PCI compliance means operational change, not a one-off technology implementation

The landscape of the retail industry is changing, writes Ross Brewer, vice president and managing director, EMEA, LogLogic.

Written by Ross Brewer

CRN, 17 Jan 2008

Following a series of major security breaches to personal data, the issue of securing operational information has become key, particularly in the context of corporate reputation and operational excellence.

Payment Card Industry’ (PCI) compliance, which addresses the protection of stored cardholder data, is a recent phenomenon with the PCI Standard being launched in 2004. Prior to this, individual card brands managed their own security standards governing the processing and handling of cardholder data.

The standard provides a process for retailers to identify at what stage in the purchasing process a cardholder’s data risks being compromised. In a nutshell, it operates to validate and secure the entire chain of payment card processing.
On the face of it, the standard appears straightforward, with a short downloadable manual for retailers. However, those who research thoroughly will note that it is made up of a myriad of security audit procedures affecting many areas of the business, both technical and otherwise.

One of the main problems we at LogLogic find, is that when companies take on PCI compliance as a goal, there is a tendency to focus too heavily on technology. Many believe that if they implement one piece of software or hardware then this will offer the entire solution to PCI. Instead, retailers must embrace the notion and reality that PCI compliance is an ongoing process – requirements need to be met on a daily, weekly, and annual basis. Business processes therefore need to change, and resources for a one-off project are not enough. If companies do not have the relevant support, then they need to address this to meet the way their business needs to be operated on an ongoing basis. Becoming PCI compliant means making changes to the operation of a business, it’s not just about implementing new technology.

And, improving security levels will in turn lead to a positive impact being made upon the business, when companies such as Visa begin to address incenti ves, or lower charges for interchange rates. The more support PCI compliance has from across the business, from IT to board level, the more successful it will be.

Now is the time for retailers – at all levels – to embrace PCI compliance. Failure to do so may not result in legal action, but it will lead to potentially putting their customers’ data at risk, and the channel needs to convey this message.

reader comments

related articles

Security

Payment security is lagging

Failure to comply with card data rules puts UK businesses at risk 27 Sep 2007

Retail

Retailers fail to monitor credit card data access

Many businesses carrying out card payments are unable to track who has been accessing data 01 Apr 2008

Visa relaxes PCI stance

Card giant says it will give firms more time to comply with the data security standard 16 Aug 2007

latest news

Microsoft swoops amid fears over piracy rise

Software giant claims struggling VARs are under pressure to cut corners 18 Jul 2008

Sony targets B2B glory

IT giant targets lap-top market 18 Jul 2008

EMEA drives IBM revenue rise

IT behemoth sees EMEA revenues rise by a fifth as it celebrates "outstanding " quarter 18 Jul 2008

More news

Most read stories

More

poll

Fuel for thought?

Fuel for thought?

Is Ingram right to pass on the rising cost of fuel through a freight charge?

Previous poll results

In The Studio With CRN: Josh Claman, Dell

In an editorial coup for CRN, Josh Claman, vice president of EMEA channels at Dell, talks to CRN TV about the vendor's channel plans

CRN Fight Night bouts are LIVE!

ALL the bouts from CRN's first ever white collar boxing event at The Brewery in Chiswell Street, are now online in their full glory for CRN readers to watch.

More CRN TV

events

CRN Golf Challenge 2008

CRN Channel Golf Challenge 2008

CRN's annual golfing day will this year be held on 16 September at a championship course in East Sussex

CRN Reseller Leadership Forum logo

CRN Reseller Leadership Forum

An exclusive channel conference from CRN, to be held over one action-packed day in September 2008

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories