SearchSecurity.TechTarget.com recently reported on the PCI SSC (Payment Card Industry Security Standards Council) and their first annual PCI Community Meeting to discuss the changes made in PCI DSS 3.0 that affects merchants, ecommerce and retailers that deal with credit cardholder data.
In an interview with PCI SSC Gen. Manager Bob Russo and their CTO (Chief Technology Officer) Troy Leach, they highlight the most-discussed proposed changes at the meeting, including the pain points of PCI compliant hosting outsourcing and integrating with different vendors:
To that point, one of the areas we see failures is, for example, where a merchant will have good intentions to meet the requirements, but then they merge with another company, the professionals in charge of PCI change roles and new IT administrators and senior managers come in. All the while they don’t think anything has changed, but the necessary network monitoring activity is no longer being done, or more people than necessary have access to admin passwords that should have been revoked. – PCI SSC CTO, Troy Leach
Communication and strategic planning with the PCI requirement matrix is key to avoiding gaps in security. Organizations can still take advantage of outsourcing benefits, like reduced cost and system management time, but only if partnering with a client-focused PCI compliant host that clearly defines roles and responsibilities when it comes to compliance and data security.
