PCI-DSS takes aim at phishing attacks

Executive Summary: The latest PCI-DSS update underscores the critical need for strong email authentication to combat phishing threats. Red Sift OnDMARC and Red Sift Certificates solutions empower organizations to meet these standards, ensuring the protection of sensitive customer information.​

This article:

  • Highlights the Payment Card Industry Data Security Standard’s (PCI-DSS) proactive measures against phishing.​
  • Emphasizes the necessity for robust email authentication to protect sensitive data.
  • ​Discusses how Red Sift OnDMARC and Red Sift Certificates solutions aid in compliance and security.

Introduction

The Payment Card Industry Data Security Standard (PCI-DSS) is a globally recognized framework for securing cardholder data managed by merchants and service providers. It outlines rigorous security measures to protect payment card information during storage, processing, and transmission, reducing risks of data breaches and unauthorized access. 

In its latest update, the PCI Security Standards Council has shifted toward proactive measures to address phishing attacks, recognizing that traditional defenses are insufficient against evolving threats. Requirement 5.4.1 recommends tools like DMARC, DKIM, and SPF to safeguard employees, while 4.2.1 and 4.2.1.1 focus on verifying and managing certificates that secure PAN during transmission. But why is phishing now a focal point?

Why phishing is a top threat

Phishing remains one of the most effective entry points for cybercriminals, accounting for 58.52% of initial compromises. Employees are often tricked into revealing credentials, downloading malware, or granting unauthorized access, with human error contributing to 68% of breaches, according to the 2024 Verizon Data Breach Investigations Report

Many organizations lack sufficient training and visibility tools to counter evolving phishing tactics, leaving them exposed. Security leaders face a significant threat from bad actors that are crafting deceptive attacks to compromise employees through impersonation.

The role of certificate management

There’s a growing awareness of vulnerabilities related to keys and certificates, particularly in how they are managed and deployed. Issues such as expired certificates, weak encryption algorithms, and the use of self-signed certificates have all been identified as potential weak points that could be exploited by bad actors.

As organizations scale, managing hundreds or thousands of certificates increases the risk of oversight, which can lead to costly breaches or downtime. Frameworks like NIST and ISO stress the importance of robust certificate management and inventory to mitigate these risks and maintain compliance with PCI-DSS.

Building resilience: Red Sift OnDMARC and Certificates

One of the most effective ways to reduce phishing attacks for any organization is by implementing a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy, ideally set to “p=reject.” This configuration provides visibility into who is using your domain and prevents bad actors from impersonating legitimate senders in phishing attacks. For example, Business Email Compromise (BEC) schemes often trick employees into purchasing gift cards or transferring funds, posing as high-level executives:

Red Sift’s OnDMARC helps organizations combat phishing by progressing organizations to a DMARC policy set to “p=reject.” This ensures only authorized services can send emails using your domain, preventing impersonation and attacks like Business Email Compromise (BEC). With features like TLS reporting and one-click MTA-STS deployment, OnDMARC simplifies adoption of advanced security measures and provides continuous monitoring for better email security.

Meanwhile, Red Sift Certificates has you covered for requirements 4.2.1 and 4.2.1.1. Our platform provides centralized control, monitoring, and automated alerts for TLS certificates, ensuring compliance and reducing the risk of breaches, downtime and reputational damage due to expired or misconfigured certificates. By combining OnDMARC and Certificates, organizations gain a comprehensive approach to protecting against phishing and securing their infrastructure, minimizing downtime, and safeguarding sensitive data. Trusted by leading brands and government organizations, let us help you:

  • Simplify compliance with PCI-DSS.
  • Mitigate the risk of phishing and impersonation.
  • Prevent breaches caused by expired or misconfigured certificates.
  • Safeguard sensitive customer and organizational data.

Contact the Red Sift team today to strengthen your defenses and secure your business.

PUBLISHED BY

Billy McDiarmid

22 Jan. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
BIMI

VMC and CMC: What are the new requirements?

Jack Lilley

Executive Summary: Staying updated on Verified Mark Certificates (VMCs) and Certified Mark Certificates (CMCs) is crucial for organizations aiming to authenticate their logos and enhance brand trust in email communications. Discover the key changes in the latest security requirements and compare the differences between VMCs and CMCs.​ This article: Introduction Verified Mark Certificates (VMCs) and…

Read more
BEC

The future of email security: Innovations, challenges, and the role of DMARC

Jack Lilley

Executive summary: Email remains a critical tool for business and personal communication, but it is also a primary target for cyber threats such as phishing, spoofing, and Business Email Compromise. As attackers become more sophisticated, organizations must adopt advanced security measures like DMARC and stay informed about emerging authentication protocols. Industry collaboration and proactive…

Read more
Aviation

Why implementing DMARC is essential for Aviation

Jack Lilley

If you’re in aviation and still haven’t locked down your email security, you’re taking a serious risk. Cyberattacks on airlines, airports, and aerospace companies are up 131% in just one year. Phishing and Business Email Compromise (BEC) scams are hammering the industry, costing millions, causing chaos, and damaging customer trust. Attackers aren’t just targeting…

Read more
News

Red Sift Brand Trust joins Cisco portfolio to extend domain and brand…

Francesca Rünger-Field

Many organizations have implemented email authentication and hardened their owned domains against abuse. But a more exposed and less controlled surface remains: the brand. With the ease and efficiency of AI tools, brand impersonation has become a successful tactic for bypassing technical controls and targeting users directly. While email authentication protocols like DMARC can…

Read more