We often get asked: If an organization has passed its payment card industry (PCI) compliance requirements for accepting credit cards, is there really a need for more security and compliance?
The answer is: Yes. Complying with PCE requirements is not sufficient. While the PCI architecture and requirements heavily overlap with network security issues, a network security audit is going to take a deeper look into how you utilize the technology you own. Most businesses typically need to conduct a network security audit at the same time that they conduct a PCI audit.
The PCI regulations have gone a long way toward making every business that accepts credit cards become more secure. It’s a threat to the payment industry to have unsecured businesses responsible for millions in fraudulent charges. A good network security audit at the same time as your PCI audit typically provides for a balanced scale when weighing security and functionality.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.