Retail

Retailers and merchant organizations are vulnerable to database attacks and security incidents. Recent high-profile database attacks have generated concerns over data protection and a need to protect customer data. Since June 2005, the Payment Card Industry (PCI) Data Security Standard (DSS) has served as an industry-developed mandate for protection of consumer credit card information. The standard was developed by the payment card companies to outline best practices for securing and protecting credit card numbers and transaction data at retailers. Over time, the standard has expanded its requirements to include banks and third-party processors. However, according to a report released by the Enterprise Strategy Group, “Despite massive investment in security technology and services… fewer than one in five companies feel that all their data is adequately protected.” With over 230 million records compromised since 2005, data remains vulnerable to attack.

Typically, data breaches occur for one of five reasons:

• Ineffective management of patches
• No security scanning
• Weak database level security
• SQL Injection
• Lack of real-time security monitoring

The PCI security standard attempts to mitigate these risks by increasing security throughout the organization. Implementation of database protections and commercially available security solutions, like DbProtect from Application Security, Inc., protects organizations from these risks by offering complete database security including vulnerability assessment, patch management, scanning, monitoring and remediation reporting.

To learn more about how Application Security, Inc. can help address PCI requirements within the database, visit our PCI Compliance section.