Outdated equipment, lack of compliance, mobile puts PCI at risk
A recent study revealed alarming trends in outdated equipment use and lack of compliance among businesses, putting both consumers and merchants at risk of security breaches. According to the research firm responsible for compiling the report, storing unencrypted credit card data is an all-too-common practice, and worse, many merchants don't have a way to eliminate sensitive information from unprotected records.
As electronic mediums become the preferred methods of payment in both online commerce as well as point-of-sale purchases, it is up to businesses to ensure that they are operating recent hardware that runs on the latest SSL certificates to reduce the threat of data interception by a malicious source. According to Info Security, recently developed technologies, including data discovery, threat monitoring and advanced malware prevention tools like SSL certificates, are all important steps to reach data protection standards.
The emergence of mobile payment
The widespread use of smartphones capable of carrying out online transactions, plus new technologies like near field communications (NFC) have further complicated the ways in which sensitive data is transmitted. According to Juniper Research, global mobile payment transactions are expected to rise to more than $1.3 trillion by 2017, a fourfold increase over a five year period. The Payment Card Industry (PCI) Standards Council recommends security of a payment transaction, security of the mobile device, and security of the payment acceptance solution as fundamental steps toward achieving mobile transaction security.
"It is challenging to demonstrate a high level of confidence in the security of sensitive financial data in devices that were designed for other consumer purposes," said Troy Leach of the PCI Security Standards Council, "which is why we encourage merchants to consider encrypting cardholder data securely prior to using mobile devices to process transactions."