International Challenges in PCI Security

Bill Brenner (CSO Online)
20 November, 2008 09:15
Comments

Page:

1
2
3
next >

In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective.

In the process, companies tend to forget that PCI compliance has been a recipe for international indigestion.

"Remember that credit cards are used abroad, and many American companies have personnel handling credit card transactions in offices all over the world," says Bruce Larson, security director at American Water, a major water utility that employs more than 10,000 people. "If you have a multinational organization, your data is not just sitting in the US."

There may be some irony in hearing that from someone whose concerns are mostly based on security threats inside the US. Larsen has to worry about everything from cyberattacks targeting computerized water filtration systems to terrorists who might try to bomb pipelines or poison the water supply. He also loses sleep whenever there's the chance of a natural disaster.

The inconvenience of online, global commerce

But more people are using credit cards to pay the water bill online, and he knows the credit card data is floating around in databases outside the US. Losing any of that data could be a body blow in terms of public confidence. Then there's the fact that American Water does business with vendors across the globe.

"I have a very geographically distributed network -- more than 1,500 locations where humans work, 150-200 of those are critical operations facilities," Larson told attendees during a PCI security seminar in September.

For Harshul Joshi, director of IT-risk and advisory services at CBIZ and Mayer Hoffman McCann P.C. (MHM), a professional business services company, doing business internationally can make for a lot of confusion regarding the PCI security ground rules.

"When we deal with non-US companies, there is often confusion over what PCI security requires," Joshi says. "We work with one of the largest magazine publishers with operations around the globe and if you dial an 800 number, chances are you'll be talking to someone in a call center in Vietnam. You give your credit card number and it is recorded somewhere outside the US."

On the outside looking in

If a company is based outside the US -- in Sweden or Ukraine, for example -- the problem is usually a lack of communication and money regarding PCI security needs.

Page:

1
2
3
next >

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"{A friend linked me to this resource."

The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."

Apple and Google disagree over licensing of essential patents
"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch

Tags: pci standard

Latest Blog Posts

Whitepapers

Data Deduplication Strategy Guide
Data deduplication articles include: Data deduplication for SMEs: what to look out for; Reducing storage bloat; Buyers’ guide; Choosing the right deduplication method and Deduplication technology aids data storage.

Learn more »
Better Insights and Alignment with Business Intelligence and Scorecards
Business Intelligence systems have been helping organizations improve performance by providing better insights, better decisions and faster actions. Key Performance Indicators, or KPI’s, are measures with targets that help manage business and individual performance. Scorecards help organizations define strategy, identify goals and objectives, achieve alignment and monitor performance in context of business goals and objectives.

Learn more »
Consolidation Without Compromise
Virtualization of computer, storage and infrastructure is enabling the transformation of enterprise datacentres into private clouds. The impact is an unprecedented ability to consolidate infrastructure without compromise: no change to service level agreements (SLAs), no loss of performance or scale, and no regression in the organisation’s overall security posture. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

IDC Whitepaper: Next Generation Firewall - Enabling New Security Strategies

The firewall market has traditionally been a staple, yet, mature market within the security space with little innovation being introduced. However, with the rapid change in the technology and threat ...

Recent comments

"{A friend linked me to this resource."
The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."
Apple and Google disagree over licensing of essential patents
"As are ours."
Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."
FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."
QLD govt demands answers after pay glitch

HP and IDG news, product videos and resources

Follow CIO

Market Place

Application Lifecycle Management Zone - Whitepapers | Videos | Events | e-books | Case Studies and more. Visit the Zone

Improving Storage Efficiencies with Data Deduplication and Compression - Download free resource

How does Gartner rank ALM providers? Download the analysis report

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

International Challenges in PCI Security

The inconvenience of online, global commerce

On the outside looking in

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Internode, iiNet improve results in customer satisfaction survey

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

Apple and Google disagree over licensing of essential patents

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

IDC Whitepaper: Next Generation Firewall - Enabling New Security Strategies

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses