Taking Stock

It seems somewhat unnecessary right now to reinforce the fact that cardholder data compromises continue to harm businesses that accept payment cards. You can just open your favorite newspaper or news website.

This week, Verizon released their 2014 PCI Compliance Report. A companion piece to their essential Data Breach Investigation Report (DBIR), this report provides insight drawn from all of the PCI DSS assessments that they completed over the past year, including a requirement-by-requirement look at how their customer base fared in meeting the guidelines. For any payments or risk professional responsible for PCI compliance it's a must read.

In their discussion of PCI DSS Requirement 9 (Restrict physical access to cardholder data), they note: "According to the 2013 DBIR, 35% of breaches involved physical attacks. Of those, tampering accounted for 91% of attacks — and ATMs and POS devices were the two most commonly compromised assets."

An anti-tampering solution is a key element of a physical protection strategy. Preferably one that is simple to use and low-effort, so organizations can turn attention to other requirements they may be struggling to meet completely. Fortunately, such a solution exists.