Security Standards Council: New QIR Training

The Security Standards Council (SSC), launched as a global forum in 2006 for establishing a security framework for the payment card industry (PCI), has launched a new training program.  This program is aimed at integrators and re-sellers of validated payment applications, i.e., equipment and software used to drive the millions of global electronic transactions processes by merchants and banks every year. This includes Point-of-Sale (POS) systems, PIN transactions, scanning systems, ATM systems, middle-ware and other types of equipment used in the PCI.

SSC already provides a wide range of training programs for:

• Qualified security assessors;
• Payment application qualified security assessors;
• Internal security assessors;
• PCI forensic investigators; and
• PCI point-to-point encryption.

This new one is an important link in the global security ecosystem that represents a proactive approach to a growing global problem.

According the Verizon’s 2012 Data Breach Investigations Report two categories of merchants made up almost 75% of the 855 data breaches investigated by the RISK consortium.  They reported that, in 2011, 174 million electronic records were compromised.

As you can see, merchants using Point-of-Sale (POS) and eCommerce-based credit card processing technologies in the Accommodation and Food Services category made up 54% of the reported data breaches.  Retail Trade made up another 20% of the breached data.

Another interesting graph from the report shows the origin of many of the exploits.

Sixty-seven percent of the “external agents” exploiting companies around the world originate in Eastern Europe (including Turkey and Russia).  Small- to medium-sized companies that do not have in-house expertise to implement secure systems are especially vulnerable.  The criminal syndicates are now conducting “high-volume, low-risk attacks against weaker targets.”

Companies that operate in the payment card industry ecosystem should familiarize themselves with the new data and increasing risks that are posed in the process of financial transactions.

Jane Ginn CTIN President & Co-Founder

Jane Ginn ~ As the co-founder of the Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. She currently serves as the Secretary of the OASIS Threat Actor Context Technical Committee, contributing to the creation of a semantic technology ontology for cyber threat actor analysis. Her efforts in this area and her earlier work with the Cyber Threat Intelligence (CTI) TC earned her the 2020 Distinguished Contributor award from OASIS. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn: www.linkedin.com/comm/mynetwork/discovery-see-all?usecase=PEOPLE_FOLLOWS&followMember=janeginn

See Full Bio