Subscribe to eSecurity Diva
 Subscribe via RSS Feed


 

« More Has to Be Done to Enhance Security. But What? | Main | Batteries.com Breach: Headaches All Around »

June 03, 2009

When it Comes to PCI Compliance, You Need a Partner

As Payment Card Industry deadlines come and go, I’ve noticed a rash of acquiring banks, card processors, ISOs AND vendors jumping into the mix to get a piece of the compliance pie fees.

So, what does this mean for small- or medium-sized merchants? Well, this influx does show that companies of all walks are becoming more aware of security and PCI compliance. That is good.

But the influx also means plenty of opportunities for questionable practices that may not serve to improve the true state of security with the best interest of the merchants. That is not good.

Becoming PCI compliant is a daunting task for any merchant, especially small merchants. Whether you’re a merchant or an acquirer, you should learn more about security and PCI before selecting a compliance partner. You should also beware of simply going with the vendor who offers the lowest fees. Understand what you can expect from the PCI vendor and make sure the result is a more secure business.

Despite the inherent complexities surrounding PCI compliance, we’ve all seen ill-conceived  programs that don’t provide the most basic of services or support to merchants. Some don’t even provide a basic education in PCI. Bottom line, smaller merchants need real help with becoming—and staying—compliant.

After all, no one wins if you get fined. Or worse, breached.

Which makes me think. What is really driving this behavior? Is it to protect shoppers’ payment card data? Is it to minimally satisfy the card brands’ mandates? Or is it to create an incremental revenue stream?

Can these drivers co-exist…or are they mutually exclusive?

Some recent trends suggest to me that it will take a while for the PCI market to shake out. Merchants and acquirers will eventually grow wise to shoddy activity and will gravitate toward quality PCI-compliance services. Unfortunately, in the meantime, not enough is being done to truly advance increased security for small merchants. 

Pendulum1-101.jpg903f08b0-f0dd-43c1-8f53-e70d6eb43793Large Congress is aware of this, as we’ve seen with the recent PCI hearings. As the pendulum tilts toward more regulation on everything from carbon emissions to debt lending, this lack of true security improvements could ultimately lead to Congress legislating compliance—which the PCI Council has been diligently working at to avoid.

Worse, these trends will hurt your efforts to become PCI compliant, which will ultimately leave your shoppers more exposed to hackers and data thieves.

As the new PCI market begins to mature, having the right partners will help you stay compliant in the most efficient manner possible. Having the right partners will also ensure you’re not being taken advantage of.

‘Til Next Time,

Joan
The eSecurity Diva

Posted at 12:27 PM in PCI Issues |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e551f086aa8833011570b621f8970b

Listed below are links to weblogs that reference When it Comes to PCI Compliance, You Need a Partner:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment