July 2013 Integrated Solutions For Retailers
Don’t Be A Target — Secure Your Payment Applications
Payment security is a responsibility shared by retailers, vendors, acquirers, and processors — all working to secure card data as it’s being accepted, processed, transmitted, and stored.
By Bob Russo, general manager, PCI Security Standards Council.
Recent industry reports underscore retail as the hottest target sector for stealing valuable payment card information. And according to Trustwave’s 2013 Global Security Report, 63% of the breaches investigated in 2012 were a result of security vulnerabilities introduced by a third party responsible for system support, development, and/or maintenance of business environments. Verizon noted similar findings in its recent breach report. These vulnerabilities often come by adding or reconfiguring a new system, new software, or through other integration failures. One seen most often is a very simple one — not changing factory default passwords in added system components — leaving you open to a vulnerability you may not even be aware exists.
At the PCI Council, we talk often about how payment security is a shared responsibility — that means those across the payment chain, from the retailers to the vendors to the acquirers and processors, all working together to secure card data as it’s being accepted, processed, transmitted, and stored. We also can’t emphasize enough the importance of people, process, and technology when it comes to building strong security programs to protect your data.