Newest PCI SSC Updates
The PCI Security Standards Council is continually looking at the way the industry operates and looking for ways to improve it. Specifically, it is concerned with enhancing the way businesses handle such things as the development, storage, dissemination, and security for data. As such, it occasionally issues new updates for businesses to improve their practice in these areas and make sure they are being compliant. These are some of the latest PCI SSC updates affected businesses should be aware of and start putting into practice.
Payment Card Data Security
First of all, the PCI SSC has updated its security standards regarding data security in the manufacture of debit, credit, and other payment cards. The new standards were designed to protect cards against fraud if the materials from which the cards are made are compromised. The security standards include the process of manufacturing the cards, getting data chips embedded into them, personalizing the cards, and the delivery of cards to customers. All of the new standards in these areas are meant to enhance the security of cards from the moment they are made to the time they reach the hands of the customers who ordered them or who are getting updated cards.
The PCI SSC has noted a need to improve the security of these cards across the payment chain, which includes manufacturers as well as the companies that market the cards. It is encouraging both manufacturers and marketers to work closely together throughout the card production and distribution process to ensure their security. The new security standards include protecting the cards against both old and new threats to card security.
Increase in Protection of Existing Customer Data
Next, the PCI SSC is encouraging businesses to increase and enhance the protection of the existing customer payment data from criminals. They’ve released a new set of guidelines for best practices for businesses to ensure this data is protected from increasingly sophisticated threats from hackers both here and abroad. These best practices are based on a report from Symantec that stated in today’s business environment, any business that operates on the internet will eventually be targeted by hackers. This means it is not a question of if a business will be targeted, but when. The most technologically developed nations, such as the United States, Canada, the UK, Ireland, Australia, China, and France are particularly at risk, but the idea applies to any online business in any nation.
One of the most important things businesses can do is increase their response time to such data breaches when they occur. Slow response time is one of the biggest problems businesses face in this area, and this is something the new best practices of the PCI SSC are encouraging them to improve. Many businesses can take weeks or months to contain a data breach, and this is unacceptable, as customer data remains vulnerable during the entire time the breach is being contained. Better response times in containing breaches means safer customer payment information. Having a special team in place to address these breaches as they occur will not only give business the ability to respond more quickly to containing those breaches, it will also save businesses money.
The typical data breach and the average time it takes businesses to respond to it currently costs businesses an average of three billion dollars to clean up. Having a team in place to address these things when they occur will not only save businesses money and increase customer satisfaction, it will also allow businesses to notice certain hacker threats coming and protect the business from them before a breach ever happens. This powerful tool can do a lot of good for today’s online businesses, and is why it is on the PCI SSC’s new list of best practices in this area.
New Updates for 2016
A new meeting to establish the most updated set of best practices is set for January 2016, so there will be new updates coming up for the new year. It is important that the PCI SSC convenes meetings on a regular basis, because the electronic world is getting more complex, and new and more sophisticated threats to the payment data of consumers are appearing all the time. The PCI SSC will continue to study and stay on top of things in this area, so they can continue to do their job of teaching businesses how to protect themselves and their consumers in our new cyber world, saving themselves money, protecting their reputations, and keeping their customers happy.