Many businesses are familiar with the PCI Security Standards Council’s requirements, yet many card fraud incidents go undiscovered for long periods of time. In fact, according to Verizon’s 2009 Data Breach Investigations Report, 75% of compromises were discovered at least weeks after the compromise.
Data security is not all about prevention; it also requires detection and monitoring. In the event of a breach or card fraud, proper monitoring can detect and eliminate additional fraud quickly. Thus, with the holiday season in full swing, it’s a great time to reconsider your company’s log management and monitoring. Consider the following tips:
1. Ensure your organization keeps timely, accurate, and unaltered records of what has taken place within the cardholder data environment (who, what, when, and how) to protect it in the event of a data compromise and resulting investigation.
2. Monitoring also can include physical surveillance. Closed-circuit monitoring of POS terminals can detect suspicious or fraudulent behavior.
3. Even when you are at your busiest, you simply cannot afford to overlook monitoring as a primary detector of card fraud and the trigger to eliminating ongoing criminal activity.
Bob Russo General Manager PCI Security Standards Council Wakefield, Mass.