Red Clay Renovations susceptible to PCI-DSS Standard Critique Discussion

/in /by

Larry,

Red Clay Renovations is susceptible to the PCI-DSS standard as the company accepts credit card payments for services. The PCI standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data (PCI Security Standards Council, 2010). Maintaining customer payment security is detrimental in the business and transaction aspect of an organization. In 2014, it was reported that 16.31 billion dollars lost to payment card fraud (SolarWinds, 2019). Some of the information that could be extracted from a organization or payment system that does not comply with PCI DSS are address, credit card types and numbers, home address, cell phone numbers and even social security numbers. A combination of this data in an attackers hands will lead to identity theft and payment card fraud.

PCI has 6 general requirements, that are segmented, to be within the standard. These steps are basic security steps. Simply put, these 6 requirements are (ITGovernance, 2019):

  1. Build and maintain a secure network and systems
  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  1. Protect cardholder data
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, Public networks
  1. Maintain a vulnerability management program
  • Protect all systems against malware
  • Develop and maintain secure systems and applications
  1. Implement strong access control measures
  • Restrict access to cardholder data by business need to know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
  1. Regularly monitor and test networks
  • Track and monitor all access to network resources and cardholder data
  1. Maintain an information security policy
  • Maintain a policy that addresses information security for all personnel

Since Red Clay Renovations deals in the collection, processing, management, and storage of personal information of its clients it must comply with these simple standards. These are baseline requirements for these standards so the organization should look to build and strengthen this standard (SolarWinds, 2019). Failure to comply with PCI DSS will lead to a fine. Overall PCI DSS is the global data security standard that requires basic best security practices.