International Challenges in PCI Security
- 20 November, 2008 09:15
- Comments
In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective.
In the process, companies tend to forget that PCI compliance has been a recipe for international indigestion.
"Remember that credit cards are used abroad, and many American companies have personnel handling credit card transactions in offices all over the world," says Bruce Larson, security director at American Water, a major water utility that employs more than 10,000 people. "If you have a multinational organization, your data is not just sitting in the US."
There may be some irony in hearing that from someone whose concerns are mostly based on security threats inside the US. Larsen has to worry about everything from cyberattacks targeting computerized water filtration systems to terrorists who might try to bomb pipelines or poison the water supply. He also loses sleep whenever there's the chance of a natural disaster.
The inconvenience of online, global commerce
But more people are using credit cards to pay the water bill online, and he knows the credit card data is floating around in databases outside the US. Losing any of that data could be a body blow in terms of public confidence. Then there's the fact that American Water does business with vendors across the globe.
"I have a very geographically distributed network -- more than 1,500 locations where humans work, 150-200 of those are critical operations facilities," Larson told attendees during a PCI security seminar in September.
For Harshul Joshi, director of IT-risk and advisory services at CBIZ and Mayer Hoffman McCann P.C. (MHM), a professional business services company, doing business internationally can make for a lot of confusion regarding the PCI security ground rules.
"When we deal with non-US companies, there is often confusion over what PCI security requires," Joshi says. "We work with one of the largest magazine publishers with operations around the globe and if you dial an 800 number, chances are you'll be talking to someone in a call center in Vietnam. You give your credit card number and it is recorded somewhere outside the US."
On the outside looking in
If a company is based outside the US -- in Sweden or Ukraine, for example -- the problem is usually a lack of communication and money regarding PCI security needs.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- OVUM Report: Governance Risk and Compliance-- GRC usage and buying trends in the ANZ markets
- Advanced Malware Exposed - How advanced malware, zero-day and targeted APT attacks are evading today's network defences
- Spear Phishing Attacks - Why they are successful and how to stop them
- Managing IBM License Complexity
- Magic Quadrant for Enterprise Disk-Based Backup/Recovery
-
China's Alibaba sees big growth with AliExpress site
-
Pfizer's Future Depends on IT Transformation
-
10 Tips for Dealing with a Bully Boss
-
Social networking security in the workplace
-
Facebook stock slumps for third day
-
Protecting Against the Leading Causes of Data Breach
This whitepaper was written for the organisation that wants to focus on prevention of data loss and doesn’t have millions to spend, but needs affordable solutions that can be implemented today to protect millions of sensitive records and dollars worth of intellectual property. This whitepaper addresses: - What organisations can do to prevent the four leading causes of data breaches - Why dedicated (pure-play) DLP solutions may not protect you from all four leading causes of data breaches - How to get prevent sensitive data leaving your organisation -
Why Hackers have Turned to Malicious JavaScript Attacks
Website attacks have become a serious business proposition. In the past, hackers may have infected websites to gain notoriety or just to prove they could—but today, it’s all about the money. Reaching unsuspecting users through the web is easy and effective. Hackers now use sophisticated techniques—like injecting inline JavaScript—to spread malware through the web. Learn about the threat of malicious JavaScript attacks, and how they work. Understand how cybercriminals make money with these types of attacks and why IT managers should be vigilant. -
Enterprise Buyers Guide for Printers
Every enterprise owns, and regularly replaces, printers, copiers, multifunctional products and fax machines. The problem most face is not too few choices, but too many. How do you even begin to select the right one? Here is the Computerworld guide to buying a printer for the enterprise.
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment