Financial IT Services and PCI Compliance
The financial service is a constantly changing landscape as technology progresses. The demand for instant access to financial data increases. People want to access their accounts online and on their phones. They want access to their data 24/7 and have an expectation that their money and personal data are being kept safe by their financial institution.
Equally important is the security of check processing, credit card transactions, and online banking sites. Every day there are reports of widespread attacks on the financial sector. This could include millions of credit card numbers lost from this card provider or that provider.
While it is considered that these systems have high-security measures taken, that is far too often not the case. Companies that have insecure passwords, outdated patches, end of life systems that cannot longer receive security upgrades, and sometimes just highly ineffective networking systems.
In the financial world, the compliance committee that is adhered to is Payment Card Industry Data Security Standard (PCI/DSS). Very often, many think that PCI only applies to them if they process the credit cards via their website. They are not aware they are obliged to comply with PCI DSS even if they outsource the processing of credit cards to third parties, if they accept credit card payments over the phone, or even in person. So there is still a lot of work to be done to make companies become more aware of their responsibilities and obligations when accepting credit cards.
In the IT world, there are specifications to how access to the network is provided, how those procedures are monitored, the logical network the companies use, the version of code they run, how network segments are protected and so much more. Having someone that knows the compliance standards and requirements to review the network can help ensure the next PCI/DSS audit is smooth and successful.