Beyond Compliance: PCI DSS Boost to Overall Security
With major attacks affecting payment data from U.S. merchant giants like Target and Neiman Marcus, now is the time for commercial retailers worldwide to take a closer look at the security of their point-of-sale systems – or face the risk of becoming the next victims.
Target’s case alone exposed debit and credit card information from as many as 110 million customers, so there’s no wonder that the devastation of these attacks has prompted many retail businesses to review their compliance with Payment Card Industry Data Security Standards. It comes at a relevant time too, with the updated guidelines – PCI 3.0 – newly in effect.
It’s not just the requirement around AV solutions that demands control of administrative privileges – several other PCI features do as well. Requirement 7, for instance, states that merchants must restrict access to cardholder data by business need-to-know, meaning that access rights should be granted only to the amount of privileges required to perform the job, and no more.