News
PCI Security Pain: Amid Recession, Merchants Struggle to Comply
With the recession drying up compliance budgets, merchants send PCI Security Standards Council General Manager Bob Russo a letter asking for help (includes audio).
By Bill Brenner, Senior Editor
As difficult as the economy is making compliance for many merchants, Russo said he's also hearing from those who want to move more aggressively on PCI security improvements because of another byproduct of the recession -- a significant spike in online crime. [See: With Economic Slump, Concerns Rise Over Data Theft]. He said merchants won't have to worry as long as they're making an honest effort to meet PCI compliance needs to the best of their ability.
"It's not our goal to put people out of business over compliance," Russo said. "The fact that they're giving us feedback is exactly what we're looking for. A lot of this stuff is already in play."
He added that merchants will have ample opportunity to weigh in on the next version of PCI DSS in the coming months. The council is now seeking feedback on what could be improved upon in the next version, and a series of community meetings and workshops are planned.
"The Community Meetings are the highlight of our year, where stakeholders from across the globe partner to evolve the PCI standards and work together toward a more secure payment environment," he said. "For the PCI Security Standards to continue to be effective in protecting cardholder data, we must continue to solicit and represent the voices of payment chain stakeholders worldwide. We do this through a structured, but flexible, lifecycle and feedback process that provides critical input on future PCI security standards."
Other stories by Bill Brenner
PCI DSS
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
- Beyond PCI Checklists: Securing Cardholder Data with Enhanced File Integrity Monitoring
- Credit Issuers: Stop Application Fraud at the Source with Device Reputation
- CSO's Guide to Security and Compliance
- Understanding Data Location is Imperative for Data Loss Prevention
- FISMA and FDCC Compliance: Millennium Challenge Corporation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
