Background
On Inauguration Day 2009, Heartland Payment Systems (HPY) disclosed that it had been breached in 2008, exposing an unknown number of credit and debit card holders to potential fraud in what may be one of the largest data compromises to date.
Heartland maintains it was compliant with the Payment Card Industry Data Security Standard (PCI DSS). But since then, Visa has removed Heartland from its list of PCI compliant vendors and taken the public stance: "We've never seen anyone who was breached that was PCI compliant."
The Heartland security breach raises a serious question about organizations achieving PCI compliance, but still suffering a major breach: How does one attain and sustain PCI compliance?
If the PCI DSS checklist is mechanically followed and a merchant suffers a data security breach, it is still held responsible, faces large fines, suffers brand damage and may lose its ability to process credit card transactions. While checklists are useful tools, following them can lull one into a false sense of security. To rely solely on the PCI DSS checklists to secure cardholder data is similar to a pilot relying only on the pre-flight checklist before takeoff, then colliding with another plane during takeoff. A checklist is not enough.
In this webcast, we will discuss market trends, as well as myths and realities about PCI compliance. We then will examine how emerging technology solutions can provide continuous monitoring and assessment of change to critical files and settings to help merchants reduce the threat of security breaches -- and to allow quick detection and recovery if they do occur.