Data breaches dominated headlines in 2014. In that year, according to the Open Security Foundation, 3 out of 10 of the all-time worst security breaches happened: 173 million records from the NYC Taxi & Limousine Commission; 145 million records at eBay; and 104 million records from the Korea Credit Bureau were compromised in some fashion. In addition, cybersecurity attacks on numerous high-profile companies made it clear that no industry went unscathed.
It wasn’t just big companies hit hard in 2014. According to a recent study conducted by the Ponemon Institute, 43% of organizations experienced a data breach involving sensitive or confidential customer or business information in the past 2 years. Now more than ever, the Payment Card Industry Data Security Standard—currently in its most recent iteration as PCI DSS 3.0—matters.
Let’s take a look at the key changes in PCI 3.0.
PCI DSS 3.0 emphasizes implementing best practices, and it promises to take retailers to a new level of threat awareness, prevention and remediation. By increasing security standards and making security best practices a part of the culture, businesses can improve the effectiveness of their security controls, maintain a PCI compliant IT environment, and safeguard customer data.
Changes in PCI DSS 3.0 can be classified into four main categories:
MegaPath PCI Compliance Services can help with all four areas. Our PCI services include a network assessment, continuous network monitoring and management, and compliance assistance.
Established in 1923 in Rockland, Massachusetts, Tedeschi Food Shops, Inc. is one of New England’s most trusted family-owned and operated convenience store chains, with more than $600 million in annual revenue. The company operates 191 convenience store locations in both Massachusetts and New Hampshire.
Tedeschi realized it had to make changes for business reasons and compliance reasons, especially when it came to network segmentation. Many retailers struggle with this, as it entails physically separating PCI assets from non-PCI ones. “We had older devices in some locations that didn’t meet these standards,” says Doug New, Chief Information Officer, Tedeschi Food Shops. “But MegaPath came in and made the necessary router improvements and other adjustments to enable compliance.”
As data threats continue, businesses are turning to third-party service providers to help manage network and data security and compliance. Relying on third-party service providers to assist with managing, securing, and processing cardholder data has made compliance more of a shared responsibility.
Even if a merchant hires third-party service providers, the merchant ultimately remains responsible for information security and must ensure that employees and vendors follow policies and procedures that adhere to all service level agreements and contractual obligations.
Working with a service provider that specializes in PCI 3.0, such as MegaPath, can reduce the number of security headaches that retailers must deal with. Retailers don’t have to hire and continually train experts in network security or PCI, because MegaPath security experts continuously monitor (24/7) and analyze our customers’ networks. In fact, MegaPath is currently responsible for network monitoring at over 80,000 customer locations. Working with our fully trained network security experts enables our customers’ IT departments to focus on other projects core to their business.
Perhaps you are among the 70% of businesses whose IT organizations are understaffed. That doesn’t mean you have to be the next data breach victim to make headlines.
Understanding PCI 3.0 standards is crucial to ensuring the security of cardholder data, and the experts at MegaPath are ready to help. To learn more, read about MegaPath’s PCI Compliance Services, or call us today at 866-270-7736.