Why Identity and credit card theft drives regulatory compliance
Identity and credit card theft are becoming increasingly major problems for organisations to deal with year over year. These types of criminal activity have predated the Internet, with the ironic truth that tools which are designed to improve business efficiency also make criminal activity more convenient and efficient.
High-tech criminals and increasingly criminal organisations have discovered that the Internet provides perfect ground to set up moneymaking activities. Criminals now no longer have two put themselves at risk by breaking into buildings and having to be physically present to commit a crime. These high-tech criminals range from pyjama wearing Coke drinking teenagers to organised sophisticated criminal organisations with an incredible amount of technology and large troops of security experts to execute their bidding.
Events in the news like Sony’s PlayStation network being compromised in May 2011 leaking credit card and personal information seems to be becoming more common year after year. Official statistics provide us with an alarming number of successful recorded attacks which range from 40 – 50 million in the US alone in 2010. One should also consider that most attacks never get recorded and are kept secret by organisations seeking to save face and avoid a tarnished reputation.
Criminals every day are getting more creative designing exploits to secretly penetrate organisations and steal information.
The fact of the matter is that with the age of the Internet and digital computing, sensitive information assets have never been more at risk. Today even common attacks which have been utilised over many years are still effective when used against organisations which have an ineffective security management in place, or in most cases don’t have any security management in place.
One should consider that millions of people join the Internet every day to conduct business or make personal purchases; this means that more companies are storing more data which makes it more important than ever for credit card companies, banks, companies and governments to ensure that the proper security controls are in place to protect financial and personal information being stored by organisations.
Today there are quite a number of laws and regulations which companies have to comply with which and have become increasingly popular over the last 10 years. Depending on the company’s industry and how it does business effects which regulation they have to comply with. Examples of regulatory compliance include: Gramm-Leach Bliley Act of 1999 (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standards (DSS), and other regulatory mandates including privacy, or a combination. Some of the above regulations are laws and others are not, for example unlike SOX or HIPAA, the PCI DSS is not a law, non-compliance in the case of PCI will not land you in prison however penalties for non-compliance include having your merchant status removed or large fines. Depending on how a Company does business losing the ability to process credit cards could be extremely damaging and often fatal to the success of the business.
No matter what size organization you are it is important and good business to understand if you have to comply to regulations applicable to your business but more importantly it is critical that you understand how your information assets are being protected compared to best practices today.
Copyright – Security Bastion.com