides
Latest Products
Buying Guides
