New measures implemented in section 6.6 of the Payment Card Industry (PCI) standard, which come into force on 30 June, do nothing to address the threat of insiders, according to a database security firm.
The updates require that companies dealing with stored credit card and other consumer financial data either install firewalls around all internet-facing applications or have all customer application code reviewed for common vulnerabilities.
However, Secerno warned that, although this is a useful step in ensuring that information remains as safe as possible, its focus on the perimeter fails to provide any safety provisions against the threat of insider breaches and theft of data.
"The PCI Data Security Standard has the best intentions but, as is the case with many compliance directives, it barely addresses the most immediate and upcoming threats to consumer data," said Paul Davie, founder of Secerno.
"PCI was historically written for e-commerce rather than general retailers where breaches have actually been taking place.
"It is generally inadequate for addressing the sort of internal threat that can be exploited easily, such as by general or privileged users."
The insider threat can be anything from employees with financial or other motives to obtain and sell data, or criminals who infiltrate an organisation with the sole intention of stealing information.
"The standard says nothing about any malware other than viruses, and nothing about encrypting internal data," said Davie.
"It says nothing about protecting data on private networks and it says nothing about securing the database. Unfortunately, the internal threat is PCI's blind spot."
Davie believes that the retail industry needs to make sure that it protects data at the source in order to secure sensitive customer information against internal and external threats.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago