Opinion

FUD Watch | Vendor Hype Escalates Over PCI Deadline

Monday is the day merchants must be in compliance with PCI DSS Requirement 6.6. That means the security vendor PR machine is in overdrive

By Bill Brenner, Senior Editor

Page 2

Without the pressure of PCI DSS, far fewer merchants would even be making an attempt to better protect customer data. Retailers don't like to make investments in anything that cuts into the bottom line, and, unfortunately, it often takes government regulations and industry standards to force private enterprise to do what's right. Without the compliance pressure, one could argue the rate of data breaches would be even worse than it is right now.

That said, companies should be looking at PCI DSS as a roadmap to better security and not as another compliance deadline to heed. Rushing to meet a deadline like this can push a company into making bad decisions over which security vendors to go to. It can also blind merchants to the fact that security is an ongoing process, not something that is achieved once a compliance deadline is met.

Don't be pressured into bad investments by vendors who try to scare you with the deadline talk.

If your company is not going to be in compliance by Monday, the world won't end. As long as you're clear with the PCI auditors on where the shortcomings are and what your plan is for addressing them, things will turn out fine.

Other stories by Bill Brenner

PCI

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors