PCI compliance means operational change, not a one-off technology implementation

The landscape of the retail industry is changing, writes Ross Brewer, vice president and managing director, EMEA, LogLogic.

Written by Ross Brewer

CRN, 17 Jan 2008

Following a series of major security breaches to personal data, the issue of securing operational information has become key, particularly in the context of corporate reputation and operational excellence.

Payment Card Industry’ (PCI) compliance, which addresses the protection of stored cardholder data, is a recent phenomenon with the PCI Standard being launched in 2004. Prior to this, individual card brands managed their own security standards governing the processing and handling of cardholder data.

The standard provides a process for retailers to identify at what stage in the purchasing process a cardholder’s data risks being compromised. In a nutshell, it operates to validate and secure the entire chain of payment card processing.
On the face of it, the standard appears straightforward, with a short downloadable manual for retailers. However, those who research thoroughly will note that it is made up of a myriad of security audit procedures affecting many areas of the business, both technical and otherwise.

One of the main problems we at LogLogic find, is that when companies take on PCI compliance as a goal, there is a tendency to focus too heavily on technology. Many believe that if they implement one piece of software or hardware then this will offer the entire solution to PCI. Instead, retailers must embrace the notion and reality that PCI compliance is an ongoing process – requirements need to be met on a daily, weekly, and annual basis. Business processes therefore need to change, and resources for a one-off project are not enough. If companies do not have the relevant support, then they need to address this to meet the way their business needs to be operated on an ongoing basis. Becoming PCI compliant means making changes to the operation of a business, it’s not just about implementing new technology.

And, improving security levels will in turn lead to a positive impact being made upon the business, when companies such as Visa begin to address incenti ves, or lower charges for interchange rates. The more support PCI compliance has from across the business, from IT to board level, the more successful it will be.

Now is the time for retailers – at all levels – to embrace PCI compliance. Failure to do so may not result in legal action, but it will lead to potentially putting their customers’ data at risk, and the channel needs to convey this message.

  • Have your say
  • Send to a friend
  • Share
  • Print

reader comments

related articles

Communications

PCI Council gives helping hand to merchants

Prioritized Approach framework to help attain PCI DSS compliance 04 Mar 2009

Internet

Over 280 million records compromised last year

Damning report finds simple steps still being ignored 15 Apr 2009

Security

Airlines maintaining focus on IT security

But some struggling to achieve compliance deadlines 30 Mar 2009

latest news

Lanway launches recruitment drive

VAR to beef up headcount as it waits for result of Buying Solutions framework 09 Feb 2010

Dell bids for fallen Exanet

PC giant on the brink of buying liquidated storage firm for a reported $12m 09 Feb 2010

ScanSource woos Avaya resellers with fast pricing

Distributor launches System Central 24/7 tool in the UK 09 Feb 2010

More news

analysis and reports

Wireless LAN systems for the healthcare industry

The goal of a paperless hospital driven by wireless access that improves patient healthcare, expedites administration and streamlines operations.

A technology solution to align sales and marketing

Presenting best practices around people, processes and technology, this paper will help you produce more valuable customer relationships.

poll

A direct hit?

A direct hit?

Is Oracle right to take Sun's large accounts direct?

View poll results

David Critchley

PROMOTIONAL VIDEO - Accelerate your business with Cisco

Watch this Cisco promotional video to hear how the vendor can boost your business

money

CRN Web Seminar: Convincing Customers to Spend their way out of Recession

Join CRN editor Sara Yirrell and a panel comprised of Tim Black from sponsor Intel, Sam Routledge from VAR Softcat and Antony Young from analyst Demuto to find out how to get customers spending in 2010

More CRN TV

events

Expo 2008 entrance

Channel Expo 2010

The only UK exhibition dedicated to the channel is coming to London, Olympia on 12 and 13 May 2010

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Primary Navigation