SBC News Establishing a robust, compliant, and future-proof payment security framework

Establishing a robust, compliant, and future-proof payment security framework

SBC News Establishing a robust, compliant, and future-proof payment security framework
Craig Lusher, Product Principal of Secure Solutions at Continent 8 Technologies

In the concluding part of SBC News’ Continent 8 Technologies special (see part one here), Product Principal of Secure Solutions, Craig Lusher, continues to delve into the PCI Security Standards Council’s 4.0 mandate.

In this edition, Lusher offers a series of recommendations on how to implement this range of new standards, as well as how the company is best positioned to help combat continually developing challenges.

SBC News: How does Continent 8 stand best poised to help when it comes to evolving threats and technology in the payment industry?

Craig Lusher: Continent 8 is uniquely positioned to help organisations navigate the complexities of PCI DSS 4.0 and address the evolving threats in the payment industry. With our extensive experience in providing managed security services to the igaming, online sports betting and banking sectors, we have developed a deep understanding of the unique challenges faced by these industries. 

According to Cybersecurity Ventures, global cybercrime costs are expected to reach $10.5tn annually by 2025, highlighting the critical need for advanced security solutions.

As the threat landscape continues to evolve, Continent 8 remains committed to staying at the forefront of security innovation”

Our comprehensive, layered suite of security solutions is designed to address the key requirements of PCI DSS 4.0 while providing a flexible and scalable approach to security. Our Web Application and API Protection/Web Application Firewall (WAAP/WAF) service helps organisations protect their web applications from advanced threats, ensuring the security of sensitive payment data. By leveraging our expertise and state-of-the-art technology, businesses can significantly enhance their security posture and meet the stringent requirements of PCI DSS 4.0.

In addition, our managed Security Information and Event Management (SIEM) and Managed Security Operations Center (M-SOC) services provide round-the-clock monitoring and incident response capabilities. Our team of experienced security analysts continuously monitors our clients’ environments, identifying potential threats and taking proactive measures to prevent data breaches and other security events. This level of vigilance is essential for maintaining a strong security posture and ensuring the protection of sensitive payment information.

Continent 8 also offers advanced Intrusion Detection/Prevention Systems (IDS/IPS) capabilities, vulnerability assessment, and penetration testing services. These solutions help organisations identify and address potential vulnerabilities in their IT infrastructure, reducing the risk of successful cyber attacks.

As the threat landscape continues to evolve, Continent 8 remains committed to staying at the forefront of security innovation. We continuously invest in research and development, ensuring that our solutions are always up-to-date and capable of defending against the latest threats.

SBCN: Reverting back to version 4.0 of the PCI DSS, could you elaborate on what the company’s WAAP solutions bring to the table, and just exactly how this can help?

CL: Continent 8’s WAAP solutions play a crucial role in helping organisations comply with PCI DSS 4.0 requirements, particularly in protecting against web-based attacks. Our WAAP offering combines the capabilities of a WAF with advanced features designed to secure both web applications and APIs.

By leveraging Continent 8’s WAAP solution, organisations can significantly reduce the risk of web-based attacks”

PCI DSS 4.0 places a strong emphasis on the use of automated technical solutions to detect and prevent web-based attacks continuously. Our WAAP solution meets and exceeds this requirement by providing a comprehensive defence against a wide range of application-layer threats, including OWASP Top 10 threats such as Broken Access Control, Cryptographic failures, injections, such as cross-site scripting (XSS), SQL Injections, Insecure Designs and Credential Stuffing. Available as both a fully managed or self service, Continent 8 has the ability to integrate into SIEM systems for additional automation and response.

One of the key strengths of our WAAP solution is its ability to provide real-time protection against evolving threats. Our advanced machine learning algorithms and threat intelligence feeds enable the system to identify and block new attack patterns and zero-day attacks as they emerge. 

This proactive approach to security is essential for preventing data breaches and ensuring the ongoing protection of sensitive payment information and Personally Identifiable Information (PII).

In addition to its robust security capabilities, Continent 8’s WAAP solution is designed to be highly scalable and flexible. Our service can be easily integrated into existing IT infrastructures, allowing organisations to quickly and effectively enhance their security posture. The solution’s API protection features are particularly valuable for businesses in the igaming and online sports betting industries, where APIs play a critical role in enabling seamless integration with third-party services and platforms.

By leveraging Continent 8’s WAAP solution, organisations can significantly reduce the risk of web-based attacks and demonstrate their commitment to meeting the stringent requirements of PCI DSS 4.0. Our team of experts works closely with clients to ensure that the solution is properly configured and optimised to meet their specific security needs, providing ongoing support and guidance to maintain a strong security posture over time.

SBCN: What would be your recommendations to those adopting these new global standards?

CL: For organisations embarking on the journey to adopt PCI DSS 4.0, there are several key recommendations that can help ensure a smooth and successful transition before the March 31, 2025 deadline:

  1. Conduct a thorough risk assessment: Before implementing any changes, it’s essential to understand your organisation’s unique risk environment. Conduct a comprehensive risk assessment to identify potential vulnerabilities, prioritise critical assets, and develop a tailored security strategy that aligns with your business objectives and PCI DSS 4.0 requirements.
  2. Embrace a culture of continuous improvement: PCI DSS 4.0 is not a one-time checklist but rather a continuous process of assessing, improving, and maintaining the security of payment systems. Foster a culture of continuous improvement within your organisation, encouraging regular security training, ongoing vulnerability assessments, and proactive threat monitoring.
  3. Partner with experienced service providers: Navigating the complexities of PCI DSS 4.0 can be challenging, especially for organisations with limited in-house security expertise. Consider partnering with experienced managed security service providers, like Continent 8, who have a proven track record of helping businesses achieve and maintain compliance with global payment security standards.
  4. Prioritise security automation: PCI DSS 4.0 emphasises the importance of using automated technical solutions to detect and prevent threats in real-time. Invest in advanced security technologies, such as WAAP/WAF, SIEM, and IDS/IPS, to streamline your security processes and ensure a proactive approach to threat detection and response. According to recent research from Verizon, web application attacks are involved in 26% of all breaches, making them the second most common attack pattern.
  5. Regularly review and update your security controls: As the threat landscape evolves, so must your security controls. Regularly review and update your security policies, procedures, and technologies to ensure they remain effective against emerging threats. Engage in periodic vulnerability assessment and penetration testing (VAPT) to identify and address potential weaknesses in your security posture.
  6. Collaborate and communicate: Effective security is a team effort. Foster open communication and collaboration among your internal teams, external partners, service providers and industry colleagues. Regularly share information about emerging threats, best practices, and lessons learned to create a strong, collective defence against cyber attacks. Continent 8 have built a threat intelligence and threat sharing platform for the industry to anomalously utilise.

By following these recommendations and partnering with trusted security experts like Continent 8, organisations can confidently navigate the transition to PCI DSS 4.0 and establish a robust, compliant, and future-proof payment security framework. 

To learn how Continent 8 can help your organization’s migration to PCI DSS 4.0 – and to benefit from three months of complimentary WAAP services on a 15-month contract* – visit Continent 8 Technologies or contact [email protected]

*Terms and conditions apply. See website for full details.

Check Also

customer retention concept

Flows: boosting partners’ player retention with FlowsWave launch

In the second part of a Q&A marking the launch of a new suite of …

STATSCORE

STATSCORE: new identity reflects our dynamic growth

STATSCORE, a sports data provider, has just undergone an extensive rebranding process, unveiling a new …

SBC News Clever Advertising: riding the wave of African regulation

Clever Advertising: riding the wave of African regulation

Writing for SBC News, Liliana Almeida, Head of Brand at Clever Advertising, walks us through …