https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Cash, U.S. currency

MSSPs Can Still Cash In on PCI DSS Compliance Challenges

  • Written by Frank J. Ohlhorst
  • December 1, 2018
With the holiday shopping season in full swing, doing PCI DSS compliance the right way is now more important than ever.

PCI DSS compliance rules have been around for more than a decade, yet numerous retailers are still failing to meet the requirements and are exposing customer data to theft.

According to the Thales Group, 75 percent of U.S. retailers experienced a data breach last year, demonstrating how U.S. retailers are not up to the security game. While that might not bode well for the holiday shopper, it does illustrate that retailers need help, and they need it now.

MSSPs can help assuage those security issues by helping retailers institute PCI DSS compliance correctly, and garner long-term relationships as a result. Perhaps the biggest challenge comes in the form of educating retailers on best practices and helping them avoid the all-too-common problems that have lead to breaches, compliance failures and the liabilities associated with processing payment cards. Naturally, those best practices can be translated into services that MSSPs can offer those retailers, including:

  • Scope: The PCI DSS standard defines the scope of the cardholder data environment (CDE) as all of the systems, people, processes and technologies that handle cardholder data; yet, many retailers fail to properly scope their environments, meaning that critical systems, such as domain controllers, key management systems, firewalls and numerous other systems are often left out of the scope. MSSPs can help to inventory those systems and include them in the scope, preventing compliance failures.
  • Patching: One of the most critical elements for maintaining compliance involves keeping systems in the scope patched. The latest PCI DSS requirement 6 outlines the need to patch systems on a regular basis. Additionally, it specifies that critical security patches must be installed within a month of their release. Here, as part of the scoping process, MSSPs can identify critical systems and take on the role of patch management to ensure that all systems are patched properly.
  • Access Audits: PCI DSS requirement 8 outlines how to secure access to cardholder data, specifically requiring two-factor authentication for remote access to all in-scope systems. Many organizations fail to audit remote access to verify that the controls are working as expected. Here, MSSPs can head up those audits and validate that the systems are compliant.
  • Monitor and Review Audit Logs: PCI DSS requirement 10 covers all of the implementation details for logging and log monitoring within the CDE; however, many organizations fail to adhere to the requirement properly, rendering those logs worthless. MSSPs can institute the processes needed to review those logs and automate the analysis to discover errors and anomalies that might signal a threat, before any damage occurs.
  • Limit Third Party Access: Third-party vendors often request access to the CDE for numerous and legitimate reasons, such as troubleshooting systems and posting updates; however, many retailers often forget to audit and then turn that access off, leaving a potential backdoor into the CDE. MSSPs can institute systems that monitor and limit third-party access to contain those threats.
  • Change Default Passwords: Many systems within the CDE come predefined with default settings, passwords and so forth; for example, Wi-Fi access points are normally preconfigured and have default authentication turned on. Many retailers forget to change default configurations, leaving the CDE open to threats. MSSPs can locate those systems and ensure that proper passwords and security are enabled.
  • Storing Sensitive Data: PCI DSS mandates the protection of Sensitive Authentication Data (SAD) which is comprised of full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more. Some retailers falsely believe that they must store all SAD for situations such as recurring billing. SAD is one of the biggest targets for cybercriminals, and MSSPs can help reduce exposure by implementing a third-party credit card vault and tokenization provider, which replaces SAD with a token during billing and payment authorization procedures.

The above best practices are only a microcosm of everything involved for PCI DSS compliance; however, those are the areas that most merchants seem to need help with. MSSPs can become the trusted insider, helping retailers to maintain PCI DSS compliance and prevent those retailers names’ from appearing in the news as a victim of a breach.

Tags: MSPs MSSP Insider Network Security Training and Policies

Most Recent


  • Chris Krebs
    Black Hat USA: Former CISA Director Says Cybercrime to Get a Lot Worse Before Better
    Black Hat attendance is back to pre-pandemic levels.
  • Black Hat logo
    Black Hat USA 2022: DNSFilter, NetWitness, BlackBerry, CrowdStrike, More
    The event marks the 25th Black Hat USA.
  • APAC map night sky
    New Google Cloud Regions Coming to Malaysia, Thailand, New Zealand
    The cloud provider aims to capitalize on soaring demand in Asia Pacific.
  • Business handshake
    Nexus IT Merges with Intelitechs, Advances 5-Year Growth Strategy
    The merger adds value to product and service offerings, the companies said.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • White House
    White House to Private Sector SMEs: Get Serious About Cybersecurity
  • zero trust security
    Leveraging Partner Expertise to Build a Zero-Trust Strategy
  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office
  • Threats
    Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

Black Hat USA: Former CISA Director Says Cybercrime to Get a Lot Worse Before Better

August 11, 2022

Channel Futures and Channel Partners Ready Trio of Powerhouse Summits

August 11, 2022

Black Hat USA 2022: DNSFilter, NetWitness, BlackBerry, CrowdStrike, More

August 10, 2022

Industry Perspectives

View all

Seize the Application Modernization Opportunity

August 2, 2022

A Growth Mindset: Your Organization’s Strategic Differentiator

August 1, 2022

Timely Tips for Non-Negotiable Patch Updates

July 29, 2022

Webinars

View all

Outsmarting RaaS: Implementation Strategies To Help Your Clients Before, During, and After a Ransomware Attack

August 23, 2022

Why it is Important to Upgrade Aging Servers and How to use Live Optics to Upgrade Efficiently

August 25, 2022

Executives at Home are Not Alright: An Intro to Digital Executive Protection

September 8, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

ThreatLocker Preaches Zero Trust, Addresses Industry Competition

ScienceLogic Debuts New Partner Portal

August 9, 2022

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

June 27, 2022

IBM, Partners and the $1 Trillion Hybrid Cloud Opportunity

June 26, 2022

Twitter

ChannelFutures

.@nutanix said to lay off 4% of workforce by October, as company cites macroeconomic issues. dlvr.it/SWSMDN https://t.co/w6JeqkI7r6

August 11, 2022
ChannelFutures

#BHUSA Day 1 with Chris Krebs, @cybereason, @keepersecurity, @BreachQuest, @awscloud and @splunk. #cybersecurity… twitter.com/i/web/status/1…

August 11, 2022
ChannelFutures

Have you registered for the @MSP_Summit yet? It’s just about a month away, so don’t wait. Here’s a sneak preview of… twitter.com/i/web/status/1…

August 11, 2022
ChannelFutures

Read about @adaptivnetworks's new distribution partner. dlvr.it/SWQFh3 https://t.co/az12SeMU7X

August 10, 2022
ChannelFutures

A succession crisis has been brewing in the channel. Are you thinking about how to develop leaders?… twitter.com/i/web/status/1…

August 10, 2022
ChannelFutures

Looking for clues about the upcoming #Rackspace #restructuring? We have a little insight from yesterday’s earnings… twitter.com/i/web/status/1…

August 10, 2022
ChannelFutures

Ready for more @GoogleCloud in #AsiaPacific? Find out where channel partners will be able to take advantage of new… twitter.com/i/web/status/1…

August 10, 2022
ChannelFutures

[email protected] has been a key figure in both the TSB market and the channel DE&I community. @Telarus… twitter.com/i/web/status/1…

August 10, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X