As I was saying last week, there is a lot of misinformation and misunderstanding out there regarding PCI DSS requirements and benefits. Something I hear over and over when speaking with merchants and processors about PCI compliance is that once you have validated your PCI compliance with your processor that you can leave worry behind and rest easy knowing you are secure. It’s more that you are employing all of the best practices and security controls that are available to make the integrity of your network and your information security as tight as possible. I say this because if you think about it, of course no system guarantees absolute security because you simply can’t anticipate every possible situation under the sun that may occur.
The PCI DSS is a dynamic, adaptive set of guidelines that provides the best defense against a data breach. It is designed to assist you in making your business PCI compliant and maintaining your PCI compliance. By regularly monitoring, scanning and updating your security tools following the PCI DSS guidelines you keep your data at the peak of protection. But simply being certified as “PCI Compliant” doesn’t inherently make you infallibly secure.
Becoming PCI Compliant is the first step to maintaining data and network security. But network and data security are technically under continuous assault or threat of assault by ever new and more ingenious ways to defeat existing security tools and steal information. The PCI DSS guidelines specifically dictate that on a regular basis the network should be checked over to make sure no recent changes have opened up a previously undetectable vulnerability. The PCI DSS recommends a network review every 6 months at a minimum. Consider the volume and susceptibility of your own company network and data storage facilities and decide if maybe more frequent reviews are warranted. Also to make sure that all virus protection software possesses the latest manufacturer recommended updates and/or patches are in place.
Keep referring to this site for important information and updates regarding the PCI DSS. Remember to tell anyone you know in business who is actually paying for PCI compliance that this site can allow them to become PCI compliant for free!