In today’s economy, almost nothing is more important for businesses than safe and secure payment transactions. We often get asked this fundamental question: If an organization has passed its Payment Card Industry (PCI) compliance requirements for accepting credit cards, is there really a need for additional security and compliance? The answer is yes!
While the PCI architecture and requirements heavily overlap network security issues, it is vital to have your own network security audit to assess current cybersecurity policies and the assets your network can deploy to identify any vulnerabilities that put your customers and your business at risk of a security breach. Basically, a network security audit is going to take a deeper look into how you utilize the technology you own. Most businesses typically need to conduct a network security audit at the same time they conduct a PCI audit.
The PCI regulations have gone a long way toward making every business that accepts credit cards become more secure – it’s a threat to the payments industry to have unsecured businesses responsible for millions in fraudulent charges. A good network security audit at the same time as your PCI audit typically provides for a balanced scale when weighing security and functionality.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.