PCI-DSS takes aim at phishing attacks

Executive Summary: The latest PCI-DSS update underscores the critical need for strong email authentication to combat phishing threats. Red Sift OnDMARC and Red Sift Certificates solutions empower organizations to meet these standards, ensuring the protection of sensitive customer information.​

This article:

  • Highlights the Payment Card Industry Data Security Standard’s (PCI-DSS) proactive measures against phishing.​
  • Emphasizes the necessity for robust email authentication to protect sensitive data.
  • ​Discusses how Red Sift OnDMARC and Red Sift Certificates solutions aid in compliance and security.

Introduction

The Payment Card Industry Data Security Standard (PCI-DSS) is a globally recognized framework for securing cardholder data managed by merchants and service providers. It outlines rigorous security measures to protect payment card information during storage, processing, and transmission, reducing risks of data breaches and unauthorized access. 

In its latest update, the PCI Security Standards Council has shifted toward proactive measures to address phishing attacks, recognizing that traditional defenses are insufficient against evolving threats. Requirement 5.4.1 recommends tools like DMARC, DKIM, and SPF to safeguard employees, while 4.2.1 and 4.2.1.1 focus on verifying and managing certificates that secure PAN during transmission. But why is phishing now a focal point?

Why phishing is a top threat

Phishing remains one of the most effective entry points for cybercriminals, accounting for 58.52% of initial compromises. Employees are often tricked into revealing credentials, downloading malware, or granting unauthorized access, with human error contributing to 68% of breaches, according to the 2024 Verizon Data Breach Investigations Report

Many organizations lack sufficient training and visibility tools to counter evolving phishing tactics, leaving them exposed. Security leaders face a significant threat from bad actors that are crafting deceptive attacks to compromise employees through impersonation.

The role of certificate management

There’s a growing awareness of vulnerabilities related to keys and certificates, particularly in how they are managed and deployed. Issues such as expired certificates, weak encryption algorithms, and the use of self-signed certificates have all been identified as potential weak points that could be exploited by bad actors.

As organizations scale, managing hundreds or thousands of certificates increases the risk of oversight, which can lead to costly breaches or downtime. Frameworks like NIST and ISO stress the importance of robust certificate management and inventory to mitigate these risks and maintain compliance with PCI-DSS.

Building resilience: Red Sift OnDMARC and Certificates

One of the most effective ways to reduce phishing attacks for any organization is by implementing a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy, ideally set to “p=reject.” This configuration provides visibility into who is using your domain and prevents bad actors from impersonating legitimate senders in phishing attacks. For example, Business Email Compromise (BEC) schemes often trick employees into purchasing gift cards or transferring funds, posing as high-level executives:

Red Sift’s OnDMARC helps organizations combat phishing by progressing organizations to a DMARC policy set to “p=reject.” This ensures only authorized services can send emails using your domain, preventing impersonation and attacks like Business Email Compromise (BEC). With features like TLS reporting and one-click MTA-STS deployment, OnDMARC simplifies adoption of advanced security measures and provides continuous monitoring for better email security.

Meanwhile, Red Sift Certificates has you covered for requirements 4.2.1 and 4.2.1.1. Our platform provides centralized control, monitoring, and automated alerts for TLS certificates, ensuring compliance and reducing the risk of breaches, downtime and reputational damage due to expired or misconfigured certificates. By combining OnDMARC and Certificates, organizations gain a comprehensive approach to protecting against phishing and securing their infrastructure, minimizing downtime, and safeguarding sensitive data. Trusted by leading brands and government organizations, let us help you:

  • Simplify compliance with PCI-DSS.
  • Mitigate the risk of phishing and impersonation.
  • Prevent breaches caused by expired or misconfigured certificates.
  • Safeguard sensitive customer and organizational data.

Contact the Red Sift team today to strengthen your defenses and secure your business.

PUBLISHED BY

Billy McDiarmid

22 Jan. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more