Payment Card Industry – Data Security Standard (PCI DSS)
- Posted by: Candaş Üçer
- Categories: Blog, English
The Path To Compliance
If an organisation accepts payments on Visa, MasterCard, or American Express cards, it is obliged to comply with the PCI Data Security Standard. The standard therefore applies across many sectors, including the vast majority of retail chains, many financial services organisations that take card payments, and some public sector organisations such as local authorities and government agencies.
Addressing the requirements of the PCI Data Security Standard poses a number of significant challenges:
Significant technology changes need to be implemented at all point of sale systems, but these mission-critical systems are often already struggling to keep up with peak performance demands
The standard acknowledges that strict compliance may be impossible, but it is not clear what is required instead
The standard demands a cross-organisational effort to improve information security, which increases the complexity of the change programme and the risks it carries. If the PCI efforts are not championed by senior management, the risk of failure is very high
The compliance landscape is complex, involving payment card schemes (Visa, MasterCard, AmEx), acquiring banks, and qualified security assessors among others. Effectively managing these relationships is crucial to achieving compliance in a pragmatic and cost-effective manner
What we recommend is..
Use best-practice approaches to analyse risks and define appropriate mitigations
Engage compliance stakeholders, get buy-in for a risk-based programme of change
Mobilise an effective and realistic programme to deliver the required compliance and risk reduction
Ensure that PCI solutions deliver ongoing risk reduction and compliance
- Growth through innovation/creativity:
Rather than be constrained by ideas for new products, services and new markets coming from just a few people, a Thinking Corporation can tap into the employees.
- Increased profits:
The corporation will experience an increase in profits due to savings in operating costs as well as sales from new products, services and ventures.
- Higher business values:
The link between profits and business value means that the moment a corporation creates a new sustainable level of profit, the business value is adjusted accordingly.
- Lower staff turnover:
This, combined with the culture that must exist for innovation and creativity to flourish, means that new employees will be attracted to the organization.