Recent high profile cyber attacks and security breaches for companies such as Sony have again brought the issue of PCI compliance into sharp focus. The attack on Sony proves that even the most I.T. savvy company can fall victim to a cyber attack.
For many industry commentators, Sony merely represents a growing list of companies who are victims of the I.T. jungle. Criminal gangs, terrorist organisations and hackers stalk companies looking for the slightest gap in security, a blind-spot, an open door or simple negligence. To then hack and steal personal and credit card data from unwary and ill-prepared companies.
When we consider the business travel industry we can see that the risks are high, how many TMCs photocopy and fax card data around the world to hotels, exhibition centres and alike? Relying on the honesty of their staff and the person receiving the fax for security! Or even worse store card data within their own systems.
Many TMCs and HBAs within the industry struggle to get to grips with PCI compliance and its implications. How much will it cost to implement? What do I need to do? Where do we begin? Achieving conformance is not simple and takes time to get right and maintain. So for small, medium and even large companies meeting the required standards can be problematic and expensive.
Basically, PCI standards have twelve points of compliance categorised into six groups. This sounds simple enough but there are roughly two hundred and fifty controls to be put in place, depending on the level of security you require. And the level of protection required is determined by the number of credit card transactions processed each year. Each of the two hundred and fifty controls can be verified in up to four times and may require up to four pieces of evidence to prove you meet PCI standards.
The costs of PCI accreditation for even a small TMC or HBA can run into thousands of pounds and for a large multi-national corporation it can be hundreds of thousands of pounds. However, doing nothing is not an option as MasterCard and Visa will fine breached companies for non-compliance. These fines reflect the scale and number of breaches and the size of the company. This ensures that conforming is the cheaper option.
In 2009 MasterCard* published their fines for non-compliance and these are steep. Fines can reach two hundred thousand dollars (US) for failing to meet the required standards with a charge of between ninety and three hundred dollars** per credit card record stolen. This doesn’t include the resultant legal action from your customers and damage to your company’s reputation. Put simply, for many companies within the industry, this is an issue of comply or die.
So with the costs of complying and the time it takes clearly overshadowed by the expense of a security breach where do you go for help. The answer is Conferma.
Conferma reduce the scope of your compliance requirements by taking the need to hold, process and transmit card data out of your company but not your control. In the modern I.T. jungle Conferma is the game keeper providing expertise and protection whilst saving both time and money.
*MasterCard
** Basics for PCI compliance
Wednesday, 4 May 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment