The PCI DSS Standard protects the personal data of payment cardholders. Therefore, organisations which process, transmit or store payment card data must comply with it. Most of them would be aware that failure to comply with the PCI DSS requirements will result in heavy fines, restrictions or even permanent expulsion from payment card acceptance programmes. Organisations, which are unable to meet their security obligations, risk becoming vulnerable to data breaches. And yet, there is a big number of non-compliant organisations – a recent Gartner’s report states that close to one-fifth of companies that should be compliant with the Payment Card Industry Data Security Standard (PCI DSS) are not.
Alan Calder, CEO of IT Governance, says, “CEOs should be really checking their bank statements. If they do this, they will notice that it is costing them over £600 per annum to be non-compliant. There is a huge misunderstanding, that PCI DSS compliance is expensive. What actually costs organisations a lot of money is to be non-compliant.”
“Organisations can do a few things in order to remove the risk of their website being hacked by criminals using stolen card details,” continues Calder. “ More importantly, these things don’t cost a fortune – some bespoke PCI DSS-compliance resources like an introductory book, a documentation toolkit and an annual scanning contract - as well as a little bit of work - can save them the monthly cost and protect them from data loss. It is a security investment with a year one return of 150%.”
IT Governance offers three essential resources which combined deliver an optimal route to PCI DSS-compliance.
The PCI DSS: A Practical Guide to Implementing and Maintaining Compliance provides advice and tips on the entire PCI implementation process. It shows organisations how to build and maintain a sustainable PCI compliance programme
The PCI DSS v2.0 Compliance Toolkit is specifically designed to help card payment-accepting organisations quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self Assessment Questionnaire. The toolkit contains a full set of documentation templates for all of the mandatory PCI DSS policies, as well as implementation guidance and ISO 27001 cross-mapping.
The HackerGuardian Scanning service is a vulnerability assessment scanning solution designed to identify website vulnerabilites and to achieve and maintain payment card industry compliance requirements.
Larger organisations can purchase the above products with a purchase order either by telephone +44 (0) 845 070 1750 or by e-mail to firstname.lastname@example.org.