-
Does PCI-DSS really protect card holder data?
Does PCI-DSS really protect card holder data?
The ultimate target of PCI-DSS Compliancy controls is to protect card holder data or what they call it PAN (Primary account number).
Why does it focus highly in PAN? Simple answer, PAN is the direct required parameters to do offline transactions (card not present)!
PCI-DSS and other compliancy guidelines in banking industry focuses into set of controls to prevent mass data transfer outside organization premises, among those controls:
- Controlling access points in the networks (NAP)
- Preventing USB attached storage media
- Preventing DVD-CD Writers
- Preventing phone in such High Security Areas
- Encrypting data in storage and data in transit
- Preventing access to internet generally for any person engaged in dealing with PAN data for work purposes
- Segmenting networks and making proper boundaries between different security zones
- And more
Will those controls prevent data leakage when people intent focused into leaking data?
Those controls can provide very high percentage of protection from external attackers; while internal factors are still available in providing different vulnerability levels.
Definitely those controls will limit people ability; however they will not prevent data leakage with people intent to leak data out.
From my experience only good management to people, continuous faith building, and focus on ethics can provide well protected environment.
Honest staff with honest management in continuous dialog can lead to better and higher level of protection to customer data.
In short PCI-DSS and other compliancy guidelines are tools to limit data leakage and fraud, they are mandatory level of protection, while people management in an open communication environment with people can provide ultimate protection to customer data.
Published on January 16, 2012 · Filed under: Financial and Banking, PCI-DSS; Tagged as: Compliancy, PCI-DSS
9 Responses to “Does PCI-DSS really protect card holder data?”
-
bizzibiz said on January 20th, 2012 at 3:06 pm
I agree with your details , great post.
-
Hussain Al Yousif said on January 22nd, 2012 at 10:59 pm
Great job Sayed,
I totally agree with you, that whatever restrictions/controls you put in-place it will minimize the risk of data leakage however work ethics/professionalism is a major part of protecting “cardholder data” or in other words “customer data”.
Regards
Hussain -
Everman said on January 24th, 2012 at 2:23 pm
Hello.This post was extremely interesting, especially since I was looking for thoughts on this subject last Sunday.
-
Joel Stumfoll said on March 21st, 2012 at 11:05 pm
This is great, thanks a lot!
-
Saturnina Tedeschi said on April 12th, 2012 at 7:49 am
i seriously like this publish. thank you incredibly significantly for sharing. i seriously value it
-
Deon Gomm said on April 15th, 2012 at 12:59 am
This is an exceptional entry and I couldnt concur far more with what you have been creating about. Many thanks for this good share.
-
Herschel said on April 20th, 2012 at 5:54 am
This is my first time visiting your website, but I found a lot of interesting information. From the volume of comments on your posts, I guess I am not the only one! Keep the good work up.
-
JohnAdled said on April 21st, 2012 at 4:30 pm
Excellent post! Really loved it, havent seen an artice this good in a while.
-
hcg boost said on April 27th, 2012 at 5:19 pm
I appreciate you taking the time to create this info for readers at all like me to read. 🙂