This week's White House Summit on cyber security at Stanford University comes at a pivotal time for payment and security professionals, which have an opportunity to cooperate to fight Internet crime.
A number of executives from the payments industry will join President Obama and Cabinet officials at the event. It's rare that such heightened attention is spent cybersecurityan issue that is critical to our nations future.
Its not news to us that cybercriminals are tireless in their pursuit to hack and attack our personal information for their financial gain. We should view this as an opportunity to come together as a community across industry lines to share information to better protect merchants that are getting hammered by hackers on a daily basis.
Whats at stake is apparent. Cybercrime cost the U.S. economy $100 billion per year while the average data breach now cost organizations $3.5 million. This is an urgent issue. The time is now to increase merchant education and maintain vigilance against this persistent threat.
In addition to the cybersecurity summit, Congress is seeking to create legislation to better protect consumers, generate more avenues for information sharing and bolster law enforcement efforts.
We also know that in the months leading up to the EMV chip transition, hackers will increase their activity around card-present attacks. This summit provides the opportunity for us to discuss action plans and share information to better protect sensitive cardholder data.
We need to remain vigilant and make continuous security a priority over moment-in-time compliance.
Its disturbing to know that basic requirements of the PCI DSS, such as daily log monitoring or implementing strong passwords, are still not being implemented. The word password remains one of the most popular passwords. Moreover, it takes the average breached organization 229 days to detect an intrusion.
We must redouble our commitment to merchant education. Its why in a few weeks, PCI SSC will launch a task force to better address small business security concerns; why we are refocusing our partnership with the acquiring community to help businesses more easily and effectively take advantage of the technologies out there that can simplify payment security; and why well continue to stand shoulder to shoulder with those across the ecosystem to develop the strongest standards, best practices and guidance for protecting payments now and in the future.
As we participate in the summit this week, we must view this collaboration for what it isa good first step. Data security must be an ongoing and ever changing effort. Only cooperation and constant vigilance will get us ahead of future cyberattacks.
Stephen W. Orfei is general manager of the PCI Security Standards Council.