24 October 2016


Retired Member

1,975Posts 6,434,029Views 2,303Comments

PCI Compliance: not just a tick box exercise

24 February 2014  |  2620 views  |  0

Verizon recently released its latest PCI Compliance report, which highlighted that businesses are starting to realise the benefits of compliance. It seems that many of the companies that suffered breaches over the last year were PCI compliant at the time of the breach, which emphasises that being compliant is not necessarily going to ensure security. This begs the questions, what else can be done?

As this universe of user identities and access points is growing exponentially, protecting critical company assets against unauthorised access, while maintaining compliance, is becoming increasingly challenging for organisations. Big Identity Data (BID) generated from these access relationships can be used to provision smarter IAM, eliminating audit pains and identifying potential access risks, before they have turned into a real threat for the organisation.

As threats are increasing, companies also need to move beyond the out-of-date mindset of periodically, and manually, reviewing access risk every three, six or twelve months. New security processes are required to ensure that financial service organisations and banks do not lose control over sensitive, private information. It can never be a tick box exercise, as the standard is protecting extremely valuable data.

An outdated approach to managing access to sensitive data exposes financial organisations to significant risk from hackers and other security threats, as there’s no real time view into how this information is being accessed and used. Instead of relying on manual compliance to keep up with regulatory changes, as so many banks do, modern financial organisations need to consider automated systems in order to avoid policy and regulatory non-compliance in the modern work environment. 

Certain facts are hard to contest and sadly reading about the latest data breach has become part of daily life. E-criminals are using more sophisticated techniques that look for loopholes in IT and security systems. It’s critical that companies address these by installing effective mechanisms that allow them to constantly analyse access risk in almost real time and alert IT teams of any abnormal activities that breach internal security policies and compliance standards.

There’s more valuable data online than ever before, with more users accessing it. Yet security is still not at the top of every bank’s agenda. Security culture should be embedded in a financial organisation’s DNA to protect sensitive information. Access rights need to be reviewed not just on a quarterly basis, but constantly, to assure that organisations can efficiently and accurately provision, identify and minimise risks, whilst maintaining continuous compliance.


Comments: (0)

Comment on this story (membership required)

Latest posts from Retired

Fintech innovation in the B2B space has only just begun

12 September 2016  |  10630 views  |  1 comments | recomends Recommends 0 TagsPaymentsInnovation

Protecting Data with DLP

23 August 2016  |  5035 views  |  0 comments | recomends Recommends 0 TagsSecurityBrexit

How to end what ails online commerce

22 August 2016  |  4590 views  |  2 comments | recomends Recommends 0 TagsPaymentsTransaction banking

What internet retailers need to know about Google’s recent webspam report

08 August 2016  |  8286 views  |  0 comments | recomends Recommends 0 TagsPayments

Modelling fixed income: Why realtime analytics are key

29 July 2016  |  5262 views  |  0 comments | recomends Recommends 0 TagsPost-trade & ops

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Hardeep Singh
Ketharaman Swaminathan
Graham Seel
Gerard Hergenroeder
Konstantin Rabin
Matt Schofield
Anna Robert
Ian Davis
Steve Patel
Aparty Behera
Karim Maalouf