Skip to main content

Data is the New Currency

September 26, 2018

In today’s digital world, data is currency. Nowhere does this phenomenon show itself more clearly than in the world of payment transactions. Payment forms have taken a variety of identities from mobile pay, cryptocurrency, stored transactions, in-app transactions, money transfer apps, etc. And, yes, credit cards are still used, albeit with a few new features such as chip and pin number. 

This payment data, combined with other consumer information, has become the lifeblood for businesses wishing to make informed decisions about what to sell, who to sell it to, where to sell it and how. The requirement for securing payment transactions has become so much more than preventing financial theft. Payment security from beginning to end becomes necessary to enable consumers to comfortably operate in a digital ecosystem, enable businesses to rely on their information to make intelligent business decisions and to protect privacy and intellectual property. Transaction security enables digital prosperity, and a new evolution is needed in how we think about payment security. 

Beginning in the late 1990s, it became apparent that information security standards were necessary to protect credit card holder information. By 2004 the five major card brands and some of the best and brightest in the cyber security industry got together to form the first Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle branded credit cards from the major card schemes. This was a foundational moment for the security industry and business, and it drove (and continues to drive) the majority of information security spending in the retail, travel and hospitality sectors. Were it not for this collaborative effort and the continuous updates to the standard, the newsworthy breaches we read about today would be a daily occurrence and confidence in our digital payment infrastructure probably wouldn’t exist. The PCI standard gave us a well-defined series of controls and made them a minimum expectation for securing a credit card transaction. We’re all in better shape because this standard exists. 

Other, perhaps less well-known standards to those outside of the cyber security industry have also come together to improve our posture when it comes to payment security. Examples would include the Payment Card Industry PIN Transaction Security (PCI PTS), Payment Card Industry Payment Application Data Security Standards (PCI PA-DSS), Europay, Mastercard, Visa (EMV), Point to Point Encryption (P2PE) and other technical, engineering and regulatory standards. 

These standards are necessary and continue to drive innovation in payment security, yet we in the cyber security industry still find ourselves struggling to prevent breaches, we still find ourselves defending our budgets against the daily news cycle and our business environments are changing rapidly. We have to evolve our approach from simply being compliant with standards (which is necessary and good), to securing payment transactions from start to finish.   

In the white paper, Building a Secure Payment Lifecycle, Optiv expands upon the 12 Payment Card Industry Data Security Standard (PCI DSS) requirements, and it describes additional considerations that influence merchants’ ability to attain not only compliance but also solve top payment security challenges.


    J.R. Cunningham

By: J.R. Cunningham

VP, Product Management

See More

Related Blogs

March 07, 2018

PCI Compliance Every Day – Requirement 4

In this latest post of my Payment Card Industry Data Security Standard (PCI DSS) compliance blog series, we will explore Requirement 4 of the standard...

See Details

December 08, 2017

PCI Requirement Changes Coming in 2018

The end of 2017 is quickly approaching, and we thought we should remind you of the PCI requirement changes that are coming next year. Some of these de...

See Details

May 10, 2017

PCI Compliance Every Day

The title of this post sounds daunting, does it not? However, achieving PCI compliance every day is not as daunting as you might think. With the relea...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.