Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Visa's top risk official has defended payment industry security guidelines, but also called on organisations to invest in constant monitoring, information sharing and new technology -- while not letting the sour economy get in the way of security spending. "Recent rumblings about the demise of the [Payment Card Industry Data Security Standard] are not only premature, they are dangerous to long-term security," Ellen Richey, Visa's chief enterprise risk officer, said during her keynote address at the Visa Security Summit in Washington, D.C. "Despite recent negative commentary, the PCI DSS remains an effective security tool when implemented properly. Simply put, it is the best defense against data theft available today."At the start of her talk, Richey referred to Heartland Payment Systems, which disclosed a monster breach in January. She told attendees to consider this an exception, not the rule.The New Jersey payment processor had been validated as PCI DSS-compliant when hackers installed data-sniffing malware on the company's internal network. This resulted in some industry observers questioning the effectiveness of the guidelines. Visa later pulled Heartland from its list of PCI DSS-approved service providers."I'm sure everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," she said, according to a transcript of her speech. "The fact is, it never should have...As we've all read, [Heartland] had validated PCI compliance. But it was the lack of ongoing vigilance in maintaining compliance that left the company vulnerable to attack."Richey told the audience that the country's current dismal financial state may pose more of a threat to payment security than hackers. She called on the audience to "increase our presence as educators and advocates for data security.""If we cannot convey the urgent need to maintain investments in payment security -- particularly in today's environment -- years of progress in building consumer trust could slip through our fingers," she said.In addition, she urged businesses to provide ways that customers can protect themselves from fraud. Law enforcement, processors, legislators and merchants, meanwhile, must increase their levels of information sharing.Finally, Richey said investment must be made in new payment authentication measures, such as chip technology, so that the data criminals may steal becomes worthless. She mentioned measures being taken at financial institutions such as Fifth Third Bank, which uses unique magnetic stripes that can be used to verify the identity of the card being used.Avivah Litan, vice president and distinguished analyst at Gartner, said it was important to hear that Richey realises the challenge of securing data will require new technology and an upgrade of the payment system to include things such as end-to-end encryption."I was glad to see Visa so progressive to admit they have to move beyond the PCI security standard, even though she didn't say that explicitly," Litan, who hosted a panel at the event, told SCMagazineUS.com.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.