While surfing LinkedIn recently, a user’s posted question caught my eye.
The user, a small merchant, asked whether his approach to PCI compliance was the most cost-effective way possible. As his business was recently classified as a Level 4 merchant, he said he needed only “focus on those areas where we may fall short.” He also said free or low-cost solutions might be the best option because while “not very user friendly,” they do “tick the right PCI boxes and get us PCI compliant.”
The poster then went through several security measures he was considering, including internal scanning and file-integrity monitoring. “Or am I just wasting my time?” he asked.
Well, no. Anything you do to make your business more secure is a good thing.
But, as another LinkedIn user correctly pointed out, the merchant was asking the wrong questions.
Instead of focusing on how to (and how much) it would take to better secure customer information, the merchant instead was laser-focused on simply becoming compliant.
This is the wrong approach, tactically and psychologically. The PCI Data Security Standard is a way to validate basic data security. It’s not the Yellow Brick Road to Oz. It’s only a tool—a pretty good one—to help minimize danger along the way.
Neither I nor the other LinkedIn user, I’m sure, believes this merchant doesn’t care about the security of his customers. But the things the poster, and any merchant, should be focusing on first are the steps to improve the overall safety of cardholder data.
Steps like:
- Using a compliant payment application. You can access these applications here.
- Securing transactions. All cardholder data must be encrypted during transmission.
- Conducting regular Web application and vulnerability scans. If you have externally-facing IP addresses, conduct regular scanning to identify critical vulnerabilities for remediation.
- Setting cardholder data storage policies. Merchants should not electronically store credit card data without a compelling business reason.
- Setting access policies. Employees who don’t need access to sensitive customer information should not be given access.
As for the LinkedIn question, the reader who responded to the merchant’s post had a particularly valid point: “If you are worried about the cost (to become) PCI DSS compliant, check on the alternative. Be non-compliant when your system is compromised, then you will be talking about real money and possibly your company will go out of business.”
I couldn’t have said it better myself.
‘Till Next Time,
Joan
The eSecurityDiva
I was wondering if you could shed a little light for me. I own a website Design and Development company. We own our own server and host our clients. We currently host about 120 web sites and possible 30 of them have commerce. Is it true I must pay 5,000 to be compliant and have my system scanned? then 2500/yr. None of my commerce sites store credit cards.
Posted by: Brady | November 20, 2009 at 11:27 AM
Did you use an assistance of a essay writing service for your famous topic? I opine that you really have unique sample essay creating skills. Thank you very much for your release!
Posted by: tA31Alexa | February 13, 2010 at 06:19 AM
It's cool that we are able to get the personal loans moreover, this opens new chances.
Posted by: personal loans | March 10, 2010 at 05:42 PM
http://oppao.net/n-ona/
http://oppao.net/navi/
http://oppao.net/new-d2/
http://oppao.net/fd3/
http://oppao.net/soap2/
http://oppao.net/bg2/
http://oppao.net/host2/
http://oppao.net/lesson2/
http://oppao.net/op2/
http://oppao.net/fl3/
http://oppao.net/bb2/
http://oppao.net/s-este/
http://oppao.net/rd2/
http://oppao.net/kawa/
http://oppao.net/n-club2/
http://s-auc.net/
Posted by: オテモヤン | March 26, 2010 at 09:09 PM
E Security is wonderful not only protecting our information to be hacked
Posted by: E-Security - Online Security - Online Information Security - Esecurity Online | August 18, 2010 at 12:42 AM
I recently found a new E check solution advertised on a website, called Mycheq belonging to www.mypaylinqcasinos.com to be PCI compliant. I am a little concerned to use such a payment method is it safe ? How do i know if they are PCI compliant?
Posted by: Mike Roth | October 24, 2010 at 05:33 PM
No road is long with good company.*
Posted by: coach outlet | November 15, 2010 at 03:34 AM
**Byron!**
Your back!!!!!!
I been checking in here every day since the first tornadoes started touching down this year.
*squeeeeeeee*
**jumps up and down**
This is brilliant. Your back!!!!
*****
Posted by: vibram toe shoes | May 10, 2011 at 03:40 AM
I can get when I swipe my loyalty card. The coupons are always for things I have bought in the past or are very similar to things I regularly buy. That’s good use of a discount based on knowing my needs—thereby treating me as a special individual
Posted by: Mens True Religion 5 | May 26, 2011 at 04:52 AM
....mypaylinqcasinos.com to be PCI compliant. I am a little concerned to use such a payment method is it safe ? How do i know if they are PCI compliant?
Posted by: christian shoes | May 31, 2011 at 02:31 AM
the following question. How important is it to write by the book, so to speak ?, or is there any room for bending the rules some ? Thanks
Posted by: Christian Louboutin Slingbacks | June 03, 2011 at 05:22 AM
Thanks for providing such useful information. I really appreciate your professional approach. I would like to thank you for the efforts you made in writing this post. I am hoping the same best work from you in the future as well.
Posted by: best airline miles credit cards | June 03, 2011 at 04:15 PM
Glad I found this blog, lots of interesting contents here
Posted by: Web Design Sheffield | June 11, 2011 at 11:48 AM
That's me. Thanks Innovation doesn't take a vacation during an economic downturn. Innovation is a constant.
Posted by: vibram five fingers | June 17, 2011 at 11:16 PM
Thanks I got up this morning and feel fine, because I received a gift from my parents.This is Birkenstock Sandals.I am happy. Thanks for god giving me a beautiful day.
Posted by: sinful bikini | June 19, 2011 at 10:12 PM
Welcome to visit fake ray bans wholesale site. Fake Ray Ban Sunglasses encompass the form that started everything.The fake Ray Ban Sunglasses may be the brand staple originally designed for the U.S.military fighter pilots in 1937.Ray Ban Replica Sunglasses have the timeless look using the unmistakable tear drop shaped lenses.This style allowed Aviators to p>Welcome to visit fake ray bans wholesale site. Fake Ray Ban Sunglasses encompass the form that started everything.The fake Ray Ban Sunglasses may be the brand staple originally designed for the U.S.military fighter pilots in 1937.Ray Ban Replica Sunglasses have the timeless look using the unmistakable tear drop shaped lenses.This style allowed Aviators to quickly spread beyond their utility,becoming popular among celebrities,rock stars and citizens world wide alike.It becomes an iconic look that has endured for pretty much a hundred years.Fake Rar Ban Aviator sunglasses can also be found with polar lenses.Fake Ray Ban Sunglasses are retro and timeless,and as fashionable today because they were when they were the sunglasses associated with preference of counter-culture intellectuals and civil rights leaders.Ray Ban Replica Clubmaster sunglasses are perfect for the generation that grew up with its classic curved lines in addition to young whipper snappers who are discovering the iconic shape the very first time.quickly spread beyond their utility,becoming popular among celebrities,rock stars and citizens world wide alike.It becomes an iconic look that has endured for pretty much a hundred years.Fake Rar Ban Aviator sunglasses can also be found with polar lenses.Fake Ray Ban Sunglasses are retro and timeless,and as fashionable today because they were when they were the sunglasses associated with preference of counter-culture intellectuals and civil rights leaders.Ray Ban Replica Clubmaster sunglasses are perfect for the generation that grew up with its classic curved lines in addition to young whipper snappers who are discovering the iconic shape the very first time.Welcome to visit http://www.fakeraybanswholesale.com .
Posted by: fake ray ban sunglasses | June 22, 2011 at 03:43 AM
This article is very good,i was already share it in our site. This is a wiser approach for online purchases because with this, you are able to clearly compare the appearance and preciseness of the Replica Ray Ban sunglasses to that of the original one, giving you less chances of purchasing very cheap-looking best Replica Ray Bans sunglasses. We have Make wholesale purchases in our Fake Ray Ban sunglasses stores, This is usually done by people who intend to sell the best Knockoff Ray Bans sunglasses types and to find one for their own use as well. All fake ray bans are brand-new, never used, best quality. Please enjoy our Knockoff Ray Ban sunglasses site to buy them.
Posted by: fake ray bans | June 22, 2011 at 07:51 AM
Thanks for providing such useful information. I really appreciate your professional approach. I would like to thank you for the efforts you made in writing this post. I am hoping the same best work from you in the future as well.
Posted by: dating | July 22, 2011 at 11:02 AM
I cannot choose the best. The best chooses me..
Posted by: cheap jordans | July 26, 2011 at 03:05 AM
Buildings are not cheap and not every person can buy it. Nevertheless, business loans are invented to help people in such cases.
Posted by: personal loans | August 07, 2011 at 07:48 PM
Your blog is so nice that every one would feel pleasure to post comments. So am I. Thanks. Keep sharing the similar posts which we feel happy !!
Posted by: replica oakleys | August 31, 2011 at 04:50 AM
Your blog is so nice that every one would feel pleasure to post comments. So am I. Thanks. Keep sharing the similar posts which we feel happy !!
Posted by: replica oakleys | August 31, 2011 at 04:51 AM
"I sought to show the changing balance of planes - from anti-ship torpedo and dive bombers in the early days when the main objective was destroying other ships - to fighter planes, whose main job was to defend against the kamikazes in the final months."
Max, Midway is pretty much the final act of anti-ship carrier warfare, right? If you follow Keegan and Churchill, it's the critical turning point in the Pacfic war - there's a wonderfully readable description of Midway in Keegan's The Price of Admiralty.
Posted by: Christian louboutin heels | September 05, 2011 at 04:46 AM
outlet necessità di imparare queste tecnologie da zero in Cina, il Giappone
Posted by: UGGS Clearance | September 20, 2011 at 04:18 AM
www.raybanwayfarersunglass.com,
Replica Ray Ban Aviator Discount Sunglasses sale,Ray Ban Caravan Sunglasses,Ray Ban Wayfarer Replica Sunglasses discount,Replica Ray Ban Cats Sunglasses,Ray Ban Clubmaster Sunglasses,Replica Ray Ban Rare Prints Sunglasses,Ray Ban Jackie Ohh Sunglasses,Replica Ray Ban Cockpit Sunglasses,Ray Ban Daddy-O Replica Sunglasses,Replica Ray Ban Polarized Sunglass,New Ray Ban Sunglasses online shop.http://www.replicaoakleysforsale.com
Posted by: fcsdgsdf | September 21, 2011 at 03:52 AM