Earlier this month, during the busiest shopping time of the year, it was announced by Target that the company was the victim of a prolonged security breach that affected at least 45 million credit card numbers. The exact nature of the attack is still unknown, but it is considered one of the biggest retail credit card breaches in history.
In the aftermath of the attack, many security experts have speculated as to how such an attack could be possible. One article from CRN spoke with several security experts to examine how the complexities of PCI compliance could have played a role.
According to Rick Doten, the chief information security officer at Digital Management, one of the biggest takeaways is the evidence that a massive breach is survivable.
"I'm not surprised to see another large credit card breach; they will continue to happen because the impact is not a large one to the business," Doten said. "Being PCI-compliant doesn't make you secure, it only protects you from the lawsuits."
Graham Cluley, a U.K.-based independent security analyst, added that merchants need to make sure their entire network is secured and all systems—software, data storage, USB sticks, web access—is monitored.
This highlights the need for merchants to not only be aware of all aspects of PCI compliance, but also have a larger vision. With the help of a payment solution provider that specializes in security protocols, any organization can add a new layer of security.