January 7, 2016 •
For many the New Year represents a fresh start. However when it comes to information security, 2016 is expected to be more of an evolution than a revolution.
Nowhere is this more true than in the payments space, which continues to grapple with cybercrime and fraud in the midst of technology innovation.
The ability to effectively secure payment transactions—regardless of the means by which those transactions take place—is essential to maintaining a strong U.S. economy. The payments industry association boards I serve on, which include Electronic Transactions Association (ETA) and the Women's Network in Electronic Transactions (W.net), are comprised of individuals who are well aware of this fact.
As we move into 2016, my colleagues in the payments industry and I are following and influencing some important trends. Below are 3 trends specific to payment security.
In 2015 we saw the Federal Trade Commission (FTC) take a bigger role in payment card data breaches, directly penalizing businesses for lax security. In particular, the FTC emphasized that it does not consider validated PCI DSS compliance alone as proof that "reasonable security" measures were put in place by the business in question. For many businesses, "additional significant protections" are expected in order to ensure a strong security posture.
Through its Cybersecurity Information Sharing Act (CISA), the U.S. government wants to legislate its ability to share cybersecurity threat information with private businesses (as well as let them share amongst each other). A bi-partisan bill, CISA is favored on both sides of the political fence, but outside of Washington opinion is mixed surrounding its ability to protect consumers’ privacy while providing actionable information. Read my thoughts on CISA here.
Many businesses and the payment processors serving them found implementing EMV card-acceptance technology to be a major expense and focus in 2015. The value of EMV in helping prevent card-present fraud is unquestionable. However, all the attention on EMV prevented payments industry stakeholders from helping businesses better secure themselves.
This has been especially true for businesses who changed out their POS terminals. These businesses may have not been presented with the opportunity to harden their security.
If you are responsible for securing a business's POS network and the sensitive data that moves through it, then I caution you to be mindful of the above trends.
ControlScan can help with managing your organization's IT security and/or compliance with industry standards such as PCI or HIPAA/HITECH. Request more information or give us a call at 800-825-3301, ext. 2.
Subscribe to this blog for additional tips and webinar announcements.