Merchants who depend on a once-a-year Payment Card Industry (PCI) compliance assessment to expose security risks may be whistling in the dark .
Because of the nature of online threats , the task of PCI compliance has evolved into an evergreen, every-day due diligence process to identify and stop security intrusions.
Some merchants may still have a “set and forget” PCI compliance mentality. They unintentionally leave themselves open to potential losses through a variety of situations. Some common risks include:
Failure to anticipate new exposures – The introduction of anything new into a payment environment can mean new vulnerabilities that hackers could exploit. One example would be a merchant migrating from the use of an analog phone line for credit authorizations to the use of an internet protocol. The merchant’s network is now exposed to the risk of malware intercepting authorizations, especially if data encryption and tokenization are not used. Similar risks can also occur when changing from a point-of-sale terminal to third-party software.
Failure to monitor security controls – Cybersecurity is now is at a completely different level than it was even a few years ago. It is a competition where fraudsters do X and merchants must do Y to counter them, with no end in sight. In addition to the daily risks of intrusions from hackers, should malware be introduced it can reside in a network for long periods before it is finally discovered.
Failure to integrate security processes companywide -- Companies who failed to integrate security processes across their multiple operations leave themselves open to serious potential damage. In addition to cyber risks, there is still the possibility of offline security breaches such as customer data located in physical files being stolen or misused by disgruntled employees.
To avoid such losses, periodic assessments, on-going sampling, and company-wide controls should be the cornerstones of every firm’s on-going PCI compliance initiatives . Other steps should include:
PNC Merchant Services provides access to tools and information to help you protect your business from outside security threats, and have developed a wide range of payment processing solutions designed for specific industries. To learn more, click here.
Merchant Services provided by PNC Merchant Services Company and are subject to credit approval. PNC Merchant Services is a registered trademark of The PNC Financial Services Group, Inc.
We have tools to help you bank when and where you want.Mobile Apps Directory »
Be part of our inclusive culture that strives for excellence and rewards talent.Visit PNC Careers »
The PNC Financial Services Group, Inc. All rights reserved.