Why a Firewall & Antivirus are not enough for PCI Compliance

When a company accepts a payment card from a customer, that data becomes a target for those seeking to exploit security holes in the company’s IT infrastructure. In order for companies to combat breach attempts they must use a multitude of different cybersecurity methods. One of the security standards that companies accepting payment cards must adhere to is the Payment Card Industry Data Security Standard (PCI-DSS).

Complying with the PCI-DSS standard may seem like a lot of effort and confusing as well. The entire PCI-DSS process is based around 12 requirements that encompass a wide variety of security controls. While many companies believe that deploying an antivirus solution and firewall are adequate controls, these alone are simply not enough. Threats can still penetrate these defenses.

Once a threat gets into a company’s network, it is open season on a business’s data which can include customer’s credit card information. There could be a much steeper price to pay than what it costs to put in place the necessary security controls. Not being compliant can lead to the misuse of compromised data that negatively affects consumers, merchants and financial institutions. It can also severely damage an enterprise’s reputation [1].

The direct benefit of compliance with the PCI-DSS is that company systems are more secure and customers trust the business with their sensitive payment card information. There are also benefits that being in compliance with PCI-DSS provides including that an organization will be better prepared to comply with other regulations. This in turn creates a more holistic corporate security strategy and efficiency in the IT infrastructure.

At a minimum, an enterprise needs to meet the 12 requirements set forth by PCI-DSS. However, in today’s environment of increasingly sophisticated attacks, companies must go well beyond simple compliance.

 [1] https://www.pcisecuritystandards.org/security_standards/why_comply.php

Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".