Expert lists top PCI missteps

Expert lists top PCI missteps

Companies dealing with payment information stored in digital systems must become PCI compliant. The rules and regulations are not optional suggestions but rather hurdles companies must clear before they can be considered safe repositories of client data. According to a recently released overview by PCI-certified assessor Charles Denyer, there are a number of common IT security failings standing between companies and full PCI compliance.

Widely seen shortcomings

Denyer stated that the most common issues in the workplace are often based on company culture and best practices rather than actual technological breakdowns. He noted that a variety of firms lack an exact set of controlling policies to keep workers on task and compliant with regulations. Intent aside, a worker can simply fall into noncompliant behavior due to insufficient awareness.

Of course, best practices can only carry an organization so far. Firms must also maintain technology systems capable of repelling outside attacks. Denyer had suggestions for this area as well. He stated that companies need a way to manage and track usage of any system containing payment data. Keeping unwanted users out is vitally important to keeping data safe.

Application security is on the list of must-have PCI components. Denyer noted that companies without firewalls surrounding their online apps are noncompliant by nature, as such systems are set-in-stone requirements.

Dangerous environment

It is easy to see why security regulations are held to such high importance. In recent months, digital breaches have been relentless. According to Computer Business Review, the U.K. Information Commissioner's Office, tasked with assessing fines in case of data breaches, has had an extremely busy 12 months. The source noted that this year, through June, the organization issued 68 separate reprimands to companies found in violation of data security requirements. Data theft remains rampant and payment data is among the most exploitable types.