CREDIT CARD NEWS
Advertising Disclosure
Credit-Land.com is an independent, advertising-supported web site. Credit-Land.com receives compensation from many credit card issuers whose offers appear on our site. Compensation from our advertising partners impacts how and where their products appear on our site, including, for example, the order in which they may appear within review lists. Credit-Land.com has not reviewed all available credit card offers in the marketplace.
Credit Card Applications » News » Other » Virtualization adapted for credit card security

Virtualization adapted for credit card security

November 12, 2010
Add to Favorites:

Online credit card transactions are all set to function in virtual environments. Security levels would be increased while taking virtualization into account (as per the second edition) states a release of the Payment Card Industry Data Security Standard. As per the standard it is mandatory for organizations that handle payment card data to follow minimum security standards in order to process card transactions. Based on the size of an organization, the annual compliance validation processes are handled internally or externally by certain Qualified Security Assessors who are independent.

The PCI DSS system components (2.2.1) now hold virtualized systems, with compliance details in relation to the virtual environs. There were merchants, auditors, financial institutions, etc who were part of the PCI Special Interest Group and would help in the better understanding of how the standard would be affected due to other environments.

While there are minor changes in the document, adopting approaches to mitigate vulnerability (approaches that are risk based), scoping of the (PCI) assessments, as well as detailing on secure application coding standards are all included. There should be no new issues from the 2.0 version, however organizations must consider the implications of the standard that is to be implemented.

The lesson that is learnt from past experiences is simple. Investing in controls in order to address PCI provides a wonderful opportunity in improving the overall security. PCI has provided enough awareness with regard to data security risks and thus made a positive impact where there have been heavy investments in the processes as well as technology with regard to data security.

Though the release cycle of the new PCI DSS has been between 2 to 3 years, the security standards do not risk redundancy before the upgrading, stated Kane Lightower, Regional Sales Director, Imperva. He also stated that the standard would enforce a benchmark in security that would be minimum and refuted claims of it becoming a hacker's play book.

Lightower also stated that the security should not be based entirely on the compliance by the respective organizations. He also stated that while compliance had matured much more, Australia's has no data breach disclosure laws and that meant that there were more leniencies. Since the data breaches and the consequences in Australia weren't as high as that of the U.S., pressure for compliance were not as strong. As per a recent report (from Verizon Business), it was found that only a mere 22% of the organizations that had been surveyed were completely PCI DSS compliant.

Add to Favorites:
Get the latest news, articles and expert advice delivered to your inbox. It's FREE.