The Payment Card Industry (PCI) council provides us with guidance and support when it comes to securing payment and applying best practice to both Merchants and Service Providers. It is the council who keeps its thumb on the pulse of the ever changing threat landscape, continuously monitoring new avenues of payment fraud while ensuring that the evolution of payment is accepted and trusted.

At this point in time, all professionals agree that the PCI standard 3.2.1 is an established, mature set of requirements that provide the framework for ensuring payment security.

The PCI Council updates and revises these standards and professionals in our industry focus on this guidance to carefully advise our clients. That said, there are some key advisory notes that may not receive the same attention and consideration which can have just as a significant impact on the security environment of our customers.

One such advisory note is a recent supporting blog entry by the PCI council regarding patching.

As IT professionals, we have become accustomed, nay, even numbed by the admonition that is the cornerstone of our defence against malicious activity – “Update your software regularly!”

In fact, the PCI blog entry states: “The use of outdated and unpatched software is one of the leading cause of payment data breaches for businesses.”

We are all human! That includes the programmers who write code to our applications. Vendors regularly issue updates to fix software vulnerabilities. Having our systems patched with the most recent updates may give us a false sense of security. It is our duty to ensure that the source of the patch in question is verified and trusted. If you ever find yourself in doubt you MUST speak to your vendor! Your vendor can provide you with hands-on advice, regarding patches that may install automatically versus those that need implementation planning and most importantly testing.

The PCI council urges e-commerce businesses not to neglect the patching process. These businesses should receive the applicable patches from their payment service provider. However, it is essential to be diligent and ask questions. Have they patched their systems? Are they protected from newly discovered vulnerabilities? As an e-commerce merchant you need to make sure that the operating systems, e-commerce platforms and web applications are updated so they can support the latest patches.

As the age old saying goes “It is better to be safe than sorry” which cannot be more appropriate in this situation. Ensuring that all your systems are up to date with verified patches is simple. Recovering a customer’s confidence and reputation from a breach is much more complex and costly for all of us.


Article Author.

Tibor Laczko

Principal Security Consultant
Tibor is an experienced, international information security, audit, and compliance professional possessing extensive experience with Fortune/Global 500 clients in the... Read More From Tibor Laczko

Our Latest Insights.

Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.


View All Insights

Say Hi.

Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.

Gemserv will use your details to get in touch with you and to send you information about our products and services that you have requested, in accordance with our privacy policy. You can, of course, opt out of these communications at any time!

Get In Touch

Want to find out more?

Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.
Sectors Capabilities Our Insights Careers