Companies Concerned With PCI DSS Compliance Need DLP

If you process, store, or transmit credit card data for any reasons in your company, you must be Payment Card Industry (PCI) Data Security Standard (DSS) compliant or your company risks fines or even loss of the ability to process credit card information.

Yet, we regularly hear of companies that handle customer credit card numbers but don’t have data leak protection (DLP) solutions of any sort in place. Sometimes we even read about them in the evening news.

At a minimum, any company concerned with PCI DSS should consider DLP solutions to protect against credit card numbers being unintentionally leaked via email or instant messaging. The question is not if, but when, a leak happens it places your company, your reputation, and your customers at risk.

David Sengupta

One Comment

  1. Steve L
    Posted October 2, 2009 at 8:59 AM | Permalink

    I Absolutely Agree.

    My organisation recently completed it’s annual PCI onsite review. We found a PCI DSS specific DLP solution called Card Recon which did the job well. The number of hits it found in Mailboxes and Document’s was very unexpected although the major feature of this app was that it didn’t find false positives.

    I suggest anyone needing to comply with PCI take a look at this as there is a free version for download – http://www.groundlabs.com/products/getfree

    I hope this helps
    Steve

Post a comment

You must be logged in to post a comment. To comment, first join our community.