Every single day we hear of a new threat out there that means the end of privacy. This comes mostly in the form of social media. You hear the horror stories of how you are being tracked daily. Is this all just conspiracy theory insanity?
Well, the harsh reality of things is, no, it is not just a conspiracy theory. The dark web has more information about most of us than we do in our safety deposit boxes. So, if all the information necessary to steal a person’s identity is out there, then what is the point?
Convenience Came with a Price
That is where PCI (Payment Card Industry) comes in. PCI Standards are not just about protecting information, but also ensuring that information is being transferred from a valid, uncompromised source. To be breached is every security personnel’s worst nightmare, but it is worse to not even know about it. You ask yourself, how long have they been doing this? This was the case for many business owners prior to the creation of the PCI Security Standards Council.
The PCI Security Standards Council was formed in 2006 by the major credit card companies. They saw an issue that was beginning to become a serious problem. Identity theft was only part of the problem. People began doing online transactions more and more, which was great because more money was changing hands at a much faster rate. People could now buy that 70” TV without ever leaving the comfort of their own home. This came with a price. Cyber criminals quickly caught on that they did not need to steal a person’s identity entirely anymore. If they could just intercept the transaction, they had everything they needed to max out that credit card, transfer as much as they wanted, and do all the damage before the card holder, or the card company, even knew what hit them.
Keep Moving the Door, Keep Changing the Locks
So, the birth of the PCI Security Standards Council came to pass. These credit card companies joined forces to set up standards that anyone who wished to consume their services would have to follow. This was so important to them that even though they were direct competitors they all agreed to reject anyone who did not follow these standards. I cannot even begin to cover them in this little blog post, however, click my link below if you wish to see them. The most important thing to understand is that breaches do happen, even to the largest, most powerful companies. Cyber criminals are well-motivated, large in numbers, and have the luxury of only needing to locate/exploit a hole. This is not as easy for the IT Security Specialist who spends all day every day fending off the relentless attacks from an army of hackers that spend their whole lives doing just that.
Think about castle gates. They are reinforced with stone, thick wooden doors, and steel frames. One man with a pickaxe is never getting in, however, 100 men with a battering ram will break through eventually. How do we prevent this? Well, we keep moving the door. We keep changing the locks.
The Way of the Egyptians
This may seem like an oversimplification; however, you might be surprised about how accurate it really is. When I mention changing the locks, I do not necessarily mean change your password. There are heated debates on that topic and I will not dig into that here, you can decide if changing your password often is a benefit. What I am referring to is the encryption and access keys used to navigate the system. By encrypting the database even if an intruder got the information they would not know what to do with it. This is not a new concept, people have been doing this kind of thing since before the Egyptians.
In short, the reason the PCI Security Standards Council is so important is that it provides those IT Security Specialists the checklists to ensure that they are up to date and secure. It does not just stop with your certification though; the PCI Security Standards Council is there to constantly monitor and keep you informed on changes and risks in this digital market we live in.
“To improve is to change, so to be perfect is to have changed often.”