IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

How to Reduce Security Risks Associated with Storing Credit Card Data


By: Mark Johnson
2010-03-08
Article Rating:starstarstarstarstar / 4


There are  user comments on this IT Security & Network Security News & Reviews story.



  Table of Contents:
  1. How to Reduce Security Risks Associated with Storing Credit Card Data
  2. Company Reputation and Financial Stability Risks
  3. Reducing Risks and Costs of Sensitive Data Storage

Companies that store credit card data expose themselves to a great deal of risk, whether they want to or not. If a risk assessment process is implemented, then the risks and exposures are identified. A plan can be put into place to help reduce or minimize a data breach attempt. As Knowledge Center contributor Mark Johnson explains here, to remove the risks associated with storing credit card data, companies are turning to trusted third parties who have demonstrated data security as a core competency.

How to Reduce Security Risks Associated with Storing Credit Card Data
( Page 1 of 3 )

Companies that follow best practices in data security have a risk assessment program. As outlined by the United States General Accounting Office (GAO), risk assessments "provide a basis for establishing appropriate policies and selecting cost-effective techniques to implement these policies. Since risks and threats change over time, it is important that organizations periodically reassess risks and reconsider the appropriateness and effectiveness of the policies and controls they have selected." When a company decides to store specific data, they inherently accept the risk by doing so—whether the company wants to or not.

If the data that a company stores happens to be credit card data (or more general, payment card data including the account number), then there are regulations, guidelines and even significant risks associated with this type of data. Companies that store such data, or have a third party storing it on their behalf, fall under the scope of the Payment Card Industry Data Security Standard (PCI DSS). This standard specifically states that "the Primary Account Number (PAN) is the defining factor in the applicability of PCI DSS requirements. If a PAN is not stored, processed, or transmitted, the PCI DSS does not apply."

Reasons for data storage risks

So why are there significant risks involved with storing this data? It is because of the resulting ease and inappropriate use of such data if it were to be exposed or breached. According to Visa, hackers are looking for software that stores sensitive cardholder data as well as personal information to perpetrate identity theft. Hackers are also looking to track data and payment account numbers. By having the data in its possession, a company increases the possibility of and exposure to malicious activity against the company's data repositories.

Moreover, it also doesn't matter the size of a company storing this possibly exposed data to the risks of hacker activities. Although data breaches resulted in the largest number of compromised accounts, small Level 4 merchants (those processing less than 20,000 e-commerce transactions annually) account for more than 85 percent of all compromised events. There is no immunity to any company in the hacker community. It's the data that is the main target of malicious activity.








 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Mark Johnson
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Start the New Year with business intelligence—it’s a smart move

Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.

Click Here

Brought to you by
eweek digital

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
 
APPLY FOR A FREE 
SUBSCRIPTION BELOW:
>Try digital eWEEK
>Renew today
>Subscription help
>More FREE Subscriptions
First Name:Last Name:
Title:Company:
Address:City:
State:Zip Code:
Email:
Issue Index | Contact Us | About | Advertise | Magazine Customer Service | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 11