Business Insurance

Login  |  Register Subscribe



cbVid =

Judy Greenwald

Credit card council releases cyber risk mitigation guidance

August 11, 2014 - 2:06pm

Credit Card Cyber Risk Mitigation


The payment card industry’s regulatory organization has issued guidance to help merchants and others reduce credit card security risks.

Businesses are rapidly adopting a third-party operations model that can put payment data at risk, the Wakefield, Massachusetts-based PCI Security Standards Council L.L.C. said Thursday in a statement.

It said the guidance will help organizations and their business partners reduce this risk by better understanding their respective roles in securing card data.

It said the guidance developed by a PCI special interest group of 160 organizations including merchants, banks and third-party service providers provides recommendations for meeting the PCI data security standard requirement to ensure payment data and systems entrusted to third parties are maintained in a “secure and compliant manner.”

Most retailers are complying with this standard, says an expert.

PCI said the guidance includes recommendations on how to:

• Conduct due diligence and risk assessment when engaging third-party service providers to help organizations understand the services provided and how the PCI data security standard requirements will be met by those services.

• Implement a consistent process for engaging third parties that includes setting expectations, establishing a communications plan, and mapping third-party services and responsibilities to applicable PCI data security standard requirements.

• Develop appropriate agreements, policies and procedures with third-party service providers that includes considerations for the most common issues that arise in this type of relationship.

• Implement an ongoing process for maintaining and managing third-party relationships throughout the lifetime of the engagement, including the development of a robust monitoring program.

View the "Third-Party Security Assurance Information Supplement."

 



Get our weekly Specialty Risks newsletter
  •  



You may also want to visit

Business Risks

Cyber Risks

Risk Management