|
|
|
17 Jan 2008
Following a series of major security breaches to personal data, the issue of securing operational information has become key, particularly in the context of corporate reputation and operational excellence.
Payment Card Industry’ (PCI) compliance, which addresses the protection of stored cardholder data, is a recent phenomenon with the PCI Standard being launched in 2004. Prior to this, individual card brands managed their own security standards governing the processing and handling of cardholder data.
The standard provides a process for retailers to identify at what stage in
the purchasing process a cardholder’s data risks being compromised. In a
nutshell, it operates to validate and secure the entire chain of payment card
processing.
On the face of it, the standard appears straightforward, with a short
downloadable manual for retailers. However, those who research thoroughly will
note that it is made up of a myriad of security audit procedures affecting many
areas of the business, both technical and otherwise.
One of the main problems we at LogLogic find, is that when companies take on PCI compliance as a goal, there is a tendency to focus too heavily on technology. Many believe that if they implement one piece of software or hardware then this will offer the entire solution to PCI. Instead, retailers must embrace the notion and reality that PCI compliance is an ongoing process – requirements need to be met on a daily, weekly, and annual basis. Business processes therefore need to change, and resources for a one-off project are not enough. If companies do not have the relevant support, then they need to address this to meet the way their business needs to be operated on an ongoing basis. Becoming PCI compliant means making changes to the operation of a business, it’s not just about implementing new technology.
And, improving security levels will in turn lead to a positive impact being made upon the business, when companies such as Visa begin to address incenti ves, or lower charges for interchange rates. The more support PCI compliance has from across the business, from IT to board level, the more successful it will be.
Now is the time for retailers – at all levels – to embrace PCI compliance. Failure to do so may not result in legal action, but it will lead to potentially putting their customers’ data at risk, and the channel needs to convey this message.
Related articles
In this video find out about the fast-growing Chinese vendor's plans for market domination and how the channel is its route of choice
Find out what gifts Acer has in store for partners for 2012 in this exclusive roundup of its recent conference
CRN's premier networking event is back on 17 May at the Ricoh Arena
Date: Thu 17 May 2012
Channel fighters preparing to square up once more on 24 May
Date: Thu 24 May 2012
The proliferation of endpoint devices within the enterprise has highlighted the shortcomings of one of the traditional approaches to data security
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Dave discovers that rozzers are seemingly living in the technology dark ages
Mark Needham, founder of distributor Widget, argues that John Browett leaves for Apple with Dixons in better shape than when he arrived
|
|
|
Do you agree?
Have your say