Why all the Breaches when AIS/CISP/PCI has been around since 2001/02!!

Sep 09, 2014

This is September 2014 and the Card brands attempt at bringing security requirements to the marketplace to prevent fraud is not progressing very well!!

Why? In my opinion because the AIS/CISP/PCI requirements have been poorly implemented, monitored and enforced. Only a few in the level one category are regularly assessed and monitored and they still get compromised! After 12 to 13 years of being in place, if every single merchant and service provider had been put through this program on an annual basis as the program lays out - we would most likely be in a pro-active phase of fraud protection rather than the growing reactive phase of...Oh, NO not again!

Consistent security education and training of every staff member in an organization from the smallest to the largest will get our industry into proactive protection.

The bottom line is not so much all the money that is being put into the hands of criminals but our national security. Cyberterrorism is a threat I would like to protect my children and grandchildren from.

So what can you do? Hire a security professional to do an overall security risk assessment for your organization and see how you stand up. Take the security professionals recommendations and begin to implement the remediation starting with your highest level risks and move through until you plug every hole. At the same time, make sure that all your staff is trained on social engineering and how to prevent it.

Assure that your IT staff is trained and up to date on best security practises and has the resources to keep your systems secured in as close to real time as you can. Hire an outside security professional or team wot work with your internal teams to regularly assess systems and help you identify any holes your internal team might miss! The human element is one of the if not THE biggest risk factor in security compromise.

Don't wait for a breach to happen before you get proactive. Put a strategy in place now to get and maintain your security on every level within your organization. Once security becomes a part of your culture it is much easier and less expensive to maintain.

May 05.14 | Study: Post-breach, 30 percent of consumers would take business elsewhere. Source: Danielle Walker SC Mag

read more

Jun 10.13 | How to Tell if a Cell Phone Is Being Monitored - By Abaigeal Quinn, eHow Contributor

read more

Jan 28.13 | Visa credit card system crashed Monday afternoon, leaving Canadians to reach for their billfolds.

read more

Jan 18.13 | 10 Facts: Secure Java For Business Use by Mathew J. Schwartz

read more

May 16.12 | Done deal: Blackbaud, Convio begin as one company

After months of regulatory scrutiny prolonged its merger with a former rival, the Daniel Island software company and Convio, which also sells fund-raising technology to nonprofits, are now officially one.
read more

May 02.12 | Oracle won’t patch four-year-old zero-day in TNS listener - Stephanie Wright

Oracle won’t patch four-year-old zero-day in TNS listener. Welcome to just hoping no one notices??? read more

Oct 11.11 | Why are Businesses Failing to Comply with PCI DSS?

read more

Jun 07.11 | Insider's view into Web application abuse: 5 phases of an attack

Insider's view into Web application abuse: 5 phases of an attack read more

Mar 15.11 | Japan Hit by huge Quake and Tsunami Donate: and

Japan devastated by huge Quake and Tsunami Donate: and read more