July 5, 2005, 12:00 AM

New data-protection standard should require outside auditors

The joint data storage protection standards of MasterCard, Visa, American Express, and Discover should require outside auditors to validate whether medium- to large-size merchants are in compliance.

Kurt Peters

Executive Editor

The joint data storage protection standards of MasterCard, Visa, American Express, and Discover should require outside auditors to validate whether medium- to large-size merchants are in compliance, says Ivan Remsik, senior analyst at Forrester Research Inc.

The combined standards-the Payment Card Industry Data Security Standard, or PCI-outline what steps online merchants must take to protect customers’ confidential data, including credit card account numbers. Merchant acquirers and service providers that store, process or transmit cardholder data also must meet the standard.

The deadline for complying with the standards was June 30.

Under the standard, merchants must validate compliance either through internal or external audits of their data security. But Remsik says that most mid-size to large merchants don’t have internal auditors with the expertise needed to determine if a security system is in compliance. He notes that there are over 175 areas and 200 assessment tasks that the security assessor needs to review, including line by line inspection of coding.

“Our message to clients is leave it to the professionals,” Remsik says. “This is really a very specialized activity, and we just don’t think that internal staff would have the necessary knowledge to identify those security flaws. The risk is that certain areas just would not be looked at.”

PCI’s requirements include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, monitoring and testing networks and maintaining an information security policy.

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

Advertisement