PCI compliance means operational change, not a one-off technology implementation

The landscape of the retail industry is changing, writes Ross Brewer, vice president and managing director, EMEA, LogLogic.

Written by Ross Brewer

CRN, 17 Jan 2008

Following a series of major security breaches to personal data, the issue of securing operational information has become key, particularly in the context of corporate reputation and operational excellence.

Payment Card Industry’ (PCI) compliance, which addresses the protection of stored cardholder data, is a recent phenomenon with the PCI Standard being launched in 2004. Prior to this, individual card brands managed their own security standards governing the processing and handling of cardholder data.

The standard provides a process for retailers to identify at what stage in the purchasing process a cardholder’s data risks being compromised. In a nutshell, it operates to validate and secure the entire chain of payment card processing.
On the face of it, the standard appears straightforward, with a short downloadable manual for retailers. However, those who research thoroughly will note that it is made up of a myriad of security audit procedures affecting many areas of the business, both technical and otherwise.

One of the main problems we at LogLogic find, is that when companies take on PCI compliance as a goal, there is a tendency to focus too heavily on technology. Many believe that if they implement one piece of software or hardware then this will offer the entire solution to PCI. Instead, retailers must embrace the notion and reality that PCI compliance is an ongoing process – requirements need to be met on a daily, weekly, and annual basis. Business processes therefore need to change, and resources for a one-off project are not enough. If companies do not have the relevant support, then they need to address this to meet the way their business needs to be operated on an ongoing basis. Becoming PCI compliant means making changes to the operation of a business, it’s not just about implementing new technology.

And, improving security levels will in turn lead to a positive impact being made upon the business, when companies such as Visa begin to address incenti ves, or lower charges for interchange rates. The more support PCI compliance has from across the business, from IT to board level, the more successful it will be.

Now is the time for retailers – at all levels – to embrace PCI compliance. Failure to do so may not result in legal action, but it will lead to potentially putting their customers’ data at risk, and the channel needs to convey this message.

  • Have your say
  • Send to a friend
  • Share
  • Print

reader comments

related articles

Communications

PCI Council gives helping hand to merchants

Prioritized Approach framework to help attain PCI DSS compliance 04 Mar 2009

Fraud

PCI awareness hits all time high

More UK firms than ever before have signalled their intention to become compliant with PCI standard according to survey 28 Oct 2008

Internet

Over 280 million records compromised last year

Damning report finds simple steps still being ignored 15 Apr 2009

latest news

Lenovo targets HP partner base

Vendor looks to expand reach and looks to rivals' channels to achieve its aims 03 Jul 2009

VMware rakes in 700 service provider partners

Virtualisation giant claims VSPP programme has gained significant traction in short space of time 03 Jul 2009

Compellent hits out at debate snub

Storage vendor writes open letter to prime minister in protest at being left out of £1bn stimulus debate 03 Jul 2009

More news

poll

Feeling secure?

Feeling secure?

Is offering standalone security still a viable business model?

View poll results

boxing ring

CRN Fight Night 2009 bouts now LIVE!

It is time to relive the craziness that was CRN Fight Night 2009

Eddie Pacey and Nitin Joshi

In The Studio with CRN: Credit in the Channel

CRN Editor Sara Yirrell chats to two of the industry's credit stalwarts - Nitin Joshi and Eddie Pacey

More CRN TV

events

East Sussex golf resort and spa

CRN Golf Challenge 2009

Join us for the premier golf event in the channel calendar

CRN Channel Conference 2009 logo

CRN Channel Conference 2009

A one-day conference dedicated to the needs of businesses in the UK technology channel

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories

Primary Navigation