VARs advised to get in on PCI compliance act

Resellers could turn the Payment Card Industry's Data Security Standard into a profit

Small security resellers have been urged to cash in on opportunities around upcoming changes to the Payment Card Industry’s (PCI) compliance requirements.
The PCI’s Data Security Standard (DSS), which is set to take hold in June, will impact every UK firm taking credit card transactions.
Building and maintaining a secure network, protecting cardholder data and maintaining a vulnerability management programme are among the six requirement categories.
But Ian Kilpatrick, chairman of distributor Wick Hill, claimed only the UK’s top 10 security VARs are talking to customers about PCI, leading most to miss out on a potentially lucrative revenue stream.
“This is something competent resellers are more than capable of doing. There is an opportunity for them to talk to customers and raise the issues involved,” Kilpatrick said.
“The first job is to understand what the standard is. There are only six components and it is not hugely complex. If they can understand this, they can talk to customers and raise the issues involved.”
However, James Mckee, security manager at reseller Qual, argued PCI requires too high an investment to net a quick payoff.
“PCI is quite complex. You need in-depth knowledge to competently talk about it,” he said.
Paul Spencer, managing director of VAR Axial Systems, said: “Resellers have a part to play, but I disagree that resellers should carry the responsibility to make sure PCI organisations are compliant.”
IBM offers firms PCI compliance