Credit Card Data Still Too Vulnerable – Almost 90% of Organizations Don’t Meet PCI Data Security Standards

An article today in Computer Weekly, “PCI DSS compliance still too low”, had me thinking of several recent high profile cases of customer data and credit card breaches.  Whenever there is a customer data breach, it is BIG news. Maybe you know someone who was personally impacted by one of the recent credit card breaches . According to to the latest report on Data Security from Verizon., almost 90% of organizations surveyed don’t comply fully with the Payment Card Information (PCI) Data Security Standard (DSS). While that number is shockingly high, it is not entirely a surprise. Protecting customer data is hard. Two of the biggest problems organizations face when trying to secure customer data and comply with PCI DSS is that the data:

  • resides in many different systems (point-of-sale, customer relationship management (CRM), back office billing systems, archive storage);
  • is accessed by many different users (retail staff, system support, customer service, IT) without restricting sensitive data.
How can organizations keep the data available to users yet still keep customer information secure?  How can they find the tools they need to manage their data security? Even with a centralized system for storing customer data, organizations can find it difficult to secure sensitive data across multiple online SAP systems and archive storage. Because users are sometimes the source of data breaches, organizations must also ensure that the data is always protected against inappropriate data access by internal users, whether it is being viewed, printed or copied. Despite these challenges, it is the legal responsibility of each organization that is the holder of personally identifiable customer information, including credit card data, to ensure that the data is secured. Moreover, protecting sensitive customer data is essential to maintaining customer trust and driving the success of the business. This had me revisit solutions for Data Security and Encryption, which work with SAP applications to protect PCI data such as personnel and credit card information and other sensitive data, whether it is online or archived. These solutions help organizations control user access to sensitive customer data no matter where it resides and ensure that it is never altered. To read a recent presentation I gave at ISACA about Data Security and Encryption for SAP, see: http://www.isaca.org/chapters3/Atlanta/AboutOurChapter/Documents/SAP%20Data%20Encyption.pdf. An article today in Computer Weekly, “PCI DSS compliance still too low”, had me thinking of several recent high profile cases of customer data and credit card breaches.  Whenever there is a customer data breach, it is BIG news. Maybe you know someone who was personally impacted by one of the recent credit card breaches . According to to the latest report on Data Security from Verizon., almost 90% of organizations surveyed don’t comply fully with the Payment Card Information (PCI) Data Security Standard (DSS). While that number is shockingly high, it is not entirely a surprise. Protecting customer data is hard. Two of the biggest problems organizations face when trying to secure customer data and comply with PCI DSS is that the data:
  • resides in many different systems (point-of-sale, customer relationship management (CRM), back office billing systems, archive storage);
  • is accessed by many different users (retail staff, system support, customer service, IT) without restricting sensitive data.
How can organizations keep the data available to users yet still keep customer information secure?  How can they find the tools they need to manage their data security? Even with a centralized system for storing customer data, organizations can find it difficult to secure sensitive data across multiple online SAP systems and archive storage. Because users are sometimes the source of data breaches, organizations must also ensure that the data is always protected against inappropriate data access by internal users, whether it is being viewed, printed or copied. Despite these challenges, it is the legal responsibility of each organization that is the holder of personally identifiable customer information, including credit card data, to ensure that the data is secured. Moreover, protecting sensitive customer data is essential to maintaining customer trust and driving the success of the business. This had me revisit solutions for Data Security and Encryption, which work with SAP applications to protect PCI data such as personnel and credit card information and other sensitive data, whether it is online or archived. These solutions help organizations control user access to sensitive customer data no matter where it resides and ensure that it is never altered. To read a recent presentation I gave at ISACA about Data Security and Encryption for SAP, see: SAP Data Encryption

Credit Card Data Still Too Vulnerable – Almost 90% of Organizations Don’t Meet PCI Data Security Standards

An article today in Computer Weekly, “PCI DSS compliance still too low”, had me thinking of several recent high profile cases of customer data and credit card breaches.  Whenever there is a customer data breach, it is BIG news. Maybe you know someone who was personally impacted by one of the recent credit card breaches .

According to to the latest report on Data Security from Verizon., almost 90% of organizations surveyed don’t comply fully with the Payment Card Information (PCI) Data Security Standard (DSS). While that number is shockingly high, it is not entirely a surprise. Protecting customer data is hard.[Continue Reading]