Home » Is Being Compliant the Same as Being Secure?

Is Being PCI DSS Compliant the Same as Being Secure?

Is Being Compliant the Same as Being Secure?

I was reading a study published by Javelin the other day, and a few details really stood out to me.

“The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters.” (Al Pascual, Senior Vice President, Research Director and Head of Fraud with Javelin Strategy & Research)

One of the implications of this statement is that fraudsters are being even more aggressive and looking for data, all kinds of data. While being PCI DSS compliant at any given point in time may seem comforting, the reality is the fight is ongoing, and it will take a higher level of diligence to not have you or your customers impacted.

How Safe Are We

The study included a frightening statistic that really emphasized current security issues.

“16.7 million Americans were victims last year, up from 15.4 million last year, the previous high.”

These are only the confirmed victims, not those with compromised information that hasn’t been used yet.

It’s Not Just Card Data

Just as sobering was the fact that the fraudsters aren’t just looking for card data.

“Large-scale compromise of existing non-card accounts in 2017 was clearly facilitated by poor controls as fraudsters capitalize on weak authentication.”

Even in the card data arena, the focus is changing.

“Card not present fraud is now 81 percent more likely than Point of Sale (POS) fraud.”

As card present counterfeit fighting capabilities improve with chip cards, the fight starts to shift online.

Compliance is the Wrong Goal

These types of statistics make it clear that the goal of being “compliant” is too small. Being PCI DSS compliant does not equal being secure. To combat these issues, organizations will need to adopt a “security first” mindset and approach, as opposed to the “finish line” approach.

Is there a silver bullet out there? Unfortunately, no.

As with most things that can be complex, it is about being diligent. Part of the answer is to always review your readiness. It also means leveraging key tools and expertise to help minimize exposure.

Are You “Security First”?

A “security first” approach can be hard, as many organizations have IT staff that are already stretched thin and aren’t able to make security their primary focus. Understandably, their role has been to focus the majority of their efforts on keeping your organization’s systems and technology running.

Advanced Security Package: A Strong Step

At Wind River Financial, we see a need to help our clients by bringing a “security first” approach. It is for this reason that we engaged with Trustwave and put together the Advanced Security Package (ASP) as strong steps toward this goal. It is too important not to take these steps.

The benefits of partnering with us and going down this path are many. It allows us to provide tools and capabilities that not only reduce your risk but save you time and money.

It’s Not Always Good to Wait

If you have not yet heard about the Advanced Security Package, you will soon. Our goal for 2018 is to reach out to every customer in order to help them in this endeavor.

This isn’t something that can wait. If you have not been contacted yet, feel free to read the details of ASP and then contact your Relationship Manager.

We look forward to helping you become “Security First.”

4 comments

Leave a Reply