Leveraging your PCI DSS investment for GDPR White Paper
This white paper addresses how organizations who have implemented smart PCI DSS (Payment Card Industry Data Security Standard) programs can leverage their investment within their GDPR program. It starts by examining the potential impact PCI DSS is, and is not, having in addressing card payment fraud. It then takes a detailed dive reviewing fraud in the UK, where PCI DSS has been widely adopted, to attempt to analyse PCI DSS’s impact. Next it measures this impact against other fraud detection efforts combating card losses once cardholder data has been breached. It then investigates where cardholder breaches are still being perpetrated to determine the effectiveness of PCI DSS in protecting card account data. Finally with this understanding the paper then looks at how the lessons learned within PCI DSS can be applied to GDPR in order to minimize an organization’s cost and risks….
DataDivider article for PCI London
Many merchants have found that their MOTO is the Achilles heel of their PCI programme.
Graham Thompson reports
Many merchants having successfully descoped their organisations from PCI DSS with P2PE (point-to-point encryption) for bricks and mortar and tokenisation for e-commerce have discovered that the Achilles heel of their PCI programme is their MOTO (Mail Order Telephone Order) payments. Suddenly, from the simple act of agents and/or back-office staff typing sensitive credit card data into their desktops, they bring these and
their corporate networks back into PCI scope. Until recently, options have been limited to address the
challenges of telephone, snail mail, fax, email and chat payments.