PCI Standard Drives Some CISO's Work This Year

Some companies find they must pour money and time into complying with payment card data security requirements.

Larry Greenemeier, Contributor

May 11, 2007

2 Min Read

The payment card industry's Data Security Standard, created by Visa and MasterCard, is the focus of a lot of IT work--and spending--as companies seek to comply with its requirements for better protection of customer credit and debit card data. Two chief information security officers from Fortune 50 retailers, participating in an online discussion with Merrill Lynch that was open to the public, made this clear.

The CISOs, identified only by their first names so they could address sensitive security issues, agree that PCI compliance will be the biggest driver of security spending over the next year. "The money we spent on remediating for PCI is considerably larger than what we've spent on remediating for Sarbanes-Oxley, " Mark says. The other CISO, Tony, says security is typically less than 1% his company's IT budget, but this year it's doubled because of PCI.

In effect since December 2004 and updated in September, PCI requires firewalls, the encryption of cardholder and other sensitive data sent across public networks, and restrictions on physical access to cardholder data. Merchants not in compliance can't process Visa or MasterCard payments.

It's a "great commonsense approach to how security should be implemented," Tony says. "Unfortunately, a large company like the one that I work for just didn't take it very seriously three years ago," when the standard was being proposed. A lot has changed since then, he says, and PCI is now the main driver behind his company's security initiatives, accelerating its use of data encryption. It's preparing to encrypt all data brought into the company's IT systems "so that everybody can reduce the risk further," he says.

Piling PCI on top of all the other regulations to which companies must comply isn't easy, but there's little choice when CISOs consider what's at stake.

Return to the story:
Cigna's Craig Shumard: One Man's Security Mission Continue to the sidebars:
PayPal's CISO's Psychological Warfare
and
Mozilla's Window Snyder: A CISO With A Different Agenda

Read more about:

20072007

About the Author(s)

Larry Greenemeier

Larry Greenemeier

Contributor

See more from Larry Greenemeier
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

cybercrime abstract with two locks
Cyber Resilience
10 Cyber Incident Response Tips From Those Who've Had a Breach and Lived to Tell About It10 Cyber Incident Response Tips
bySara Peters
May 8, 2024
6 Min Read
DNA (deoxyribonucleic acid) strand, illustration.
Data Management
DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?
byRichard Pallardy
May 7, 2024
15 Min Read
Paul Nakasone, former director of the National Security Agency, and a former commander of US Cyber Command, speaks at the RSA Conference 2024.
Cyber Resilience
Four Horsemen of Cyber Reunite at the RSA ConferenceFour Horsemen of Cyber Reunite at the RSA Conference
byJoao-Pierre S. Ruth
May 9, 2024
6 Min Read
Technologist and author Bruce Schneier addresses the crowd at RSA Conference 2024 about the future impacts of AI on democracy.
Machine Learning & AI
Bruce Schneier: 5 Ways AI Could Shake Up DemocracyBruce Schneier: 5 Ways AI Could Shake Up Democracy
byShane Snider
May 8, 2024
6 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now