PCI DSS – Why some organisations comply and others don’t?

13/05/2013

According to the UK Cards Association, spending on debit and credit cards last year rose by 4.8%, whilst card fraud increased by 14%. With both figures on the rise, are companies doing enough to protect their customers and mitigate the threat of card fraud?
 
The Payment Card Industry Data Security Standard (PCI DSS) is administered by the PCI Security Standards Council (PCI SCC) with the specific objectives of decreasing payment card fraud across the internet and increasing the security of confidential payment card information. Despite its important role, many organisations that store, transmit or process card holder data don’t meet the PCI DSS requirements.
 
Alan Calder, CEO of PCI–compliance experts, IT Governance, says, “Unfortunately, many companies still believe that they can carry on trading without being PCI-compliant. Few of them realise that it can actually cost them more to be non-compliant. If they don’t adhere to the strict guidelines imposed by the PCI council, the risk of data breaches to them is greater.
 
On the other side, security-awareness companies understand the importance of security best practices and data handling. By increasing control around data handling, as prescribed by the PCI DSS standard, they are in a better position to protect sensitive data.”
 
Organisations that need to implement PCI and maintain their compliance can chose two main routes:
 
PCI Training – they can send those members of staff who will be responsible for the project on the PCI DSS Implementation and Maintenance training course. The course uses practical examples and real-life case studies to guide delegates through a proven methodology designed to ensure that they select the correct ‘route to compliance’, identity the exact requirements using gap analysis and create an effective implementation plan. Places on the PCI DSS Implementation course can be booked online at www.itgovernance.co.uk/shop/p-1279.aspx.  
 
PCI Consultancy – some organisations don’t have the internal resources to carry out a compliance project. For them, calling a qualified PCI consultant may be a better option. PCI consultancy services can be very flexible and tailored to meet the company’s specific requirements.
 
Calder adds, “In today’s highly competitive and economically challenging environment, winning customer trust is essential for any company. Organisations that comply with the PCI DSS demonstrate to their clients that their information is secured in line with one of the strictest industry-recognised information security standards in the world.”
 
IT Governance Ltd is a PCI QSA company and has a track record of helping many organisations comply with PCI DSS. The company can be contacted on +44 (0) 845 070 1750 or by email at servicecentre@itgovernance.co.uk.
This website uses cookies. View our cookie policy