PCI Compliance

Your account data is a target!

PCI Security Standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder data.  The standards globally govern all merchants and organizations that store, process or transmit this data, and include specific requirements for software developers and manufacturers of applications and devices used in the transaction process. 

So how do criminals get the tools they need to steal payment card data?

Unfortunately, a number of tools designed to promote criminal activity can be found on the dark web, and criminals set up their own online communities to share data and information.

Additionally, card writers used to propagate payment card fraud can be readily purchased. Card-writing software can also be found in hacker communities, often for free download.

Common methods for monetizing stolen card data:

Skimmed full track data and transaction information used to replicate a physical payment card, which can then be used for fraudulent transactions in face-to-face environments, or ATM transactions
Captured cardholder data is used where card-not-present transactions are accepted, such as e-commerce or mail-order / telephone order (MO/TO) transactions
Stolen cardholder data and sensitive authentication data are sold in bulk to other criminals who perform their own fraud using the stolen data

Stolen payment card data is traded like a commodity, and its value can fluctuate according to market circumstances.

These are some of the top mistakes as revealed by forensic audits:

  • Weak or default passwords
  • Lack of employee education
  • Security deficiencies introduced by third parties
  • Slow self-detection
  • These are all basic security principles that, when properly implemented, can play a significant role in reducing the impact and severity of a breach.

 

PCI DSS and the other PCI security standards help provide a multi-layered approach to protect cardholder data, which includes people, process, and technology.

Think the next victim won’t be you? Contact Envoy today and learn how we can assist you in your data security compliance initiative!