New measures implemented in section 6.6 of the Payment Card Industry (PCI) standard, which come into force on 30 June, do nothing to address the threat of insiders, according to a database security firm.
The updates require that companies dealing with stored credit card and other consumer financial data either install firewalls around all internet-facing applications or have all customer application code reviewed for common vulnerabilities.
However, Secerno warned that, although this is a useful step in ensuring that information remains as safe as possible, its focus on the perimeter fails to provide any safety provisions against the threat of insider breaches and theft of data.
"The PCI Data Security Standard has the best intentions but, as is the case with many compliance directives, it barely addresses the most immediate and upcoming threats to consumer data," said Paul Davie, founder of Secerno.
"PCI was historically written for e-commerce rather than general retailers where breaches have actually been taking place.
"It is generally inadequate for addressing the sort of internal threat that can be exploited easily, such as by general or privileged users."
The insider threat can be anything from employees with financial or other motives to obtain and sell data, or criminals who infiltrate an organisation with the sole intention of stealing information.
"The standard says nothing about any malware other than viruses, and nothing about encrypting internal data," said Davie.
"It says nothing about protecting data on private networks and it says nothing about securing the database. Unfortunately, the internal threat is PCI's blind spot."
Davie believes that the retail industry needs to make sure that it protects data at the source in order to secure sensitive customer information against internal and external threats.
Japanese researchers develop a flexible screen worn on the skin that they claim can monitor patients' heart rate and other vitals
ZenFone 5 Pro appears to boast a Snapdragon 845 SOC, an Adreno 630 GPU and 6GB of RAM
Pilot project will serve 300 homes to start with
The IoT faces significant compatibility challenges, which could be avoided for blockchain by adopting Hyperledger