Watch More


KRYPTON's Experts are often guest speakers in IT Security conferences around the world. Watch some of these talks here.

Subscribe To Our Newsletter




 

PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) compliance requires any organization that transmits, processes, or stores data that contains payment card information to protect the privacy and confidentiality of that data. These standards are basic steps for safeguarding data against credit card fraud, hacking, and other security issues that are specific to the payment card industry.

Such protective measures are crucial responsibilities for organizations. Both financial institutions and merchants that are non-compliant may face substantial fines and the threat of having payment card privileges revoked. The impact of such an event could threaten the very existence of a business. Each payment brand has its own set of compliance requirements for each of the entity classifications, and it is important to validate compliance with each.

Several trends have accelerated the need for PCI DSS compliance and payment security: banks as well as merchants of all types and sizes continue to experience data breaches. Companies that fall victim to these attacks may spend millions of dollars in fines and remediation costs, and suffer lost customer trust and long-term damage to their brands.

In November 2008, the networks of The Royal Bank of Scotland’s WorldPay were breached, allowing hackers to clone over 100 ATM cards and withdraw over $9 million dollars from machines in 49 cities in a span of less than 12 hours.

United States Federal Bureau of Investigation, November 2009

In May 2009, a leading issuer of credit cards, Merrick Bank, claimed it lost $16 million after as many as 40 million credit card accounts were compromised. Merrick Bank subsequently sued the IT firm that audited them prior to the hack for negligence. Although the firm claimed Merrick Bank was “compliant” with the standards, they were not “certified”.

SC Magazine, May 2009   

KRYPTON Security has been approved by the PCI Security Standards Council as a QSA (Qualified Security Assessor) since 2013, and is therefore validated to assess compliance to the PCI DSS standard. Please contact us for all your PCI-DSS related needs.