Payment Card Industry Data Security Standards (PCI DSS)

What is PCI DSS?

Payment Card Industry Data Security Standards impact a large number of organizations, but the regulatory laws are particularly apparent in sectors like retail, financial services. The PCI DSS is such a far-reaching standard that an entire industry has been built around processing user data at the point of sale, moving it between sources and storing it for retailers and other commercial organizations. Companies in any of the aforementioned sectors face strict operational requirements mandated by the PCI DSS, and one of those issues is the need to protect data from physical access.

Why do PCI DSS regulations matter?

The PCI DSS guidelines mandate that organizations prevent unauthorized individuals from viewing or accessing payment card data or other sensitive information. Consumer data can be used for phishing scams, to commit payment card fraud or otherwise harm individuals. As such, any organization that handles a large amount of consumer data becomes a target. Logical protection methods like anti-malware and network monitoring are incredibly powerful and can keep hackers at bay. However, data thieves that fail to access information through such means may turn to physical access to servers. Finding a way to break into a facility or get a disgruntled employee to assist in a theft is sometimes easier than hacking into systems.

Considering access control to comply with PCI DSS

Imagine you work in IT for a bank. You are constantly managing the configuration to make sure hackers can’t get in. You even have white-hat hackers testing your system. Then, one day, all of these efforts come to naught when an unhappy employee sneaks into a secluded part of the data center, accesses a system he/she isn’t allowed to work with, grabs a hard disk with customer data and walks out with sensitive data to sell to hackers or competitors.

After the event, the data loss is recognized, and the information is recovered from a backup system, but all of that data is now in public hands and you are facing an investigation from the Payment Card Industry Data Security Council to see if you followed PCI DSS correctly. You’d be facing a huge fine, not to mention the need to pay for credit card monitoring for affected customers and reputation-related damages.

This is exactly the kind of problem that access control systems are meant to prevent. Digitus Biometrics features a full suite of both building and server cabinet access control solutions that make it easy for organizations to control movement in their facilities and ensure compliance with PCI DSS.