The Payment Card Industry Data Security Standard (PCI DSS) through the five major credit card companies set up to guide the operators to keep, treat or credit card information and direction to create a safe environment for the transfer operations. The goal was to help retailers to identify and correct problems before hackers can exploit them.

The question becomes: is the PCI DSS is sufficient to do so?

Burglary is a dangerous thing for both merchants and consumers. The negative impact on a consumer to lose their personal data should be clear. The effects of major and sellers can equally painful. Implications for an operator can steer the notification requirements, loss of reputation, loss of customers, financial liabilities and, of course, including litigation.

As for security offenses are analyzed after-the-fact, there are a number of common weaknesses that allowed unauthorized access. This included the conservation of magnetic> The amount of data, inadequate access controls around poorly installed POS systems, default passwords still in effect, unnecessary or vulnerable services are still in force, not coded Web applications, security patches are missing or not updated, no sign no controls, and lack of segmentation of the network.

The good news is that the PCI DSS solves all these problems. If you have PCI compliance will be possible, in theory, takes care of these weaknesses and implemented securitynecessary for the cardholder data on your system and the protection of transit. If you live, it has also granted a safe haven for the species if they are still violated.

Wait a minute. Still broken? But there was compliance with PCI DSS to prevent the possibility? If you still can be compromised, then what is the point of spending all the money, resources and time becomes the norm?

In recent times we have an example of this problem. A chain of grocery stores inEast Coast has suffered a fracture, and thousands of credit card numbers were stolen. The fight is bad, but not as bad as some of the other crimes that have made news. So what was the big problem here?

The Big Deal is that this chain of stores has been validated by PCI DSS. Things would be safe. They were met and that compliance was monitored. So what happened?

Immediately, the questions are: is the PCI DSS is sufficient to protect sensitiveinformation? What will be the Payment Card Industry, which makes all the studies show that they had carefully followed the criteria of sound? The will of the PCI Security Standards Council to provide a safe haven, or tell you that chain grocery stores have had to meet the requirements for entering an era when the war ended, and therefore the integrity of compliance with PCI DSS ? The retail chain has really left their compliance with the standards begin to slip?

It was not until the final results ofstudy to find many answers. There are still many things that can be learned.

The first is in answer to the question of the title. Yes, PCI DSS is enough … combat the problems listed above. It's a good thing? Yes, these are problems that a lot of problems in the past and care for them is the first step towards greater security.

And as for example the grocery store? How can you keep a stringthroughout the year, when other issues demand your attention?

A popular choice these days, the removal of PCI DSS compliance measures the organization's responsibility. Outsourcing the management of payments needs is a way to ensure that personal information stored with a company that is well positioned to maintain a strict adherence to the PCI DSS.

So PCI DSS is enough? The answer seems to be yes and no. Simplystart building a strong security. No, it is sufficient if they are not maintained. Seems that routine maintenance is as important as the initial respect.