With data breaches on the rise, the Federal Trade Commission is stepping up enforcement of cyber security audit procedures. Specifically, the FTC is taking a closer look at payments processing and how auditors measure compliance with industry standards.
Nine compliance auditors were selected to answer detailed questions about how they measure compliance with PCI DSS – Payment Card Industry Data Security Standards.
The auditors were asked if they issue final assessments based on a client’s promise to fix problems. They were asked if they confirm standards compliance based solely on interviews. The FTC also requested information on how many clients experienced a data breach after they went through a compliance assessment.
Some security experts are concerned that current standards seem to be failing everyone involved, whether in establishing trustworthiness in financial transactions, or protecting personal privacy.
The implication of the FTC inquiry is that some assessors may not be performing the audits adequately or that they may be rubber stamping them.
DataLink takes cyber security and standards compliance very seriously… If your organization relies on payment processing services, PCI DSS Gap Analyses and Remediations, annual audits, and quarterly scanning are essential for achieving compliance objectives. DataLink can help you get where you need to be. Contact us today at 410.729.0440 or sales@DataLinkTech.com.