In mid-2015 when the buzz was at its peak on EMV (Europay, MasterCard and Visa), the push for retailers to adopt the technology began. The idea behind is to protect consumers from transaction fraud and lower their expenses from charge backs. Chip information stolen cannot be duplicated because the transaction number cannot be recreated and will not work on a new transaction. However, the little chip on your card cannot prevent data breaches.
Does EMV reduce PCI requirements?
It does not. Merchants cannot ignore PCI and it does not reduce data fraud. Here is an explanation from PCIcomplianceguide.org:
What EMV is not
It is not card data protection – EMV does not encrypt the Primary Account Number (PAN) and therefore the card data must still be protected according to PCI guidelines.
The short and right answer is PCI is just not going away. EMV has nothing to do with PCI compliance or store data security. Self-assessment questionnaires (SAQ) and Qualified Security Assessor (QSA) audits will continue. Besides, the compliance requirements of PCI 3.2 have increased. Merchants from Level 1 through Level 4 have to show proof of compliance every year.
This means continuing the pain points of:
- What to secure?
- What to monitor, log, scan, alert…?
- What to document?
- What evidence to collect?
- How to follow requirements?
- What procedures to write?
- How to stay continually compliant?
There is a lot more to do and merchants cannot be worried about spending time on compliance when they have a business to run.
Help is just a phone call or a few keystrokes away. Get started now.
Omega provides security and management solutions to address the data security and compliance void in your retail environments.
- Guide – Provide the right guidance and execute the following:
- Risk assessment and risk management
- Employee training and awareness
- Information security policies and procedures
- PCI compliance evidence collection
- Card data flow chart and network diagrams
- Protect – Execute processes and technologies for the following:
- Access management, access control
- Enterprise data protection
- End point security
- Log collection and retention for 365 days
- Patch management
- Monitor – Provide monitoring capabilities to protect and detect activity
- System logging
- Security information and event management (SIEM)
- Threat monitoring
- Vulnerability management
- Intrusion detection
- Response / Recovery plan and execution
- Incident response plan
- Execute solutions and services for securing data
Are you satisfied with the security of data within your organization?
If no, visit our website to understand what is involved to become secure and compliant. Listen to these interesting customer stories and testimonials. Get Omega’s help
Contact firstname.lastname@example.org, or call Peter Guidi at 636-557-7777 x2451 to secure your retail environment.