Role of sensitive data discovery tools in PCI compliance

Posted by matthewdavis9179 on February 7th, 2014

One of the widespread categories of electronic crime that are taking their toll in today’s context is identity theft resulting from credit card fraud. Each year, billions of dollars are lost due to organisations suffering a data breach affecting both consumers and businesses globally. Most recently organisations such as Target and Neiman Marcus in the US publicly disclosed a system compromise which resulted in the theft of customer credit card information. However in most cases, a system compromise is not reported in public media therefore the true number of affected organisations remains an industry secret.

Merchants require considerable guidance and how to prevent falling victim to hacking attacks from criminals looking to steal sensitive data. In response to long term trends showing an increase in card related fraud, a comprehensive data security standard was created by the Payment Card Industry Security Standards Council. The PCI standards guide merchants on how to secure sensitive cardholder information and minimize credit card fraud by its exposure.

Whether it is a small online store or a largest multi-national business, compliance with the Payment Card Industry Data Security Standard or otherwise known as PCI DSS is compulsory for every business accepting payments from branded payment cards including Visa, Mastercard, American Express, Discovery, Diners Club or JCB.,

However, whilst these standards exist, most organisations are unaware that traces of insecure cardholder information are being stored within their infrastructure at multiple locations such as databases, log files and documents. Due to this lack of alertness, these instances of sensitive data are vulnerable and easily accessible to criminals who often find ways of breaking through conventional IT security controls. Thus, it is now critical for organizations not only to educate their employees with an understanding of the PCI standards, but also to incorporate the use of cardholder data discovery tools to thoroughly search every storage repository throughout an organization for instances of non-compliant cardholder information storage.

PCI compliance is much more than a mere necessity for merchants who process, store, or transmit sensitive cardholder data. Professional security consulting companies who specialize in PCI compliance known as Qualified Security Assessors, are actively assisting clients and educating them on the importance of understanding exactly where sensitive card information is stored. As the payment card industry has matured, these companies now make active use of cardholder data discovery to determine proper PCI compliance scope while enabling their clients to remove unknown risks which may have existed for extended periods of time.

A Qualified Security Assessor is professionally trained and certified by the PCI Council. Therefore organisations can take comfort that a Qualified Security Assessor will offer appropriate advice concerning PCI compliance including the use of card data discovery. If you are serious about the security of the cardholder information and want to make your business PCI-compliant then it is prudent to seek out a sensitive data discovery tool that is cost-effective and provides a commercially proven level of accuracy for assisting with PCI compliance

If your organization is confused about PCI compliance, it is highly recommended you engage with a PCI QSA to provide further advise and guidance on becoming PCI compliant. For a lsit of all QSAs available in your area please visit

Like it? Share it!


About the Author

Joined: February 3rd, 2014
Articles Posted: 1,370

More by this author