CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | MAY 20198CIOReviewIN MYOPINIONAs consumers and recipients of services from utilities, one of our least favorite things about receipt of those services is paying bills. As service providers, one of the areas of most obvious concern is securing information and data related to those payments, customer details, and credit card information."Accounting for PCI requirements necessitates the need for significant planning upfront to develop and implement payment processing methods for customers and other entities"Both concerns violently converge in a number of ways that range from fair and equitable pricing to measured transparency around operations when rate and price increases are in order, but perhaps one of the most vexing challenges is in the area of security and compliance for online payments.The Payment Card Industry Data Security Standard (PCI DSS), which was launched in 2006, governs how companies and entities of any size must accept credit card payments. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express and Discover). This means that, if any entity intends to accept card payments, and store, process and transmit cardholder data, they must host their data securely with a PCI compliant hosting provider or take proper steps to ensure that cardholder data is secure or face financial penalties of $5,000 to $100,000 per month for PCI compliance violations.In spite of well-known PCI compliance standards, in recent years ten very notable examples of payment data breaches that involved the public loss of credit card information still occurred:1. Chipotle ­ Point of sales data breach in 20172. Home Depot ­ Agreed to pay banks $25 million as part of a settlement for breach in 20143. eBay ­ Massive data breach of sensitive data on 148 million customers4. Target ­ Paid $18.5 million for data breach that affected 41 million customers5. Citibank ­ Multiple breaches by hackers of credit card information of over 200,000 customers6. Sony ­ $8 million settlement paid for PlayStation breach in 20147. Brooks Brothers ­ Customer payment information breached in yearlong attack in 2016-2017SECURITY AS A PRACTICEBy Vennard Wright, CIO, WSSC (Washington Suburban Sanitary Commission)ACCOUNTING FOR ONLINE PAYMENT
< Page 7 | Page 9 >