Positive Technologies at PCI Moscow

The international conference PCI Moscow «Payment card data security support in Russia» took part in Moscow. The conference is arranged for the third year in a row all over the world and traditionally attracts the key players on payment card market. More than 170 participants visited the event in Moscow.Payment card industry faces now quite a number of thread, the most widespread of them are sensitive data leakage and frauds.
PCI DSS (Payment Card Industry Data Security Standard) – the integrated international standard - was developed to minimize these risks. The main subject of the conference PCI Moscow was the compliance with the standard which is obligatory for all payment system members.
«Assessing protection. Security metrics for PCI DSS» lecture was presented by Sergey Gordeychik, the head of consulting and audit department of Positive Technologies.
«Practical action plan for PCI DSS compliance support apart from annual audits includes network perimeter scanning once a quarter, web application security assessment and penetration testing. Usually, during these operations different risk level vulnerabilities, which lead to standard non-compliance, are detected. The most part of such problems require big expenditures to eliminate, and their full elimination could take even more than a year» - noted the speaker. Sergey also cover the question of the most widespread vulnerability types, the probability to detect one or another problem and what countervailing measures are the most adequate.