Davin Healthcare Software Solutions
Knowledge | 4 min read

Security: Setting a Higher Standard

Date published: May 16, 2019

How to pick the best internet security company.

Iam not going to bury the lead; I’m just going to come right out and say it:

 

Internet Security is a “pay to play” industry, and you should never take a company’s promise of “security” at face value.

That realization comes with terrifying implications, but you shouldn’t panic, unplug your computer, and throw it out the window.  Let me break this down:

A False Sense of Security

My spouse owns a retail store, and I maintain the e-commerce side of it. 

Recently, our credit card processor informed us that our web site must pass a security audit for PCI compliance. 

Sounds like a great initiative to improve the security of their clients and reduce their own exposure to fraud across the internet.

We received instructions to use their designated third-party auditing company. As we began the process, I quickly realized that the scanning software is only able to view the web site pages that are readily available through the links on the web site.  The software is not able to click any buttons and therefore cannot place items in the shopping cart.  Without items in the shopping cart, the web pages for the checkout process are not available for scanning.

While the audit did find several items for us to fix, overall the scanning process produces a false sense of security because a major feature of the web site, which has ample opportunity for vulnerabilities, cannot be scanned.

Pay to Play

As we worked through the audit process, we received an e-mail from the credit card processor stating that if our web site did not pass the security audit, we would be charged an additional non-compliance fee per month. 

Interesting…

Their position is: you can continue to operate a non-compliant web site for a fee.  For an e-commerce web site generating significant revenue, the monthly non-compliance fee is minimal. 

This opens a lot of questions:

Why does the processor continue to provide service to non-compliant web sites? Are there so many non-compliant e-commerce sites that they cannot afford to shut them down?

What will the credit card processor’s response be to a customer whose non-compliant web site has fraudulent activity?  Are they simply covering their own assets by requiring the scan?

The answers to these questions all point to one fact:

Internet Security is a “pay to play” industry, and you should never take a company’s promise of “security” at face value.

Protecting Yourself

The reality is that companies of all sizes have no incentive to improve their internet security.  The proliferation of internet fraud confirms that internet security is still a long way from the level of security required.

There is good news.  There are companies that hold themselves to a higher standard of security, and there’s an easy way to figure out what companies do…ask them.

Don’t take a promise of “high security” at face value.  Ask how they ensure a high standard with their security.

If they don’t/won’t/can’t answer, they are not the right company to work with. 

Companies with high-security standards are never afraid to explain what makes them secure.  These companies go above and beyond to ensure your security.  They know that there are more robust tools available for identifying vulnerabilities.  These tools are more expensive and require additional access to the web site, but the trade-offs come with a true sense of security.

Don’t despair, a little bit of research and a few questions will go a long way to ensuring that your internet safety.

Let Us Know What You Thought about this Post.

Put your Comment Below.

Related Posts:

Ideas for a More Meaningful Clinical Experience

Rating Clinical Experiences During the Pandemic

Challenges During the Pandemic: One Thing To Chang...