The Origin of PCI
Information stored on the network could easily worth millions of dollars for the business, and money paid to the hackers-turned-administrators was peanuts in comparison.
Ever since the commercialization of the Internet in 1990s, eCommerce has been a honey pot for hackers. Some of them were looking for fame, at least in the early days, some of them were bored, and a few of them were merely looking for a job … at the companies they hacked. It was not an uncommon practice for companies to hire the people who broken into their network to be their administrators. After all, a couple of hundreds of thousands dollars a year seems to be a very cheap price for a good hackers. Information stored on the network could easily worth millions of dollars for the business, and money paid to the hackers-turned-administrators was peanuts in comparison.
Well, at least that how the good old time works. Not before long hackers figured out that it was more lucrative to just profiting from the information directly by selling it. In addition, if you lived in the Eastern Europe and Russia, who was going to prosecute you? Later on mafias got involved. Boom, now it is really a big business. Selling credit card numbers online is surely safer than operating a drug distribution chain on the streets of Moscow (not to mention more profitable).
Very soon banks started taking notices. They lost billions of dollars every year to cyber thieves. Practically all major issuers guarantee against unauthorized charges, which means they had to eat the costs themselves. They really hate to be in this situation. They were in the business to provide some sorts of financing to customers. Yes, the card issuer got some benefits, but in the end it was the merchants benefited the most by the virtue of increasing sales. All the sudden the merchants (and in some cases, the customers) mishandled the data, and the banks was going to shoulder the costs?
Here is how PCI, or PCI DSS (Payment Card Industry Data Security Standard) came to life. It was authored by Payment Card Industry Security Standards Council, and the intention was to create a standard for merchants to handle the credit card information they posses. It covered six areas: Build and Maintain a Secure Network, Protect Cardholder Data, Maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks, and Maintain an Information Security Policy. In short, it covers all aspect of your eCommerce site.
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
