Providing market research reports, industry analysis, company profiles and country reports for strategic planning, competitive intelligence, marketing and business research.
Search for Market Research Reports:    

Understanding How PCI-Compliant Companies Can Be Breached

Published by: Javelin Strategy & Research

Published: Jun. 1, 2009 - 49 Pages


Table of Contents


Overview

Primary Questions

Key Findings

Methodology

Is PCI Effective?

PCI and Data Breaches

History

Myth: PCI-Compliant Companies Cannot Be Breached

Compliance Does Not Equal Security

Has a PCI-Compliant Company Ever Been Breached?

How do PCI Compliant Companies Become Non-Compliant?

New QSA Review Process

Prioritized Compliance: Mitigating Risk Faster

What Regulations Are Most Often Found to be Out-of-Compliance at Breached PCI-Certified Firms?

Requirement 10 in Detail: Logging

Requirement 6 in Detail: Web Applications

Requirement 3 in Detail: To Store or Not to Store PAN Data

When PAN Data Must Be Stored

Hashing

Emerging Technology

Tokenization

End to End (E2E) Encryption: Evolving Beyond Point to Point (P2P)

Chip and PIN

PCI Compliance in a Post-Heartland World

Glossary

Appendix A: PCI DSS

Appendix B: PCI SSC's Risk-based Milestones

Appendix C: Merchant, Processor and Services Levels Defined

Appendix D: Certified QSA, PA-QSA, ASV

Appendix E: Assessments

Appendix F: Fraud Victims React by Avoiding Merchants

Related Research

Companies Mentioned

Table of Figures

Figure 1: Top Ten Largest Publicly Reported Security Breaches

Figure 2: PCI Compliance by Merchant Level July 2007 to March 2009

Figure 3: Six Milestones Defined

Figure 4: Individual Card Requirements

Figure 5: The Most Common Requirements Not Met by Previously PCI-Certified Firms

Figure 6: Detail of PCI DSS Requirement 10

Figure 7: Detail of PCI DSS Requirement 6.5

Figure 8: Detail of PCI DSS Requirement 3.4

Figure 9: Examples of Alternatives to Obscuring PAN Data for Storage

Figure 10: Tokenization

Figure 11: Point-To-Point Encryption

Figure 12: End-To-End Encryption

Figure 13: PCI DSS "Digital Dozen"

Figure 14: Milestone One Mapping

Figure 15: Milestone Two Mapping

Figure 16: Milestone Three Mapping

Figure 17: Milestone Four Mapping

Figure 18: Milestone Five Mapping

Figure 19: Milestone Six Mapping

Figure 20: Merchant Levels Defined by Card Brand

Figure 21: Processor or Service Provider Definitions and Requirements

Figure 22: Merchant Level Certification Requirements by Card Company

Figure 23: How to Find Certified QSAs, PA-QSAs, ASVs

Figure 24: Self-Assessment Forms for Levels 2-4

Figure 25: Victims’ Responses to Identity Fraud

Abstract

The Payment Card Industry Data Security Standard (PCI DSS) raises the high water mark for data security. But there's a persistent myth that PCI compliance equals security. The reality is that PCI is only a baseline, and one that needs to be monitored constantly as the threat landscape changes. In the months following what may be the largest the data breach in U.S. history at Heartland Payment Systems®, many people are wondering if PCI is effective. In response, the PCI Security Standards Council has released new guidance around risk-based compliance and Qualified Security Assessor (QSA) reviews and remediation. But will these be enough to calm the concerns that merchants have with PCI? This report includes an update of PCI, an overview of emerging technologies, and lessons learned from the Heartland breach. Hashing, tokenization, end-to-end encryption, and Chip and PIN are covered in depth.

Primary Questions
  • Does PCI compliance equal security?
  • Which are the most common requirements not met by previously PCI-certified firms?
  • What has been learned about the Heartland breach?
  • How can merchants store PAN data without violating PCI?
  • What are the emerging technologies that can help merchants take PAN data out of scope for PCI compliance?


Get Full Details About This Report >>
US: 800.298.5699
Int'l: +1.240.747.3093
Buy this Report
Price and Delivery Options
Search Inside Report


 

About MarketResearch.com
MarketResearch.com is an online aggregator selling over 250,000 market research reports, company profiles and country profiles from over 650 research firms. Our reports will provide you with the critical business and competitive intelligence you need for strategic planning and marketing research. Coverage includes the US, UK, Europe, Asia and global markets.

 

© MarketResearch.com 2009