Reliable security past PCI compliance

Reliable security past PCI compliance

Although the PCI DSS guidelines are in place to make sure businesses protect their customers credit and debit card information, Data Center Journal said continuous monitoring, scanning, remediation and an annual review of the PCI DSS rules need to be done in order to maintain a very secure eCommerce or retail business. For companies that work online, making sure there is good management of VeriSign SSL certificates is imperative as well.

"Increasingly, organizations are so focused on achieving compliance that they often miss the bigger, more important picture of ensuring consistent corporate data security through effective risk management," according to the news source. "Achieving reliable and continuous information security requires adapting to a risk-based approach and should not be determined by annual compliance metrics."

Data Center Journal said many businesses take a "checkbox mentality" toward regular PCI compliance to help pass requirements, but it may fail to address the real security threats businesses experience. The website said customer data, which is highly sensitive, is often still left partially insecure. Companies that do not take full measures to make sure this credit and debit card data is secure need to start buckling down, as they may experience thousands of dollars in fines if there is a breach.

Companies should have long-term goals, according to the website, including reducing and managing risk, maintaining PCI compliance, improving business effectiveness and customer security, and reducing cost. All of these things can be met, but it is up to a company having great security measures in place.

A white paper by Symantec and VeriSign said if there are expired SSL certificates, a network could see some extreme repercussions.

"It takes just one out-of-date or rogue certificate to expose the enterprise - and perhaps more importantly, its customers - to malicious cybercrime," according to the VeriSign and Symantec white paper. Companies need to make sure their security measures are updated and ready to protect.