SlideShare a Scribd company logo

Is your business PCI DSS compliant? You’re digging your own grave if not

Download as PPTX, PDF
CheapSSLsecurity
CheapSSLsecurity

According to the latest report by Verizon, every organization that suffered from a data breach during 2010 to 2016 wasn’t fully PCI DSS compliant. Is yours?

Technology
1 of 34
Is your business PCI DSS compliant? You’re digging your own grave if not…
Why to be PCI Compliance? The latest report by Verizon shows that online businesses are less likely to be breached if they’re PCI compliant.
What is PCI DSS Compliance?
“ The Payment Card Industry Data Security Standard (PCI DSS), is a set of security guidelines applicable to all organizations that accept, store, and process credit card information.
How PCI DSS Compliance Works?
Image: PCI Scanning Function
PCI DSS Compliance ○ The PCI DSS is comprised of 12 key requirements that any website dealing with payment cards must adhere to. ○ The Verizon 2017 Payment Security Report clearly outlines the relation between PCI DSS compliance and data breaches ○ Interestingly, almost all the victimized companies that Verizon analyzed between 2010 and 2016 were found have violated the PCI DSS at the time of their breach. ○ Even more interestingly, the report indicates that 55.4% remain fully PCI compliant one year after their preliminary assessment. ○ These two are the key findings of the 60-page long Verizon 2017 Payment Security Report – the ‘highlights’ if you may.
• However, there’s no need to get overly pessimistic by these numbers. There is some good news, too. So, which one would you like to hear first — good news or bad news? Okay, let’s go through some good news first.
The Good News 
The report states that 55.4% of companies in 2016 remained fully PCI compliant one year after their preliminary assessment. This number may sound a little on the downside, but it’s not. 55.4% is a massive improvement over the 48.4% recorded in 2015. Compliance on the rise
One of the 12 PCI DSS requirements is NOT TO use default vendor-supplied credentials. Going by Verizon’s report, 81.3% of organizations heed this requirement – an encouraging sign indeed. Default credentials are a thing of the past
If there is any sector that needs to comply with the PCI DSS more than others, it’s the finance sector Almost 60% of financial services organizations fall within the boundaries of PCI DSS. Finance sector leading by example
Another key finding of the report was the rise in customer awareness. The report states “66% say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen. Now let’s get to the bad news. The part you should have a close look at. Customers getting savvier
The Bad News 
The report demonstrates a clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
• Speaking of which Rodolphe Simonetti, Verizon’s global managing director for security consulting said “There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks, [While] it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”
The report demonstrates a clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
An important part of the 12 requirements is the ‘Security Testing.’ This requires the organizations to test their security systems and processes under some specific guidelines. Unfortunately, only 71.9% of organizations are compliant with this requirement. Security Testing: Needs Improvement
To protect your online business against potential data breaches, you need to constantly track and monitor access – that’s actually rule 10 of the PCI DSS. 91.9% of the companies assessed after a data breach were found to be disregarding this requirement. Now that you know the significance that PCI DSS requirements hold, we hope that you will comply with (or at least think about) the requirements. Tracking and Monitoring: A bluntly ignored requirement
12 requirements for Tracking and Monitoring
1. Install and maintain a firewall and router configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know Access Restricted
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel
And if you’re feeling particularly motivated and want to dig in deep, you can learn more about these requirements on Payment Security Council’s official website.
34 THANKS!  If you have any questions about this document please don’t hesitate to contact us at:  https://cheapsslsecurity.com/blog/  https://twitter.com/sslsecurity  https://www.facebook.com/CheapSSLSecurities  https://plus.google.com/+Cheapsslsecurity

Recommended

Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsPCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsFit Small Business
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 

Recommended

Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsPCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsFit Small Business
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
New fraud protection solutions
New fraud protection solutionsNew fraud protection solutions
New fraud protection solutionsLaurent Pacalin
 
Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness TestDruva
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
IT Trends - Cyber Security
IT Trends - Cyber SecurityIT Trends - Cyber Security
IT Trends - Cyber SecurityDatix Consulting
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...AtoZ Compliance
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCIKelly Lam
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
Pci dss v3-2-1
Pci dss v3-2-1Pci dss v3-2-1
Pci dss v3-2-1leon bonilla
 
C7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingC7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingDr. Wilfred Lin (Ph.D.)
 
What Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSWhat Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSLondon School of Cyber Security
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementSecurityMetrics
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...TrustArc
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019 Mutual Trust Bank Ltd.
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTat MicroFocus Italy ❖✔
 

More Related Content

What's hot

New fraud protection solutions
New fraud protection solutionsNew fraud protection solutions
New fraud protection solutionsLaurent Pacalin
 
Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness TestDruva
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
IT Trends - Cyber Security
IT Trends - Cyber SecurityIT Trends - Cyber Security
IT Trends - Cyber SecurityDatix Consulting
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...AtoZ Compliance
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCIKelly Lam
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
C7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingC7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingDr. Wilfred Lin (Ph.D.)
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementSecurityMetrics
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...TrustArc
 

What's hot (19)

New fraud protection solutions
New fraud protection solutionsNew fraud protection solutions
New fraud protection solutions
 
Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness Test
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
IT Trends - Cyber Security
IT Trends - Cyber SecurityIT Trends - Cyber Security
IT Trends - Cyber Security
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCI
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
Pci dss v3-2-1
Pci dss v3-2-1Pci dss v3-2-1
Pci dss v3-2-1
 
C7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingC7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditing
 
What Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSWhat Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSS
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
 
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
 

Similar to Is your business PCI DSS compliant? You’re digging your own grave if not

Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS ComplianceTripwire
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
PCI Compliance for Payment Security
PCI Compliance for Payment SecurityPCI Compliance for Payment Security
PCI Compliance for Payment SecurityPaymentAsia
 
The  security benefits associated with maintaining PCI compliance a.docx
The  security benefits associated with maintaining PCI compliance a.docxThe  security benefits associated with maintaining PCI compliance a.docx
The  security benefits associated with maintaining PCI compliance a.docxcroftsshanon
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wpEdward Lam
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Pci compliance
Pci compliancePci compliance
Pci compliancepcihghg23
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliancepcidss14s
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 

Similar to Is your business PCI DSS compliant? You’re digging your own grave if not (20)

MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xg
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS Slidecast
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1
 
PCI Compliance for Payment Security
PCI Compliance for Payment SecurityPCI Compliance for Payment Security
PCI Compliance for Payment Security
 
The  security benefits associated with maintaining PCI compliance a.docx
The  security benefits associated with maintaining PCI compliance a.docxThe  security benefits associated with maintaining PCI compliance a.docx
The  security benefits associated with maintaining PCI compliance a.docx
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wp
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Pci compliance
Pci compliancePci compliance
Pci compliance
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliance
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePay
 

More from CheapSSLsecurity

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityCheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorHow to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorCheapSSLsecurity
 
Apache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideApache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideCheapSSLsecurity
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityMulti Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityCheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?CheapSSLsecurity
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017CheapSSLsecurity
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Quantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forQuantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forCheapSSLsecurity
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingCheapSSLsecurity
 
Understanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecUnderstanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecCheapSSLsecurity
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityThawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityCheapSSLsecurity
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingShift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingCheapSSLsecurity
 
Microsoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowMicrosoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowCheapSSLsecurity
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
 
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceWhy Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceCheapSSLsecurity
 

More from CheapSSLsecurity (20)

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorHow to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
 
Apache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideApache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting Guide
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityMulti Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
 
What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
Quantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forQuantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out for
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
 
Understanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecUnderstanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by Symantec
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityThawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingShift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
 
Microsoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowMicrosoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to know
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceWhy Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Is your business PCI DSS compliant? You’re digging your own grave if not

  • 1. Is your business PCI DSS compliant? You’re digging your own grave if not…
  • 2. Why to be PCI Compliance? The latest report by Verizon shows that online businesses are less likely to be breached if they’re PCI compliant.
  • 3. What is PCI DSS Compliance?
  • 4. “ The Payment Card Industry Data Security Standard (PCI DSS), is a set of security guidelines applicable to all organizations that accept, store, and process credit card information.
  • 7. PCI DSS Compliance ○ The PCI DSS is comprised of 12 key requirements that any website dealing with payment cards must adhere to. ○ The Verizon 2017 Payment Security Report clearly outlines the relation between PCI DSS compliance and data breaches ○ Interestingly, almost all the victimized companies that Verizon analyzed between 2010 and 2016 were found have violated the PCI DSS at the time of their breach. ○ Even more interestingly, the report indicates that 55.4% remain fully PCI compliant one year after their preliminary assessment. ○ These two are the key findings of the 60-page long Verizon 2017 Payment Security Report – the ‘highlights’ if you may.
  • 8. • However, there’s no need to get overly pessimistic by these numbers. There is some good news, too. So, which one would you like to hear first — good news or bad news? Okay, let’s go through some good news first.
  • 10. The report states that 55.4% of companies in 2016 remained fully PCI compliant one year after their preliminary assessment. This number may sound a little on the downside, but it’s not. 55.4% is a massive improvement over the 48.4% recorded in 2015. Compliance on the rise
  • 11. One of the 12 PCI DSS requirements is NOT TO use default vendor-supplied credentials. Going by Verizon’s report, 81.3% of organizations heed this requirement – an encouraging sign indeed. Default credentials are a thing of the past
  • 12. If there is any sector that needs to comply with the PCI DSS more than others, it’s the finance sector Almost 60% of financial services organizations fall within the boundaries of PCI DSS. Finance sector leading by example
  • 13. Another key finding of the report was the rise in customer awareness. The report states “66% say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen. Now let’s get to the bad news. The part you should have a close look at. Customers getting savvier
  • 15. The report demonstrates a clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
  • 16. • Speaking of which Rodolphe Simonetti, Verizon’s global managing director for security consulting said “There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks, [While] it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”
  • 17. The report demonstrates a clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
  • 18. An important part of the 12 requirements is the ‘Security Testing.’ This requires the organizations to test their security systems and processes under some specific guidelines. Unfortunately, only 71.9% of organizations are compliant with this requirement. Security Testing: Needs Improvement
  • 19. To protect your online business against potential data breaches, you need to constantly track and monitor access – that’s actually rule 10 of the PCI DSS. 91.9% of the companies assessed after a data breach were found to be disregarding this requirement. Now that you know the significance that PCI DSS requirements hold, we hope that you will comply with (or at least think about) the requirements. Tracking and Monitoring: A bluntly ignored requirement
  • 21. 1. Install and maintain a firewall and router configuration to protect cardholder data
  • 22. 2. Do not use vendor-supplied defaults for system passwords and other security parameters
  • 23. 3. Protect stored cardholder data
  • 24. 4. Encrypt transmission of cardholder data across open, public networks
  • 25. 5. Use and regularly update anti-virus software or programs
  • 26. 6. Develop and maintain secure systems and applications
  • 27. 7. Restrict access to cardholder data by business need to know Access Restricted
  • 28. 8. Assign a unique ID to each person with computer access
  • 29. 9. Restrict physical access to cardholder data
  • 30. 10. Track and monitor all access to network resources and cardholder data
  • 31. 11. Regularly test security systems and processes
  • 32. 12. Maintain a policy that addresses information security for all personnel
  • 33. And if you’re feeling particularly motivated and want to dig in deep, you can learn more about these requirements on Payment Security Council’s official website.
  • 34. 34 THANKS!  If you have any questions about this document please don’t hesitate to contact us at:  https://cheapsslsecurity.com/blog/  https://twitter.com/sslsecurity  https://www.facebook.com/CheapSSLSecurities  https://plus.google.com/+Cheapsslsecurity