By Judy Greenwald, Crain News Service
WAKEFIELD, Mass. (Aug. 12, 2014) — The payment card industry’s regulatory organization has issued guidance to help merchants and others reduce credit card security risks.
Businesses are rapidly adopting a third-party operations model that can put payment data at risk, the Wakefield -based PCI Security Standards Council L.L.C. said Aug. 7 in a statement.
It said the guidance will help organizations and their business partners reduce this risk by better understanding their respective roles in securing card data.
It said the guidance developed by a PCI special interest group of 160 organizations including merchants, banks and third-party service providers provides recommendations for meeting the PCI data security standard requirement to ensure payment data and systems entrusted to third parties are maintained in a “secure and compliant manner.”
Most retailers are complying with this standard, says an expert.
PCI said the guidance includes recommendations on how to:
• Conduct due diligence and risk assessment when engaging third-party service providers to help organizations understand the services provided and how the PCI data security standard requirements will be met by those services.
• Implement a consistent process for engaging third parties that includes setting expectations, establishing a communications plan, and mapping third-party services and responsibilities to applicable PCI data security standard requirements.
• Develop appropriate agreements, policies and procedures with third-party service providers that includes considerations for the most common issues that arise in this type of relationship.
• Implement an ongoing process for maintaining and managing third-party relationships throughout the lifetime of the engagement, including the development of a robust monitoring program.
To view the “Third-Party Security Assurance Information Supplement,” click here.
This report appeared on the website of Crain’s Business Insurance magazine, a Chicago-based sister publication of Tire Business.
When is the last time you attended one of the national tire industry trade shows, such as SEMA, ITEC or the North American Tire & Retread Expo?
|I try and take in at least one show a year.||
|I usually attend one every few years.||
|There are so many tire maker and distributor meetings each year, I don’t see a need to attend one of the national shows.||
|I don’t find value in these shows and haven’t been to one in years.||
|I’d like to but I am too busy||