The security and compliance company, RandomStorm, acquired by Accumuli Security in December 2014, has achieved global Approved Scanning Vendor status from the Payment Card Industry (PCI) Security Standards Council, for an eighth year.
Formed by Visa, Mastercard, American Express, JCB and Discover Financial Services, the Payment Card Industry Security Standards Council sets international security guidelines for any company that processes, stores, or transmits customers’ payment card details. Merchants face financial penalties if they do not adhere to the guidelines and payment card security is then affected by a breach within their network. Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) was introduced in November 2013.
To preserve their ability to process online payments, merchants must do regular security audits of their payment infrastructure, to test that customers’ payment card details are adequately protected from fraud and theft. Vulnerability scans of merchants’ internet facing environments must be carried out each quarter, and whenever there have been significant changes, by Approved Scanning Vendors
PCI DSS 3.0 recognises that the security status of merchants’ networks changes daily and that security is everyone’s responsibility, including employees and third party service providers. The latest version of the standard calls for better security awareness and education; better password security; greater scrutiny of service providers’ security measures and more flexibility to prioritise network log reviews based on the risk management profile of businesses. Requirement 11 of the Standard reminds merchants that they need to continuously monitor network assets and must perform internal and external scans after any significant change in the network and whenever a new risk to the card data environment is identified.
Jon Inns, Director of Product Management, Accumuli, said: “The biggest risk to an organisation’s IT security is complacency. Owing to the rapid evolution of cyber threats, merchants can no longer rely on quarterly audits to mitigate the risk to their payment card environment. Therefore, there is a greater requirement for PCI approved security specialists who can assist merchants by scrutinising their payment card environment and performing gap analyses to identify where their card data environment might be vulnerable to newly identified threats.”
