Optiv Security announced SecurePayment@Optiv, an integrated portfolio of services and technologies that enables organizations to move beyond basic Payment Card Industry Data Security Standard (PCI DSS) compliance so they can implement security across the entire payment lifecycle.
This new reference architecture brings together services and technologies across application security, network segmentation, encryption, identity and access management, threat intelligence, and incident response to deliver integrated payment security solutions for clients.
“Payment security is the bedrock of today’s digital economy – buyers need to feel confident their payment data will not be compromised, regardless if they’re using a credit card, digital wallet, stored transaction or money transfer,” said Chad Holmes, Optiv’s chief services and operations officer.
“This digital ecosystem requires an evolution in how merchants think about payment security. As organizations digitally transform and enable technologies such as mobile payment, they should be striving for a secure payment lifecycle that tackles business risks, activates program agility, and meets privacy and segmentation requirements – while maintaining compliance and optimizing existing technology investments.
“SecurePayment@Optiv goes beyond PCI compliance with a solution that builds end-to-end payment security based on each client’s specific risk profile. This risk-centric approach results in a holistic payment security program that is designed to reduce risk of payment fraud and data breaches, and deliver comprehensive security across the entire payment lifecycle.”
SecurePayment@Optiv is aligned to provide solutions across four dimensions:
Risk profile: The first step to moving beyond PCI is to understand the extent of enterprise risk. Key to this is identifying who the most likely attackers are and which assets they are most likely to target, which regulations need to be addressed, and which systems and processes need to be rationalized and optimized to support a security operation. This information enables the creation of a payment security strategy.
Point of sale: Organizations have been focused on securing credit card transactions. Today’s new security requirements are broader and require securing data across the entire payment lifecycle, as well as customer loyalty data. Merchants now must protect a multitude of potential point-of-sale vulnerabilities across credit card readers, Square readers, online payments, digital wallets, and more.
Cyber operations: Cyber operations are critical to meeting breach disclosure windows and in minimizing the likelihood of breaches. These competencies are especially important as payments move between consumers, point-of-sale systems, credit card providers and issuing banks. A new focus on cyber resilience in addition to data protection requires a focus on DevSecOps and product security.
Merchant networks: Protecting against external threats is only half of the solution for payment security. Merchants also must protect against deliberate and accidental insider threats through strong identity and access management, application security, training and awareness programs, and more.