Over the past few years, the industry has witnessed several incidents of high profile data breaches. Incidents like these serve as a reminder for businesses to prioritize data security and strengthen their business environment. Addressing the concern of data security, the Payment Card Industry Security Standard Council (PCI SSC) issued guidelines under Payment Card Industry Data Security Standard (PCI DSS) for securely processing, storing, transmitting payment card data. As per the PCI DSS Standard requirement, organizations in question need to determine the scope of their PCI DSS assessment accurately and secure card data.
Determining the scope essentially involves discovering of unencrypted card data and securing the source to prevent breach/data theft. It is interesting to note that most of the incidents of data breach/theft in the industry today is due to the lack of securing data stored in undiscovered locations. This potentially exposes most organizations to the high-level risk of a data breach. It is therefore essential for organizations to conduct a thorough assessment of Data Card Discovery, to identify and if required securely delete cardholder data that is no longer required or has exceeded the retention period.
In this article today, we have outlined key elements to consider while conducting the PCI DSS Card Data Discovery Assessment. Consideration of these elements will ensure accurate scoping and data discovery across the environment. However, before proceeding towards learning about the key elements, let us first understand the term Card Data Discovery (CDD). This will facilitate better learning and understanding of the Card Data Discovery process.