Story image

It’s no tick-box compliance

01 Oct 2010

Retailers have borne the burden of payment card industry (PCI) compliance for half a decade and are still struggling with the requirements, typically approaching the stringent data security standard (PCI DSS) from a “tick the box” point of view. This could be costing retailers more than they realise, as constant tweaking to a compliance project continues to use time, effort and resources. Taking a holistic approach, however, actually cuts audit hours and as a result reduces costs by 15% on average. The benefits of approaching data compliance using a systematic, yet flexible, platform will resolve the need for constant re-working of a compliance project in an effort to comply. PCI DSS, developed by the PCI Security Standards Council, applies to anybody who stores, processes or transmits cardholder data. It is a set of rules and requirements that govern the handling of credit card data, placing the burden of compliance firmly on retailers’ and financial card issuers’ shoulders. Meeting the requirements – which include firewall management, intrusion detection, logging, file integrity monitoring and alerts – can be a lengthy process for companies just beginning their compliance journey. Unfortunately, these projects are seen as a necessary evil that do not add value to the organisation. However, if done right, retailers can champion a compliance project that lets CIOs access more resources to drive security initiatives and deliver greater value. If implemented properly, these initiatives leverage existing compliance standards to build proactive security programs that safeguard enterprise data and credibility. In today’s complex IT environment, it is almost impossible to ensure total protection. But a thorough design, accompanied by careful selection of appropriate products, tailored to the size and complexity of a particular enterprise infrastructure, can enable a proactive security strategy. Retailers should look for a solution that provides them with a foundation to provide ongoing security, including the capability to protect data, and also have other controls in place such as access control, key management, policy management, logins and auditing. One of the popular ways retailers can secure data, while ensuring it is still useable, is through tokenisation. The tokenisation solution helps retailers quickly meet requirement three of PCIProtecting Stored Cardholder Data. This requirement is one of the most challenging for retailers and one of the most common points of audit failures. Tokenisation lets the retailer replace credit card data in an electronic transaction, with a token. This token prevents theft of the credit card data during electronic transmission and storage. Using tokens, retailers can also preserve the information format of that transaction, meaning different types of data can be protected without affecting critical IT components such as databases or legacy applications. This also has the benefit of reducing the footprint of stored data, which then reduces the scope of a PCI DSS audit. Retailers considering moving to tokenisation of their card data need to address the following: 1 Conduct an audit of what applications are required to access data; 2 Understand the points of data capture; 3 Document where existing data resides – databases, applications, mainframes or file shares; 4 If data sits in databases and file shares, tokenisation is a good fit; 5 Upfront work is required to transfer data to the tokens. Retailers do need to be aware that no single point solution exists, so it is important to have a platform that is flexible enough to work across databases, applications and file systems.

Microsoft Teams’ eight new and upcoming features
After taking Best in Show at Enterprise Connect, Microsoft Teams will be seeing eight new capabilities over 2019.
IDC: NZ's PC market surprise growth will not last
Despite the growth witnessed at the end of 2018, IDC predicts that New Zealand’s traditional PC market in 2019 will decline by -4.4% YoY.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Vector penalised $3.5 million for excessive levels of power outages
''Given the impact electricity outages have on consumers and businesses it is crucial that lines companies have systems in place to identify and manage the risks present in their networks."
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
Microsoft offers Government free digital skills training
Upwards of 60 workshops will be offered, aimed at giving staff a vital grounding in cloud technologies, artificial intelligence and other skills.
Google certifies Panasonic rugged devices for enterprise
The Toughbook T1 and N1 handhelds meet all requirements for Google’s rugged Android certification.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."