Most businesses use a computer and/or a computer network to streamline their business operations. In many cases it’s not even an option, but a necessity in order for your business to exist at all. Whenever you are using a computer to conduct business, use the PCI DSS requirements laid out by the card associations anticipate and adapt to an ever changing environment of threats. Maintaining your PCI compliance by following the goals set for in the PCI DSS does the thinking for you.
One specific threat that has been noted by multiple source to be on the rise is called “key logging.” Key logging software allows a hacker to record every individual keystroke a user makes on his or her keyboard. The malicious types of software or “malware” used to perform this task are readily available on the internet. The way it works is: a hacker discovers a network vulnerability that has been missed by your network security manager, and remotely installs one of a myriad of key logging malware programs that sends the user’s keystroke information to a fixed email address that records it. Later when the hacker goes back to analyze the recorded data, he or she can determine user id’s, passwords, email addresses, etc. The list goes on and on.
Visa recommends taking the following precautions (contained within the guidelines of the PCI DSS) to protect your network:
- Remove unnecessary remote network access and only turn on when needed. Change any default software passwords and only use remote access software that has strong security controls built in.
- Use a dedicated firewall with network traffic filtering that allows only the ports and services needed for your business. Disable FTP (file transfer protocol) and STMP (simple mail transfer protocol) ports if they aren’t required on a daily basis.
- Continuously monitor ALL software programs installed on your system and remove any unknown or unnecessary to conduct daily business.
- Regularly check for unknown devices connected to computer terminals in the office (don’t forget to check mice and keyboards too!).
If you are already PCI compliant, then all of the above will be true. Just don’t forget that network security and security threats are dynamic and must be continually monitored to maintain your PCI compliance. Refer to this website for more tips taken directly from the PCI DSS. Your PCI compliance benefits not only your organization, but the integrity of the electronic payments system as a whole. If you aren’t PCI compliant yet, use this site to learn how to become PCI compliant at no charge.