The Government Communications Headquaters (GCHQ) spy agency has recovered over a million credit card details throughout Europe that were stolen. These details are estimated to be worth €3.42 million.
CGHQ worked with the Serious and Organised Crime agency to recover the data, as part of the ongoing cyber war againgst foreign states and criminal gangs.
It has not yet been released as to where the credit card details were stolen from and if they have been used. But whether hackers infiltrated banks/websites, or staff leaked sensitive information, this is an extreme case of negligence.
Any organisation that deals with sensitive data such as credit card information, should make sure they are PCI DSS (Payment Card Industry Data Security Standard) compliant . The purpose of the PCI Standard is to decrease payment card fraud across the internet and increase credit card data security. Every organisation that stores, transmits or processes card holder data must comply with the PCI DSS, which is enforced by the ‘acquiring bank’ through whom you have your merchant account.
PCI DSS is a global standard, recognised throughout the world. If you are taking money via credit/debit card sales, (whether you are a small shop or a global online business) then you need to make sure you are PCI DSS compliant. If sensitive information is stolen and you are found to not be PCI DSS compliant, then you will face fines, brand damage and you may experience permanent prohibition of your participation in Visa and MasterCard programmes. This could be devastating for your business, meaning you would lose trade in all credit/debit card sales. And in today’s modern economy, what use is a shop/website that doesn’t take credit cards?
Simplify PCI DSS documentation and compliance with the PCI DSS Documentation Compliance Toolkit. It contains a full set of documentation templates for the all mandatory PCI DSS policies, as well as implementation guidance and ISO27001 cross-mapping.
View a free demo of this toolkit here>>