For the last few weeks we’ve been covering the highlights of an international data security report published by one of the industry’s leading QSA’s (qualified security assessor) in an effort to better understand what works and what doesn’t with regard to computer network protection. Some final findings of the report make it clear that in addition to following the requirements of the PCI DSS (payment card industry data security standard) there is still a need for that human touch and reasoning.
One unanticipated finding was that percentage of business owners or employees that were able to detect a security breach on their own was a discouraging sixteen percent. The remaining eighty four percent only found out that they had been compromised when they were informed of the breach by an outside source. Whether alerted by a consumer, local or federal law enforcement, or industry regulators, an analysis of those types of cases found that the average time between the data compromise and its detection and containment was over one hundred and seventy days! The amount of time the thieves had to exploit or sell the stolen information is staggering. I imagine that long before that timeframe has passed, they’re long done wringing what they can from that poor soul’s account.
This statistic, to me, is the most telling about the general attitudes of business owners and their employees towards the seriousness of PCI compliance. People out there still think that once they fill in some form answering a bunch of questions that don’t mean a whole lot them, that they’re done with their efforts to make their customers’ data safe. Fortunately law enforcement’s detection abilities have improved over five hundred percent in the last year. The authorities are taking PCI compliance seriously and so should you. The increased effectiveness of the police and Secret Service (a branch of the treasury department that investigates financial crime) is a testament to system-wide adaptation and anticipation of the growing threat. They have clearly gone above and beyond what is merely the standard they are required to meet. Take PCI compliance seriously, please. You only risk catastrophe by not becoming PCI compliant. Know that you can, easily, now, for free. See our homepage.