Breach, Brand and 5 things we know about PCI for 2015

PCI compliance has long been seen by many as a ‘tick in the box’ exercise, that hasn’t figured high on the information security stack hot list. But that does now seem to be changing. At the PCI London conference, a growing awareness of the strategic importance of PCI is becoming more and more prevalent. Recent data breaches and a growing awareness of impact across business operations, from marketing, finance to customer experience is finally pushing PCI onto the CXO agenda.

The not so good news as highlighted by Verizon’s recent green paper, is that the majority of organizations that achieve PCI compliance fall out of PCI-DSS after just one year. The key to success of PCI-DSS is now firmly focused on developing a strategy that assures sustainability year on year and that PCI-DSS becomes part of the every day behavior of an organization, from the way secure payment card data gets handled in trading environments to the awareness of employees in making all efforts to securely manage their role in protecting their organizations data.

So it can be argued that as a top 5 for 2015. The following represents the key pieces of the PCI puzzle that need to be incorporated into any PCI programme and information security strategy this year:

1. This is the year to assure contact centre environments are freed from the risk of PCI-DSS. Don’t risk a data breach, reputational damage or fines. Look to remove sensitive card data from systems and people environments all together
2. PCI is not just for the year it’s for all time. Look to a sustainable strategy and programme that assures continued compliance – it will save you tme and money!
3. Use PCI 3.0 as the opportunity to build the people aspect of compliance into day to day business operations – education and changing behavior is key – everyone plays a part
4. Clean out the cupboard. Look at outsourced storage and data cleansing to remove the risk of non-compliant legacy stored data
5. Utilise new technology to solve business problems. Things like pause and resume recording has had its day, it’s high risk and not efficient for a PCI compliant environment. Embrace the power of the cloud. Outsource the problem while you focus on your customers.

Payment card data security risk is here to stay, but so is PCI. Embrace it and build a better business as a result this year.