The New Information Agenda. Do You Have One? The lack of trusted information is a major concern for businesses worldwide. The information agenda is a comprehensive, enterprise-wide plan for creating, delivering, and exploiting trusted information. It allows CIOs to achieve short-term tactical and long-term strategic changes. »   The Outsourcing Decision for a Globally Integrated Enterprise: From Commodity Outsourcing to Value Creation The Outsourcing Decision for a Globally Integrated Enterprise Globalization and advances in technology have changed the way business gets done. Today, outsourcing helps make the globally integrated enterprise possible. And the decision-making process for outsourcing is changing — with CIOs playing a more strategic role. »   IBM CIO insights: Igniting Innovation By Fusing Business and IT The disconnect between business and IT leaders is nothing new. But in a highly competitive environment, where innovation is the key to success, this lack of integration can cause companies to stagnate, lose money, and miss valuable opportunities. CIOs need to take the lead in correcting this problem. This executive guide outlines the solutions and initiatives IT leaders need to implement to help bridge the gap. This executive guide offers the solutions and insights CIOs need to take the lead in building a more innovative, more successful company. »   How are Other CIOs Driving Growth? IBM interviewed over 175 CIOs to see how they're bringing together business and IT to drive growth and financial success. We found that organizations with high levels of integration have experienced a 9% return on investment, and a 6% return on assets. Want to learn what else they are doing? Read our Global CIO Leadership Survey. »

XML/RSS feeds EarthWeb IT Management news and headlines CIO Update headlines See more EarthWeb Network RSS feeds FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Related Articles • The Fourth Generation of Malware • Lessons Learned from Biggest Bank Heist in History • Redmond's Client Protection a Good Bet • Report: E-Mail Authentication on The Rise

Special Reports • ITIL v3: Bridging the Gap Between IT and Business • Outsourcing’s Seven-Year Itch • The Productivity of Technology is in Jeopardy • Offshore Considerations for Infrastructure Management • Disaster Waiting to Happen • Friday’s Top 5 • Top 10 Money Savers for 2008 • Understanding the 10 Fundamentals of Any Business • 8 Great Training Tips from the Canadian Army • Enterprise Architecture and SOA: Two Tribes More Special Reports

IT Focus Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Today on EarthWebNews.com • Apeer Has an Eye For Media Collaboration • Centralized Security Reporting for Open Source • ooVoo vooms past Typical Video Conferencing • Techs Dodge Financial Fallout • Linux File Systems: You Get What You Pay For More EarthWebNews.com

HP Data Protection Products-including tape drives, high-capacity tape libraries and disk-based systems-can grow with your company to protect all your critical data.

PCI: Keeping the Customer Trust

By Mike Paquette

April 21, 2006: To secure the buying public's trust, rival credit card processors joined forces to manage security across an industry, writes CIO Update guest columnist Mike Paquette of Top Layer Networks.

On June 22, 2005, The Washington Post called 2005 “the year of the data breach,” a phrase that, since then, has become common parlance for those observing the state of the fraud/security marketplace.

The year 2005 saw high-profile breaches at payment processors, banks, retailers, and data brokers affecting tens of millions of U.S. citizens. In fact, as of January 18, 2006, the Privacy Rights Clearinghouse estimates the number of people affected since February 15, 2005, calculated from public announcements, at more than 53 million.

The largest breach so far, which occurred at CardSystems Solutions on June 16, 2005, a third-party processor of payment card data, compromised the data of 40 million credit card holders when CardSystems was hit by a computer virus that captured customer data for the express purpose of committing financial fraud.

Congressional hearings on the matter were held in July, and Visa, MasterCard, American Express, and other payment card providers ceased allowing CardSystems to process payments.

The CardSystems incident, combined with other significant data thefts from top enterprises such as ChoicePoint, DSW Shoe Warehouse, and Polo Ralph Lauren, have made data security a top-of-mind issue for anyone handling sensitive consumer information, and has made calls for additional legislation more widespread and insistent.

But well before these events and subsequent calls for legislation occurred, all of the major credit card issuers had created separate detailed security programs in an effort to combat data theft and better ensure the protection of cardholder data.

In December 2004, Visa, MasterCard, American Express, Diner’s Club, JCB and Discover joined together to merge their programs and develop the payment card industry (PCI) data security standard (DSS).

Compliance is mandatory for any business—including merchants, service providers, and issuing banks—that handle, store, transmit, or process any data related to the card companies.

The program’s purpose is to protect cardholders’ private information, decrease fraud, and spot security issues that could result in compromised or stolen data.

While this may sound oppressively difficult and expensive, it is necessary. The risks of not complying with PCI requirements are considerable, and include aggressive, defined financial penalties for non-compliant organizations.

Under the worst possible scenario, failure to meet PCI can end in suspension, and finally revocation, of an organization’s right to accept or process credit card transactions, making it extremely challenging to continue doing business.

While stringent, these best practices are necessary to keep customer trust and companies—regardless of industry—can and should glean important lessons from this cooperation.

Mike Paquette, chief strategy officer, is responsible for product management and strategy at Top Layer Networks, where he drives the technology roadmap of the company’s intrusion prevention solutions.

Tools:

Add www.cioupddate.com to your favorites Add www.cioupddate.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

• Return to CIO Insights Index
• Return to www.cioupdate.com Homepage