Around 2018, the payment landscape has undergone a great transformation. With the increase in the number of digital transactions happening per day, the challenge of securing the sensitive authentication data is also increasing proportionally.
Considering data security, PCI SSC has entailed a set of standards (PCI DSS) to the organizations that use sensitive data during digital transactions. The requirements have impacted positively on the security posture of these institutions.
Researches show that the annual online payment frauds corresponding to the sectors like banking and e-commerce may hit USD 48 billion by 2023. This is due to the fact that most of the organizations claim to be compliant either by self-attestation or with the help of a third party service provider without knowing the importance of true security.
SISA, being a core PFI company with over a decade of experience, compiled its recent findings during the forensic investigations (including PFIs and IFIs) into a SIRF report to make the best use of it.
As per the report, more than 50% of the organizations were found to be non-compliant in one or more than one scope at the time of the investigation. These firms failed to follow the data security, secure implementation, configuration of proper access controls, implementing quarterly vulnerability assessments, and many more.
As a result, the common ingress points got exposed, making the servers and the applications outside the organization’s secured environment, vulnerable and easily compromising for the hackers.
Further, on investigating numerous merchants, banks and service providers, shockingly it was found that 90% of the banks were non-compliant at the time of breach followed by 34% of merchants and 21% of service providers being non-compliant.
Attacks and data breaches may happen anywhere, but they can be avoided by taking well-planned security measures and complying with PCI DSS honestly. And not by simply ticking the check boxes.
Download the SIRF Report 2019 to read in detail about the key learning from SISA’s forensic investigations.