2. How does compliance with the four Payment Card Industry (PCI)
Standards help an e-Commerce company manage IT security risks?
A hack on credit bureau Equifax in September of 2017 exposed personal
data of 143 million
...
2. How does compliance with the four Payment Card Industry (PCI)
Standards help an e-Commerce company manage IT security risks?
A hack on credit bureau Equifax in September of 2017 exposed personal
data of 143 million customers, including 209,000 credit card
details (Krishna, 2017).
Compliance risk is the potential for losses and legal penalties due to
failure to comply with laws or regulations (Spacey, 2015,). Because of
possible leadership mistakes, companies which completely want to follow
with the law still have compliance risks. Since the inception of the Payment
Card Industry Data Security Standard (PCI DSS), compliance with PCI DSS
has steadily increased among organizations that store, process, and
transmit cardholder data (Maintaining PCI DSS Compliance Special Interest
Group PCI Security Standards Council, 2019). The growth in PCI
implementation can be credited probably to a better understanding of the
rules, developments in card brand enforcement services and requirements
and a general rise in PCI development. Regardless of these advances,
statistics indicate that PCI implementation still remains the main
responsibility of most of the organizations.
The Payment Card Industry Data Security Standard (PCI DSS) was
developed to encourage and enhance cardholder data security and
facilitate the broad adoption of consistent data security measures globally
(PCI Security Standards Council 2018, May). All payment card processing
companies including retailers, manufacturers, buyers, lender, and service
companies are affected by PCI standards. Companies are hacked every day
where some lead to data breaches and critical data exfiltration. We need to
introduce a rigorous security awareness method with up to date material
with the most recent infringement changes.
Organization looks to the program for overall responsibility to ensure the
selection and implementation of appropriate security controls and to
demonstrate the effectiveness of satisfying their stated security
requirements (National Institute of Standards and Technology, 2006). We
need to first realize that protecting cardholder information is the main role
of the PCI DSS. PCI DSS offers a minimum number of credit card
information protection standards. A connection exists between companies
that are up-to-date with PCI guidelines and companies that effectively
protect themselves ag
[Show More]