Nov 10, 2010
This white paper on PCI compliance explains why compliance for compliance's sake is not a best practice in protecting cardholder data. The Payment Card Industry Data Security Standard (PCI DSS) has been evolving for many years and will continue to be enhanced to address new security threats and protection measures. With maturity of the DSS, many security auditors are beginning to press companies that accept payment cards to demonstrate more than just 'forward progress' toward compliance, or at least a smaller number of compensating controls. Many retailers that have recently completed security audits are scrambling to implement new measures as their auditors have begun insisting on full compliance with key areas of the DSS.
How does a retailer effectively address compliance and avoid becoming headline news for all the wrong reasons? By focusing on security best practices and not accepting vendor claims that their solutions alone can provide compliance. Learn why compliance is the byproduct of a well-executed information security program that:
* focuses on risk management
* minimizes the use of compensating controls
* includes careful consideration of technology and service provider capabilities (not just the lowest bid)
* recognizes your business is responsible for the security of cardholder data
How can you improve data protection and PCI compliance?