MACAU, June 13, 2014 /PRNewswire/ -- Corporations large and small are increasingly being threatened by security breaches. Whereas physical security is easy to understand, awareness of information security is still not where it needs to be. All over the world, financial institutions, e-commerce businesses and more have had credit card information stolen or leaked, resulting in massive damages to both their finances and reputations. Constantly evolving their tools and techniques, criminals are flourishing in the post-PC era. Businesses must step up their game to protect their customers and their customers' customers.
Just last month, a group of criminals managed to steal card numbers and PINs by installing malware on seven ATMs in Macau. The rapid development of technology has created an increasingly wide spectrum of vulnerabilities, even as low-level cardholder information siphoning is still happening regularly. This exemplifies the need for a better understanding of how payment cards are used and processed, and also the necessity for a stronger implementation of information security measures across the entire payment ecosystem.
Nexusguard Consulting CEO Ronald Pong says most security breaches that result in the leaking or theft of cardholder data is due to a lack of information security awareness among employees, lax authentication processes, loopholes caused by poorly integrated management processes, the lack of effective self-evaluation methods, exposure to malware in high-risk business environments, and the lack of a consistent assessment approach.
Organizations need to commit to combating cyber crime, because the situation is only going to get worse in the long term. Pong believes Macau businesses need to first understand the implications of credit card security, starting with PCI DSS 3.0 compliance.
PCI DSS 3.0 is the latest revision of the international standard for payment card security. The standard aims to protect cardholder data and regulate transaction security by laying out principles and best practices that organizations must follow when storing, processing and exchanging payment card data. Not only does it integrate many ISO standards, it also addresses practical challenges in real-world deployments. The new revision emphasizes information security awareness for all personnel involved in the payment chain, implementing security measures on a global scale while also factoring in practical business considerations.
Past incidents show that credit card theft is often preceded by DDoS attacks, which are often overlooked by businesses, Pong said. With the 2014 World Cup on the horizon, the e-commerce and entertainment industries are entering a period of high risk, which is why Nexusguard will be providing free DDoS risk assessment services to Macau businesses throughout June.
In an effort to educate local businesses on the importance of protecting cardholder information, the Macau Productivity and Technology Transfer Centre (CPTTM) and Office for Personal Data Protection (GPDP) has been collaborating closely with Nexusguard Consulting to raise information security awareness. Nexusguard Consulting has held multiple seminars and training sessions regarding PCI DSS compliance as a result of this collaboration.
May, 2014 - "Credit Card Payments in Mobile Apps: Customer Satisfaction and Opportunities" seminar during Privacy Week 2014
June, 2014 - "The Personal Data Personal Data Protection Act (PDPA) and PCI DSS" seminar
June and July, 2014 - "PCI DSS 3.0" management training sessions
About Nexusguard Consulting
Nexusguard Consulting is an Asia-based information security specialist company, delivering services that secure critical data, protect identities and help customers demonstrate ongoing compliance. Nexusguard Consulting is 100 percent product and vendor neutral. Our team has 15 years of experience in the information security industry, allowing them to provide customized, pragmatic solutions that help customers align information security risks with organizational risks.
Our Services include:
- Information security assessment services
- Regulatory and compliance consulting services
- Computer forensics litigation support services
- Payment Card Industry Data Security Standard audits
For more information, please visit www.nexusguard.com/ncl.
Benjamin Yip - Marketing Manager
Coco Li - PR & Event Executive
Ivy Wu - Marketing & PR Executive
SOURCE Nexusguard Consulting