Todd Feinman, 27 December 2018, PaymentsSource
Recently, around 500 million Marriott/Starwood hotel guests learned that their private information, including credit cards and passport numbers, were compromised by hackers. As consumers scramble to protect their financial well-being, questions linger around how these major breaches continue to happen, despite regulations and best practices that aim to protect sensitive information.
We have regulations like Payment Card Industry Data Security Standards to protect credit card data. PCI DSS mandates all organizations that accept, acquire, transmit, process or store cardholder data must take the appropriate steps to continuously safeguard sensitive data.
Yet, despite what we assume are dedicated efforts to protect customer’s personal information, hackers are finding the loopholes in businesses’ process and technology data protection life cycle. It happened with Target in 2013, the Home Depot in 2014, and many others since.
As part of the PCI DSS compliance process, the discovery, classification and management of sensitive data are closely monitored. These steps ensure broken business processes and technology gaps are identified and mitigated. The most successful PCI DSS security compliance processes begin with the discovery or identification of locations containing sensitive information and then secure all stored cardholder data as well as encrypt the transmission of cardholder data across open, public networks.
For businesses to achieve PCI DSS compliance and safer credit card practices, they must remain highly focused on a data-centric approach to protecting data. Next generation solutions for ensuring compliance must classify data and reduce the footprint while ensuring the right people have access.
Businesses realize that they need to become more proactive and vigilant as consumers suffer the consequences of another major data breach. With the appropriate processes and technology, they can ensure that their customer information is safe.
Next-generation security solutions help meet compliance requirements by leveraging automatic discovery and classification of cardholder data within unstructured files and structured databases across traditional networks, cloud implementations and virtual environments.
As we all learn from the latest data breach, we need to keep data classification and protection top of mind when planning security investment. Knowing your sensitive data helps prioritize resources and knowing what systems and repositories contain cardholder information.
This article was licensed through Dow Jones Direct.