LexisNexis Publishes Article from NetDiligence June Conference
PCI compliance. In these times of rampant credit card fraud, few other words cause such angst for merchants and their counsel. The key to improving your outcome is to understand what is required to prevent a security breach, what is required when one occurs, and what steps can be taken to mitigate penalties, fines and assessments.
PCI was covered at one of the sessions at the June 2014 NetDiligence Cyber Risk & Privacy Liability Forum in Philadelphia. The speakers were John Gambale of AIG, Dave Navetta of InfoLaw Group, Mark Schreiber of Edwards Wildman, Grayson Lenik of PSC, Neeraj Sahni of Willis and Dayce Schreiber of Instamed. Coverage of the session was distributed to corporate counsel across the U.S. via the LexisNexis Corporate Counsel Advisory.
You’re leaving the keys in the ignition with a “Steal Me” sign in the window. It’s not rocket science what’s causing these breaches.
To be compliant, companies need to move credit card information out of their systems, Schrieber said. Do not use the same network for email to process and pass credit card data. Segmenting your network limits your risk exposure. Mobile devices that process credit cards and email are another risk point. “Email’s a great way to insert malicious software, so you don’t want them together,” Schrieber said. The ultimate option is to never have the card data touch your environment, he said. Encryption devices hold the data and encrypt it on the device, before the cable reaches the computer. Malicious software can do nothing with it. Encryption devices are expensive, and there are not many out there, but they may be worth it, Schrieber said.
To that end, Lenik advised, “Shut down remote access and change your passwords. You’re leaving the keys in the ignition with a “Steal Me” sign in the window. It’s not rocket science what’s causing these breaches. It’s really very, very simple access.”
Read the full story in the LexisNexis Corporate Counsel Advisory. While you’re there, register for this useful update on topics being watched by in-house legal departments today.
We will pick up the PCI discussion at the West Coast version of the conference on Oct. 8-9, 2014.