2014 wasn't exactly the greatest year for cyber security. No indeed: from banks to retailers, companies and governments, last year was one to forget. Well actually, scratch that - last year was one more than ever to remember. The industry needs to learn from its mistakes, the loop holes need to be closed and customers' financial and personal details need to be better protected. That's exactly what the new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) is trying to help achieve.
PCI 3.0 launched at the start of this year with more than 90 new standards designed to improve credit card security measures. The PCI Security Council, if you didn't know, was set up in 2006 with the mission statement: " to enhance payment account data security by driving education and awareness of the PCI Security Standards."
The standards have been updated in a three year cycle and this iteration of updates couldn't have come any sooner. In 2014 vulnerabilities were exposed, particularly in the US, with major retailers such as Ebay, Target and Home Depot suffering major data breaches and even the bank JP Morgan was compromised. Not to forget the major hack on Sony Pictures - whose perpetrators are still debated.
The latest PCI compliance standards have tried to address the causes for a number of these attacks, with an emphasis on improved cloud standards and practices. Another key update is the requirement for compliance to the standards from third-parties involved in payments. It became clear in the aftermath of the attacks, such as the one on Home Depot for example, that the point of entry for breaches was often attributed to third-parties - in the case of Home Depot, through its air-conditioning company. Third-parties are now obliged to use unique passwords and two-factor authentication.
The new standards also now incorporate more rolling requirements that evolve over time - this helps reflect the constantly changing battle front for security. Security is never set in stone and needs constant vigilance from administrators and companies to stay ahead of the game and minimise vulnerabilities.
We take security very seriously here at Ensygnia and we can link it to your identity and level of authority to control what areas of a system someone is allowed to visit. We actually think it's time to say goodbye to the password all together which was still a major entry point for a number of last year's hacks. We also think our product can provide a powerful payments experience, hence our commitment to complying to the latest PCI standards.
By Matthew Taylor 15th January 2015
Related stories around the web