In 2006 the major providers of credit cards got together and formed the Payment Card Industry Security Standards Council. The goal of this organization was to meet the enormous challenge of providing air-tight security for the credit card payment industry.
In short, all the major players, such as American Express, Discover Card, MasterCard and others, realized that their very survival hinged on keeping billions of credit cards users safe from being hacked by criminals.
Today all credit card providers must be in compliance with what is called PCI DSS. That stands for Payment Card Industry Data Security Standard. Doing so is an ongoing and enormous challenge. That’s because powerful and clever hackers never tire of trying to break into even the toughest, most cutting-edge cyber security systems. And sometimes they are successful.
The credit card industry is not the only sector with significant cyber security challenges. Equally concerned are the defense industry, healthcare, tech/retail and ICM or Incident Command Systems.
Despite all efforts, there are still cases where a certain organization’s system are not in compliance with PCI DSS standards. It’s just not possible to provide everything needed to be 100% secure. That has brought about a strategy employing “compensating controls.” In short, compensating controls provide enough protection to mitigate security risks such that PCI DSS standards are met.
Compensating controls are considered stop-gap measures that take care of security with the understanding that they may not be a permanent solution. A good example would be a system that is lacking a competent firewall. Implementing a permanent firewall system may be impossible for a number of technical issues. That’s when a compensating control solution is brought in.
Today there are firms that do nothing else but provide cyber security for their clients. These providers have developed highly advanced compensating control fixes and strategies that get the job done.
