History and Status of the PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was created in response to the rapid growth of credit card transactions in the 1990s causing thousands of small companies to start storing credit card data and processing consumer transactions on unprotected networks.  Since many of these small businesses didn’t know how to properly secure these credit card transactions, it also led to a rapid increase in data theft and a growing concern from banks and credit card companies about ways to protect their brand and consumer accounts. In an effort to resolve the growing concern around payment card fraud and cybercrime in general, industry leaders such as Visa, MasterCard, and American Express got together and created a global security standard to protect online card payments.

The PCI DSS standard was established to set basic guidelines and requirements around how businesses must create a safer cardholder data environment, using basic requirements to drive minimum requirements around security that would lead to more secure business systems. As the standard evolved and procedures more refined, PCI DSS became an internationally accepted standard for all merchants and service providers.

PCI DSS History

PCI DSS was introduced in December 2004, after Visa and other brands had introduced their own standards.  These brand-specific standards weren’t well received by merchants and service providers, since these were small companies that didn’t need the confusion of multiple standards.

Continue reading “History and Status of the PCI DSS”

The Future of Risk, Compliance, and Governance (GRC)

 

After two years of a global pandemic, mature organizations must implement a Risk, Compliance, and Governance (GRC) program that provides visibility into existing and emerging risks, helps simplify the understanding and communication of risks across the business, provides actionable risk intelligence to decision makers, and ensures an agile response to unknown threats. This is the path forward if a business wants to thrive in today’s highly unsettled business environment.

As businesses look forward to what new threats exist, they find themselves asking what is the next major risk event that they should be prepared to respond to or geopolitical event that will immediately impact their business strategy. We can always predict the next event, or how successful our response will be to minimize the business impact, but we can prepare for the worst and hope for the best, and that requires some basic preparation.

Risks are Connected

With the interconnected nature of modern business systems, you have to understand that everything is interconnected today.  The intersection of systems, people, various projects, organizations, and risks among cybersecurity, third-party teams, compliance efforts, operational risks continue to be more complex and difficult to quantify as systems get more complex and interconnected in the future. You cannot look at these risks as isolated to specific systems or personnel, but as all interrelated and connected to provide a complete risk picture. Continue reading “The Future of Risk, Compliance, and Governance (GRC)”