Oracle Information InDepth


Oracle Database 12c
Oracle Database 12c Plug into the Cloud

Stay Connected

Oracle Blog Oracle on Twitter Oracle on Facebook Oracle on Youtube Oracle on LinkedIn

March 2014

Subscribe Subscribe Forward Forward

Back to the main page

PCI Requirements Go into Effect Amid High-Profile Retail Data Breaches

Major breaches of retail customer data are making headlines just as the latest version of the Payment Card Industry Data Security Standards (PCI DSS) go into effect.

In fact, according to the recent Verizon Data Breach Investigations Report, nearly a quarter of all data breaches in 2013 occurred in retail environments and restaurants.

"Recent breaches are a sobering reminder that the retail industry continues to be a key target of cybercriminals in 2014," says Troy Kitch, principal product marketing director for Oracle security products. "It also underscores the need to evolve security compliance beyond an audit-based yearly event into a day-to-day practice."

A 24/7/365 Approach
The latest PCI DSS, which went into effect in January 2014, make it clear that retailers must weave security into the way they operate on a daily basis.

"To ensure security controls continue to be properly implemented, PCI DSS should be implemented into business-as-usual activities as part of an entity's overall security strategy," writes the PCI Security Standards council. "This enables an entity to monitor the effectiveness of their security controls on an ongoing basis, and maintain their PCI DSS–compliant environment in between PCI DSS assessments."

The Power of Security Inside Out
"To defend against evolving threats, you need to begin by protecting your biggest targeted assets first—your databases," says Kitch.

That means implementing controls around which users have access to which data—and enforcing least privilege, especially in consolidated environments. It also means auditing database activity to detect and stop unauthorized activity, as well as collect critical forensic data.

"Oracle suggests retailers adopt a defense-in-depth approach to protect sensitive data from the inside out and future-proof against evolving regulatory requirements such as the new Payment Card Industry Data Security Standards,” says Kitch.

Learn more about Oracle’s Security Inside Out approach.

Download a white paper, on achieving PCI DSS compliance with Oracle solutions.

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together

Contact Us | Legal Notices and Terms of Use | Privacy

Oracle Corporation


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.