Why PCI Compliance is Not Enough Security
Guest blog provided by business technology expert Carl Mazzanti
The Titanic was compliant. Yet, half of the passengers lost their lives because there weren’t enough lifeboats. Remarkably, the White Star Line, the operator of the ship, actually provided more lifeboat capacity than was required by the current laws.
The problem was that the lifeboat regulations, which had not changed since 1894 didn’t account for larger ships. When the regulations were written, the largest passenger ship under consideration was less than one quarter of the weight of the Titanic.
Target, another giant, was hit with a massive data breach just two months after being certified as PCI compliant. Clearly, PCI compliance does not guarantee watertight data security. It may provide some protection from liability, but unfortunately it also gives executives a false sense of security.
Retail data security threats continue to increase. PCI compliance cannot guarantee that a business will not suffer a loss of data or loss of business from a data security breach. Data thieves are organized and well-funded experts that uncover and exploit vulnerabilities in networks and software. Standards bodies take years to develop new standards, making the standards incomplete or even obsolete when they are issued.
A growing point of weakness in retail data security is their wireless networks. Almost a necessity, wireless networks provide the kind of omni-channel experience current shoppers expect. Our firm has a close relationship with a company that provides outstanding small business wireless network security technology.
WatchGuard Technologies data security solutions are the first to allow users to deploy and manage both wired and wireless network security through a single appliance in a single view. One of their red boxes will do a good job of beefing up your wireless security.
Leading up to the Titanic tragedy, the executives overruled the engineers who had recommended more lifeboats. What can retailers do to protect their customers’ and company sensitive information? Your best approach is to partner with an IT security expert who can assess your current vulnerabilities and update your protection beyond PCI compliance.
What are your retail data security questions and concerns? Contact eMazzanti Technologies or call Carl Mazzanti at 201-360-4400 for answers.