Common Points of PCI Compliance Failure

With all the security issues facing businesses today, there has been an increase in articles offering advice on how to maintain security in this very challenging environment. The Payment Card Data Security Standard, a set of compliance regulations applying to every business that accepts, processes, stores or transmits credit card data, can be confusing. Daniel Humphries, managing editor of IT security at Software Advice, a company that reviews IT security software,  interviewed me recently for his article on “How to Avoid the Seven Deadly Sins of PCI DSS Failure.” Daniel did an outstanding job identifying where businesses most often fail a PCI audit and goes on to offer advice as to how to avoid those mistakes. Here’s the list:

Seven Deadly Sins
1. No Network Segmentation
2. Inadequate Access Controls
3. Sloppy Logging and Monitoring
4. Feeble Firewalls and Rotten Routers
5. Errors of Encryption
6. Really Dumb Passwords
7. Dubious Drafts of Documents

I recommend that anyone dealing with implementing PCI compliance regulations to read the entire article.