Tony Smith featured in Global Finance & Banking Review – click here to read the full article.
What’s changed this year regarding PCI DSS v3.2?
The introduction of PCI DSS 3.2, calls for ongoing proof that a business is compliant. In previous years it was case of undergoing assessment once a year, it’s now an ongoing task.
How can businesses make sure they’re ready for the next round of the regulations?
The most effective way to ensure you aren’t chained to compliance is to descope entirely, meaning remaining compliant is no longer an issue. With compensating controls such as pause and resume, there isn’t an audit trail that the transaction took place and you would no longer be able to provide the information if required by the Payment Card Industry Security Standards Council. Manual pause and resume systems are not considered as PCI DSS compliant because they could potentially be open to abuse by employees. Automated systems can be difficult to implement, with a lot of groundwork needed to identify when to pause and resume.
Descoping from PCI DSS means removing all data from the contact centre, so there’s essentially nothing there for criminals to steal should they gain access to your network.
What else can you do to ensure you remain compliant?
- Stay on top of any changes that might take place. You should acquaint yourself with the latest requirements and get them dialled in to your processes as soon as possible.
- Keeping on top of your antivirus and anti-intrusion software solutions should be a priority
- Ensure that software updates are installed on a regular basis to plug holes and shore up vulnerabilities
- Make sure that you have staff with the latest knowledge and training you will be ensuring your continued PCI DSS compliance. After all, an estimated 60 per cent of all data breaches come by way of employees and corporate partners, so it is in your interest to make sure they understand their security responsibilities.
To discuss de-scoping your business, get in touch with one of our experts.