July 5, 2005, 12:00 AM

New data-protection standard should require outside auditors

The joint data storage protection standards of MasterCard, Visa, American Express, and Discover should require outside auditors to validate whether medium- to large-size merchants are in compliance.

The joint data storage protection standards of MasterCard, Visa, American Express, and Discover should require outside auditors to validate whether medium- to large-size merchants are in compliance, says Ivan Remsik, senior analyst at Forrester Research Inc.

The combined standards-the Payment Card Industry Data Security Standard, or PCI-outline what steps online merchants must take to protect customers’ confidential data, including credit card account numbers. Merchant acquirers and service providers that store, process or transmit cardholder data also must meet the standard.

The deadline for complying with the standards was June 30.

Under the standard, merchants must validate compliance either through internal or external audits of their data security. But Remsik says that most mid-size to large merchants don’t have internal auditors with the expertise needed to determine if a security system is in compliance. He notes that there are over 175 areas and 200 assessment tasks that the security assessor needs to review, including line by line inspection of coding.

“Our message to clients is leave it to the professionals,” Remsik says. “This is really a very specialized activity, and we just don’t think that internal staff would have the necessary knowledge to identify those security flaws. The risk is that certain areas just would not be looked at.”

PCI’s requirements include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, monitoring and testing networks and maintaining an information security policy.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Devika Girish / E-Commerce

Eight lesser-known uses of beacons for retailers

Beacons, which communicate with consumers’ smartphones, are most often used to welcome shoppers to stores ...

FPO

Mike Cassidy / E-Commerce

Back-to-school shopping knows no season

Shopping for school peaks during the summer, but it goes on all year long. While ...

Advertisement