Recently there has been a series of news items as enterprises announce they have been breached and their sensitive customer and financial records compromised. According to Verizon 2011 Breach report 92% of the attacks were external and 76% of all data breached came from servers. The PCI Security Standards Council is an open global forum formed in 2006 that is responsible for the PCI Data Security Standard (PCI DSS), a standard that is designed to protect cardholder data.
I sat down with Lindsay Parker, Cisco global retail industry director about Cisco’s current investments and efforts to help retailers and merchants secure customer credit card data and maintain compliance with PCI DSS.
Here are some key points from our conversation:
Cisco is announcing the new PCI end to end solution to help enterprises secure data from the point where credit card is swiped to the acquiring bank.
Since 2004-2005 Cisco has been investing in PCI compliance. For the new PCI 2.0 standards Cisco partnered with VCE, EMC, RSA and HyTrust on a joint end-to-end architecture. We then worked with Verizon Business to assess the solution to give us guidance on the products and architecture.
The best analogy of the new design guide is a cookbook: We have taken all the products and assembled into an architecture, tested and assessed, then documented into a guide that retailers and merchants can use.
All the breaches we have seen so far, 100% of all breached companies were not compliant at the time of the breach, regardless of whether they were compliant at the time of their audit according to Bob Russo, PCI Council General Manager
Design guide will be available at www.cisco.com/go/pci2 in beginning of July, 2011 or retailers can contact their Cisco account manager.
Updated 7-2-2011. Design Guide for PCI DSS 2.0 is now available at
(To subscribe to this blog by email or RSS feed, visit the bottom right of this page.)