Are Your Payment Card Vendors Maintaining PCI Security Standards?

Brian Thomas | January 11, 2021 | tag: Cybersecurity

The payment card industry (PCI) has long been a Holy Grail target for bad actors for obvious reasons. Visa, Mastercard, and American Express account for the bulk of the consumer financial activity in the United States. Breaching them would be an unimaginable windfall for hackers--and, undoubtedly, an unmitigated disaster for the world’s economy. 

So far these major companies have avoided such attacks that have impacted established networks, from  larger retail breaches to individual stores and payment processing companies. Given the rising sophistication in attack methods and malicious actors’ understandable predilections for targeting the financial sector it’s likely only a matter of time before major credit card issuers and retailer partners become victims.

That’s why the PCI Security Standards Council was formed. As its name suggests, the Council outlines a clear set of PCI security standards it recommends both card vendors and retailers adhere to in order to ensure the security of cardholder data. The Council’s goal is to protect consumers, card issuers, and merchants.

What are the PCI security standards?


The 15 PCI security standards outline recommended security practices, technologies, and processes to protect card payment. They run the gamut from implementing effective PIN security, to card protection processes, software lifecycle management, and more. 

PCI security standards can help turn the tide against rising cybersecurity threats. As recent security breaches at Capital One and other financial institutions prove, industrious hackers will diligently and continuously probe and attempt to thwart even the most stalwart security measures. And the biggest risk tends to come via third parties, proven again to the cybersecurity world by the recent and ongoing SolarWinds breach

What does this mean for your third-party risk management efforts?


PCI security standards are not just applicable to card issuers; any business that accepts card payments is responsible for adhering to the guidelines to minimize security risks. Not doing so could have serious financial repercussions for your business, not to mention inflict long-lasting damage to your company’s reputation. 

That’s why it’s critical that you continuously monitor and mitigate third-party supply chain risk. Annual audits and periodic assessments only capture a snapshot in time, and can be time-consuming and error-prone, particularly when done manually. Automated, continuous monitoring of supply chain partners is a more efficient and effective way to ensure that those partners are in compliance with PCI security standards. 

Rather than relying on subjective or inaccurate or incomplete responses provided by vendors, businesses can leverage security ratings to objectively and accurately assess third-party risk. With easy-to-understand ratings in hand, you can efficiently assess whether or not your vendors are meeting PCI security standards--or if they are putting your own business at risk.

Make sure you and your vendors are PCI security compliant

As other industries have recently discovered, the trickle-down effect of a single vendor breach can prove catastrophic. The SolarWinds Orion breach is just one example, but there have been many other instances where the infiltration of third-party vendors has significantly impacted company operations. 

If you’re in the PCI--and if you work with any payment card vendors, you definitely are-- vigilance is an absolute must. Make sure your organization is adhering to PCI security standards set forth for merchants, such as protecting PIN transactions at the point of sale. Even more importantly, monitor your vendors so you know they’re complying with the standards, too. Protect your business by maintaining a secure supply chain.

New Call-to-action

Suggested Posts

5 Essential Elements of a Municipal Cyber Security Plan

Cyberattacks on state and local governments are on the rise. In 2020, more than 100 government agencies, including municipalities, were targeted with ransomware – an increasingly popular attack vector

These incidents are costly and...


Do You Have What it Takes to Achieve Digital Resilience?

The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?


What’s Most Notable in Biden’s Cybersecurity Executive Order?

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government...


Subscribe to get security news and updates in your inbox.