Electronic theft of personal and financial data is a serious and growing problem that drives up costs for credit card issuers and the merchants they serve, and undermines consumer confidence and loyalty. In response, the Payment Card Industry has developed the PCI Data Security Standard (PCI DSS). This multi-faceted security standard includes requirements for endpoint security, security management, policies, procedures, network architecture, software design and other critical protective measures.

The old adage ‘a chain is only as strong as its weakest link’ provides the best analogy for challenges that merchants must address when planning to comply with new PCI standards. Recent studies demonstrate that the endpoints of a payment card processing system are in fact that ‘weakest link’. The endpoints of your system - POS terminals, networked cash registers, kiosks, etc. - are typically deployed in exposed environments, vulnerable to criminals who leverage increasingly sophisticated tools and methods of attack to steal valuable cardholder data and account information. Tellingly, more than half of the PCI DSS requirements are now dedicated to defining controls for endpoint security.