20 July 2018


Retired Member

3,615Posts 14,172,574Views 4,515Comments

Breach, Brand and 5 things we know about PCI for 2015

11 February 2015  |  1962 views  |  0

PCI compliance has long been seen by many as a ‘tick in the box’ exercise, that hasn’t figured high on the information security stack hot list. But that does now seem to be changing. At the PCI London conference, a growing awareness of the strategic importance of PCI is becoming more and more prevalent. Recent data breaches and a growing awareness of impact across business operations, from marketing, finance to customer experience is finally pushing PCI onto the CXO agenda.

The not so good news as highlighted by Verizon’s recent green paper, is that the majority of organizations that achieve PCI compliance fall out of PCI-DSS after just one year. The key to success of PCI-DSS is now firmly focused on developing a strategy that assures sustainability year on year and that PCI-DSS becomes part of the every day behavior of an organization, from the way secure payment card data gets handled in trading environments to the awareness of employees in making all efforts to securely manage their role in protecting their organizations data.

So it can be argued that as a top 5 for 2015. The following represents the key pieces of the PCI puzzle that need to be incorporated into any PCI programme and information security strategy this year:

  1. This is the year to assure contact centre environments are freed from the risk of PCI-DSS. Don’t risk a data breach, reputational damage or fines. Look to remove sensitive card data from systems and people environments all together
  2. PCI is not just for the year it’s for all time. Look to a sustainable strategy and programme that assures continued compliance – it will save you tme and money!
  3. Use PCI 3.0 as the opportunity to build the people aspect of compliance into day to day business operations – education and changing behavior is key – everyone plays a part
  4. Clean out the cupboard. Look at outsourced storage and data cleansing to remove the risk of non-compliant legacy stored data
  5. Utilise new technology to solve business problems. Things like pause and resume recording has had its day, it’s high risk and not efficient for a PCI compliant environment. Embrace the power of the cloud. Outsource the problem while you focus on your customers.

Payment card data security risk is here to stay, but so is PCI. Embrace it and build a better business as a result this year.


a member-uploaded image TagsPayments

Comments: (0)

Comment on this story (membership required)

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3596 posts4,515 comments
What Retired reads

Who's commenting on Retired's posts

Pooja Golakonda
Behzod Sabirov
Ketharaman Swaminathan
Melvin Haskins
James Treacher
Kenneth Marritt
Mark Santall
Alexander De Lange
Graham Seel
Kishore Meda
Willem Lambrechts