|
MaaS360.com
Our Blog
|
Chat with us
|
Try MaaS360
|
Request a Demo
|
Customer Login
|
|
WhitePaper
Extending PCI Compliance to the Mobile Workforce: How to implement security best practices for mobile and remote computers
The headlines are scary: "47.5 million credit and debit-card numbers were stolen from TJX Companies." "Hannaford Brothers Companies data breach results in 2,000 cases of known fraud." "GE Money mishap could affect 650,000 J.C. Penney customers." Millions of people have already received notice that their personal and financial information might have been compromised. These and other instances of security breaches of merchants' payment card systems have led industry leaders to take action to help prevent even more occurrences and huge financial losses due to theft and fraud. As a first step, the Payment Card Industry (PCI) Security Standards Council developed an explicit Data Security Standard (DSS) which outlines the minimum controls necessary to protect the system components that support cardholder data environments. As a second and equally important step, the Council added teeth to the security standard by enforcing it through regular audits and assessments conducted by authorized agencies. The controls outlined in the 12 requirements of PCI DSS specifically address system components - the pointof- sale devices, servers, network, applications and storage - that support cardholder data environments. Consequently, this is the network segment that organizations focus on when devising, implementing, maintaining and assessing their security controls. But there's a wrinkle in that approach that can lead to gaps in security: sensitive customer-identifiable data that originates from the cardholder data environment is increasingly showing up on unprotected mobile and remote computers. Now, organizations are facing a new challenge: how to extend PCI compliance and security best practices to notebook computers and other mobile devices. 
|
RelatedContent
|
Follow
Be a Fan
Read our Blog
