Wednesday, August 29, 2018
In response to rising cyberattacks against small and midsize merchants, the PCI Security Standards Council (PCI SSC) unveiled the PCI Data Security Essentials Evaluation Tool on Aug. 28, 2018. Council members said the solution is designed to simplify security for small business owners.
Citing Verizon's 2018 Data Breach Investigation Report, the council said small and midsize merchants accounted for 61 percent of all data breaches in 2017, underscoring a need for better educational resources and tools to help protect consumer payment card data.
Troy Leach, PCI SSC chief technology officer, said business owners need payment methods that satisfy customers and protect credit data environments. The new evaluation tool and updated PCI Data Security Essentials Resources for Small Merchants can help merchants improve protections and assess security services and infrastructures, he noted. "Additionally, the PCI Data Security Essentials Resources provide the right questions to ask their payment partners to have a dialogue on payment security," he said. "That conversation can only improve a small business owner's understanding of proper payment security."
Leach said a collection of updated, downloadable guides can be found on the Merchant Resource Page of the PCI SSC's website, including Guide to Safe Payments, Common Payment Systems, Questions to Ask Your Vendors, Glossary of Payment and Information Security Terms, Data Security Essentials Evaluation Tool and new PCI Firewall Basics infographic. These resources can help protect small businesses and consumers from current and evolving threats, he stated.
The PCI Small Merchant Taskforce, established in 2015, assigned a diverse group of experts to craft the new evaluation tool and updated resources. "From global payment security experts, to merchant associations and merchant banks working directly with small businesses, each member of the taskforce brings their own perspective and expertise to help small merchants address threats in an approachable and effective manner," said Taskforce co-chair Michael Christodoulides, Barclaycard third party risk manager, payment security product.
"The PCI Data Security Essentials Evaluation Tool is the result of an ongoing, collaborative effort between the PCI SSC and representatives from a diverse set of organizations around the globe, including ControlScan," added Chris Bucolo, vice president, market strategy at ControlScan Inc. "The ultimate goal is to remove the barriers that keep small merchants from successfully completing their self-assessment questionnaires. At the same time, we are striving to educate these merchants so that they can achieve a strong security posture."
Leach said the taskforce drew from its collective payment security and small merchant expertise to create the resources. In a blog post titled "Threats Facing Small Merchants: A New Tool to Help," he wrote, "Small merchants tend to rely heavily on third party partners to install the payment software and ongoing management of their solutions. Those third parties may or may not be aware of the need for good security practices or familiar themselves with how to implement controls such as those found in the PCI Data Security Standard (PCI DSS)."
For copies of the updated guides, visit www.pcisecuritystandards.org/merchants/#rfsm
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.