PCI Deadline: Merchants Need To Avoid The Compliance Trap

UK Level 1 Merchants that accept Visa payments and process more than 6 million transactions annually will need to comply with the original v1.2 PCI guidelines by September 30 2010. The deadline means Level 1 merchants must demonstrate that they are fully compliant or risk being fined for non-compliance. This deadline comes as European director for PCI, Jeremy King, is raising awareness of PCI across Europe.

PCI compliance might have been around for some time, but merchants are still struggling to get their heads around the requirements. The September 30th deadline is mandating that Level 1 merchants now comply with the original v1.2 guidelines. However, the compliance puzzle doesn’t end there. Version 2.0 is just around the corner. Meaning, merchants not only need to be concerned about their ability to prove compliance with v1.2, but with the steps they need to take to get to the next stage of compliance.

All too often, organisations fall into the compliance trap and focus all their efforts on meeting the requirements of a new deadline, without thinking about the bigger picture. This broken compliance strategy is not only costly, but ineffective when it comes to security. Taking a myopic view of regulatory compliance creates a situation where merchants are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets.

Merchants must avoid detaching risk management from compliance. PCI standards are designed as a starting point to helping build a strong security posture, but are specifically concerned with payment card data. To achieve true, continuous security across all aspects of the organisation, merchants should consider the following:

  • Avoid a silo approach – don’t separate compliance and risk management
  • Gain visibility across security controls and regularity compliance
  • Ensure processes are manageable, automated and repeatable to enable 24x7x365 compliance and security
  • Enforce security policies with operational endpoint management
  • Prevent the execution of malicious code by allowing only approved applications to run in an environment – this can be achieved with intelligent whitelisting
  • Centralise data gathering to ease compliance reporting and audit workflows
SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Alan Bentley is Senior Vice President of International Sales at Lumension Security. In this role, he is responsible for overseeing and driving sales and marketing efforts in Asia Pacific and EMEA. An industry veteran with over 10 years experience in the IT security industry, Alan is responsible for leading teams in EMEA and APAC and elevating brand awareness, thought leadership and increasing market penetration to drive growth in the respective markets. Prior to Lumension, Alan held executive management roles in security organisations based across the UK including Global Secure Systems and Ellipse Distribution. Prior to entering the security industry, Alan held sales roles for MAN Roland, a German based company in the printing industry and Hanson, a UK company in the construction industry. Alan holds a degree from Brunel University with a BA (Hons) in European Business Studies. He also completed his PGCE at Roehampton Institute.