Trustwave have released a supplement to their 2011 Global Security Report on Payment Card Trends and Risks for Small Merchants report.
According to the report, Merchants fail to achieve PCI DSS compliance in several areas with the Top 6 being:
| 99.2% | Track / Monitor Network Access |
| 98.4% | Regularly Test Security |
| 97.5% | Maintain a Firewall |
| 95.1% | Maintain Internal Security Policies |
| 92.6% | Assign Unique User Ids |
| 90.9% | Develop Secure Systems and Applications |
The report states, “approximately 90% of compromises came from the Level 4 merchant space in 2010.” The PCI DSS categories a Level 4 merchants as a businesses that process less than 20,000 Visa e-commerce transactions annually, and all other merchants processing up to 1 million Visa transactions annually.
The top 5 Industry Sectors that experience a PCI DSS compromise are:
| 57.0% | Food and Beverage |
| 18.0% | Retail |
| 10.0% | Hospitality |
| 6.0% | Government |
| 6.0% | Financial |
Breaches occur in 5 specific areas with the majority occurring because of weaknesses in software:
| 75.0% | Software POS |
| 11.0% | Employee Workstation |
| 9.0% | e-commerce |
| 3.0% | Payment Processing |
| 2.0% | ATM |
The Report has the Top Five Areas where Merchants are Falling Short of Compliance as:
- Do you have written security policies and procedures that address the protection of paper with credit card numbers such as receipts and the physical security of your card processing device?
- Do you have a formal training program for all relevant employees that teaches them about security as it relates to credit cards, paper with credit card numbers on them and the devices that process credit card transactions?
- Do you or does anyone at your business log or record your customers’ credit card numbers in a computer, for example, in a back office computer, a laptop or financial application?
- Do you check your store or office for unauthorized wireless access points on at least a quarterly basis?
- Do you perform external (Internet) network vulnerability scans at least once per quarter?
Cost of non-compliance
Trustwave’s Report states “Fines have averaged $5,000 to $15,000 per card brand. We see forensic investigations start in the $10,000 to $15,000 range as well. Card re-issuance and fraud loss are dependent on the size of the breach. However, fines can vary greatly depending on a number of factors and can reach into the hundreds of thousands of dollars in some cases”.
Trustware www.trustwave.com
See the PCI Resources page for more details on PCI DSS
.
17/09/2013 at 10:06 am
Precisely what are some people’s experiences of employment advancement within
the security industry? I might at some point like to turn out
working in the police force and I’m pondering whether I could simply move directly into that or
check the waters with something lower. Has anyone began in basic security and eventually ended up working with the authorities?
LikeLike
19/09/2013 at 10:36 pm
Hi Matthew,
I have known people go from Police uniform to IT Security to the private sector, from Police IT to private sector, from Private Sector to Police IT…!
There are no hard an fast rules on the job but there are on the skills and knowledge required. I suggest you look at the right qualifications e.g. ISC2’s CISSP and some of the BCS courses.
Other than that try and get a foot on the ladder and work your way up by being exposed to real life security needs.
Good luck,
Brian
LikeLike