 "RSA Pushes For PCI DSS Compliance")
The Payment Card Industry’s (PCI) Data Security Standard (DSS) may be a well known directive in US and European geographies, but in places like India, the awareness levels are fairly low and concerned entities need to be exposed to this standard more in order to drive adoption.
Hence, in a bid to push the case for DSS compliance and emphasise on the importance of data and information security in plastic card based transactions, RSA, the security division of EMC recently held an event in Mumbai.
PCI DSS 1.1 is the latest version of the standard developed by PCI Security Standards Council. The standard is designed to help facilitate adoption of consistent data security measures on a global scale. It provisions a unified security standard and governs the safekeeping of cardholder information throughout the transaction process.
The initiative comes in as a response to the growing instances of consumer card data theft and data security breaches which more often than not result in fraudulent acts and other financially motivated crimes. The standard applies to all the entities involved in transactions including merchants, service providers such as banks that store, process or transmit cardholder account.
“Given the tremendous increase in e-commerce and the number of plastic card users in the APAC region, it is important that consumers, merchants and financial institutions realise the importance of data security. Companies handling consumer credit card data now face unprecedented levels of accountability for securing customer information. By following the standardised, industry-wide procedures of PCI DSS 1.1, organisations can ensure the protection of their customer’s data,” commented David Howell, senior manager, PCI Solutions at RSA.
Lending his perspective on the Indian scenario, Amuleek Bijral, country manager, RSA said, “There is a lot that needs to be done in terms of generating awareness about the standard. Despite being conscious of the risks associated with customer data theft and information security compromises, majority of the entities in India remain unaware of the standard. This is a fairly dangerous scenario which can be abused by those with malicious intents.”
Some of the requirements in the updated version of the PCI DSS standard include, maintaining secure networks, protection of cardholder data through encryption and strong access control measures, software design and other such critical protective measures.
“Compliance with the newly announced version of the DSS standard can boost customer confidence and safeguard the reputation of organisations. Businesses also stand to gain insulation from financial losses and remediation costs in instances where confidential customer data is compromised,” concluded Howell.