OREM, Utah, April 6, 2021 /PRNewswire/ -- Businesses face many cyber risks, threats, and vulnerabilities. Securing payment data and other sensitive information is an ongoing battle. The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 to help businesses protect payment data, and compliance to the PCI DSS is an industry requirement for any company that accepts major credit cards.
Businesses must be more diligent about complying with the PCI DSS because cybercriminals continue to update their tactics and add resources to their efforts. Noncompliance increases the risk of compromise, and according to SecurityMetrics forensic research data, none of the compromised companies for which they provided remediation services were fully PCI DSS compliant at the time of compromise. Issues like skipping vulnerability scans and penetration testing (PCI DSS requirement 11) continue to plague businesses, with 62% of investigated breaches being directly related.
The PCI Guide is an ongoing, collaborative effort, with recommendations and original research from the SecurityMetrics Audit, Penetration Testing, Forensics, Support, and Executive teams.
Audit Director, Matt Halbleib (CISSP, CISA, QSA), said "We publish our guide to give businesses of all sizes a tool to understand and organize their PCI compliance efforts. Maintaining PCI compliance in an environment-specific way helps businesses protect their data, detect breaches, and keep cybercriminals off their network."
The 2021 PCI DSS Guide has been updated to include:
Insight into what to expect for PCI DSS 4.0
Tips for applying the PCI DSS in a cloud environment
Information on e-commerce attacks including iFrame hacks
Interactive IT checklists for each requirement
Brand new PCI compliance customer data
Tips and experiences from PCI Auditors (QSAs)
"Businesses who utilize the Guide to PCI DSS Compliance can better organize their compliance efforts and understand the way PCI compliance requirements affect cybersecurity. On top of that, the PCI Guide is a great training tool when assigning new resources to your PCI compliance effort," said SecurityMetrics VP of Assessments Gary Glover (CISSP, CISA, QSA.)
About SecurityMetrics SecurityMetrics helps customers close data security and compliance gaps to avoid data breaches. They provide managed data security services and are certified to help customers achieve the highest data security and compliance standards.
As an Approved Scanning Vendor, Qualified Security Assessor, Certified Forensic Investigator, and Managed Security provider SecurityMetrics guides organizations through data security testing and compliance mandates (PCI, HIPAA, GDPR, HITRUST). With over 15 years of forensic investigations, penetration testing, vulnerability assessments, and compliance audits, SecurityMetrics has tested over 1 million systems for vulnerabilities. The privately held company is headquartered in Orem, Utah where it maintains a Security Operations Center (SOC) and 24/7 multilingual technical support.