More focus necessary on PCI DSS compliance
1 Jul 2010:
Payment Card Industry Data Security Standard (PCI DSS) Compliance must be taken seriously, warn experts, with Visa vowing to tighten up its security rules on smaller companies accepting card payments from 1 July 2010.
This is particularly relevant following the announcement this month that all London Olympics tickets must be purchased on a Visa card. In September, a further security mandate will require large scale card-accepting businesses to be fully PCI DSS complaint from the start of that month onwards.
Jeff LoSapio, security practice manager for application security specialist Fortify, said it is necessary for a change of mindset at the SME end of the market.
“Smaller companies accepting card payments need to start thinking like larger scale companies. With cyber threats at an all time high they are increasingly a target and need to take PCI seriously.
“The most important aspect of the PCI rules – which were introduced to protect cardholders from sloppy IT security practices in companies accepting their cards – is that companies should just regard meeting the security mandate as a best practice requirement that their IT department must achieve, just as HMRC imposes best practices on payroll departments, rather than a minimum target that has to be reached.”
PCI rules are becoming increasingly complex, meaning that any company that accepts card payments should, if they have not already done so, start reviewing their IT security systems to prevent any problems further down the line, added LoSapio.
For advice on passing PCI compliance, visit Fortify’s website at http://tinyurl.com/2c7x72e, or for more on the impending new PCI DSS rules, visit http://bit.ly/9tuMkY.
Leave a Reply