If 2014 will be remembered as the “year of the breach,” then 2015 is shaping up nicely to become the “year of the Service Provider.” Two especially high-profile breaches—Target and Home Depot—both originated with the theft of network credentials from third party vendors. You may be working hard to protect your network, but are your service providers?
Third-party service providers that can impact the security of your customers’ payment card data are especially worrisome. These are companies that store, process or transmit cardholder data on your behalf, or manage components in your card data environment like routers, firewalls, databases or even the physical security of your facilities. They are an attractive target for attacks, because they are a funneling point for lots of card data and because they often mistakenly consider themselves outside the scope of industry standards such as the PCI DSS.
You can protect your business and your customers today by taking these steps:
- Identify your third-party service providers (as well as any vendor that has access to your network) and document the services they provide your business as well as the kind of access they have.
- Maintain written agreements with all third-party service providers that can access, store, process or transmit cardholder data or other sensitive customer information on your business’s behalf. The agreement should acknowledge that the service provider is subject to, and will maintain, all applicable data security and privacy standards.
- Require that all areas of your business make security- and compliance-related specifications a critical component when evaluating a potential service provider.
The bottom line is it’s up to you to ensure that your service providers are taking security and compliance seriously! Learn more about service providers and the PCI DSS here.
Interested in learning more? Click here to request information or give us a call at 800-825-3301, ext. 2. We are happy to help.