Solution Providers Play Key Data Protection Role
Costly errors stemming from third-party contractors lead to credit card breaches, according to studies that regularly analyze security incidents. That includes managed security service providers, infrastructure service providers, secure data center hosting providers, and those who sell managed IT delivery channels and services, according to the Payment Card Industry Security Standards Council, the organization that maintains the Payment Card Industry Data Security Standards (PCI-DSS). Merchants are not properly vetting third-party providers and failing to set clear expectations for information security and data protection, according to the PCI council's new guidance document, "Third-Party Security Assurance Information Supplement (PDF)." While the merchant is ultimately responsible for the protection of credit card data, communication often breaks down over shared responsibilities. These 10 mistakes outlined in the report are often at the core of costly data breaches.