(This is the second of a two-part blog on what retailers need to know about pending changes with the Payment Card Industry Data Security Standard.)
In part one of this blog, we summarized the key changes currently underway with respect to the Payment Card Industry Data Security Standard (PCI DSS). By January 1, 2015, retailers must comply with PCI DSS version 3.0, as the 2.0 version is phased out. Among other steps, businesses will have to diagram networks to illustrate that the cardholder data environment (CDE) is isolated and protected, while increasing documentation of supporting hardware and software components. Aside from such “checklist”-styled items, however, PCI DSS 3.0 is designed to shift the industry’s culture from that of strict compliance to one of heightened, year-round security best practices.
At MegaPath, we believe that merchants will eventually embrace these changes, as opposed to viewing them as a burden. Recent research from the Ponemon Institute found that the average cost of a breach to a company in 2014 totals approximately $3.5 million. A comprehensive state of security awareness, prevention and remediation will save retailers from immense financial losses over the long term.
When credit card data is compromised or stolen, retailers typically undergo painful procedures. They have to cease credit card transactions, conduct an internal audit, and launch intensive remediation actions before they can process card sales again. Obviously, they’re going to lose sales – to competitors – as a result. Beyond that, there will be often immeasurable harm in terms of brand reputation, customer loyalty, and trust. And they may never “earn it back,” not when those customers change their card and PIN information and file lawsuits over damages because of a successful exploit of sales systems. The upshot: The average cost of lost business alone due to a breach is $3 million.
Clearly, transitioning to PCI DSS 3.0 presents significant challenges – challenges that businesses shouldn’t consider taking on their own unless they have significant internal resources and expertise. Instead, they need to forge a partnership with a proven service provider who can help them achieve the total state of preparedness that PCI DSS 3.0 demands.
And we stress the word partnership. At MegaPath, we refuse to force feed a “one size fits all” assortment of solutions on our customers. We understand that they have unique needs in terms of the systems they use and the customers and industry they serve. We know that security is a shared responsibility between the retailer and the service provider. Furthermore, we go a step further to help customers educate their employees on security risks, such as detecting the characteristics of a social engineering-enabled attack.
Then, we work with them to acquire and install a wide range of products that are best suited for them and help them achieve and maintain compliance with PCI DSS requirements. Our solutions include:
MPLS. MegaPath MPLS Managed Network Services supports optimal Private Networking through built-in capabilities designed to augment availability and productivity while protecting networks, particularly those carrying payment card data, from malicious traffic.
IPsec tunneling. The MegaPath Site-to-Site IPsec (Internet Protocol Security) Virtual Private Network (VPN) takes advantage of the best in encryption and data encapsulation technologies to securely connect all of a merchant’s sites on the same network, so managers can securely manage operations and access multiple store systems remotely from a central site.
Firewalls. MegaPath Managed Firewall serves as the first line of defense against intrusions, with a hardware-based architecture blocking malicious traffic and otherwise protecting the sales transaction network from unauthorized users, dangerous protocols and common network-layer attacks. Yet, none of this comes at the expense of systems performance.
Log collection. Based in the cloud, MegaPath Managed Logging Service securely collects, analyzes, reports and stores log data from MegaPath-provided or customer-owned security devices and IT infrastructure, and restricts physical access to cardholder data.
Vulnerability scanning. The MegaPath Vulnerability Scanning Service supports customers with Web-based network tools for unlimited external scanning by security teams, also making available quarterly scan certification reports to meet PCI DSS requirements.
Offering solutions like these – in addition to always accessible, experienced consultation from our engineers and support teams – defines the distinguished value of a MegaPath partnership. Through these efforts, we help ensure that you’ll surpass any and all PCI DSS 3.0 standards. You’ll reach a new state of assurance that will serve as a formidable shield against the adversaries who have taken down one retail giant after another.
If you’d like to know more about what we can do for your business, please contact us.