Business, Pragmatic PCI Compliance
A simple analysis of the costs and benefits of PCI compliance and the recent history of security breaches should be enough to convince any merchant of the necessity of information security. And yet, current trends say that while the level of compliance is improving, the industry is still very far from complete compliance.
Why would this be, you ask? Why, if the benefits are so clear, would anyone put off their compliance procedures?
The most obvious reason would be that long-term benefits, no matter how clear, often take the back seat when compared to immediate costs. But there are two things that need to be remembered, here. First, long-term benefits imply long-term success. And isn't that what we should be focused on? Second, by taking a pragmatic approach to PCI compliance, merchants can work toward complying with the PCI mandates by employing a measured and strategic plan.
Your approach to PCI compliance begins, as they say, at home - with your own website and/or business procedures. You need to know where you stand on your own technology standards and how much you are already in-line with, or missing out on, compliance standards.
An assessment of your company, your procedures, and your compliance is exactly what you need to serve as a foundation for future security efforts and strategic planning. This is the best way for a merchant to determine and identify the gaps between your current business practices and the required PCI compliance.
The PCI SAQ (Payment Card Industry Self Assessment Questionnaire) is a powerful validation tool to help merchants do just that. Recently this tool has also been upgraded to encompass the various scenarios that may be relevant to different companies. By completing the SAQ, a merchant can more easily record progress and plan for the future. If you're going to be pragmatic, these first steps are crucial.
The next step is to make sure the various departments within the company are working together to achieve PCI compliance. Each department must understand the importance of the PCI DSS and their own responsibilities toward it.
The twelfth requirement of the PCI DSS makes direct reference to this. It states that a company must: "Maintain a policy that addresses information security." It goes on to discuss how you must make sure that correct information is efficiently and completely disseminated throughout the company.
What's the best way to do this? It's the next step in this pragmatic approach - and that is to assign someone to be specifically responsible for PCI compliance. This person, or even this team, should be assigned the responsibility of seeing the strategic plans through to the end.
And the only way that is going to happen is if the management also understands the importance of the PCI DSS and fully support this team in their actions. But this goes back to what was said earlier: that each department must understand their own responsibilities. And that certainly includes the management department. With the team to spearhead efforts, and the management to propel the efforts, pragmatic PCI compliance is within reach.
Still, some companies continue to procrastinate their compliance measures - always planning to get to it eventually. This, however, only amounts to bad business practices, because the gap between compliance and current procedures will only grow larger.
But PCI compliance can be expensive and time consuming. So what is a merchant to do?
Being pragmatic means doing what you can, when you can. And that includes the requirements of the PCI DSS. As resources and costs permit, you should do everything you can to reach compliance.
Outsourced payment processing has become a popular option because of the costs of trying to reach compliance in-house. This is often the more cost effective way for many companies to start their journey toward being compliant.
Finally, as management and every other department in the company takes their appropriate responsibilities, regular meetings need to be held to make sure things are progressing as they are supposed to. PCI compliance is an important concept in today's modern business world, and a pragmatic, methodical approach can see it through.
Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about PCI compliance, or the PCI SAQ, visit Braintree Payment Solutions today.
Related Tags: data security, pci compliance, pci dss, payment card industry, pci saq, self assessment questionnaire
Your Article Search Directory : Find in Articles
Recent articles in this category:
- The Secrets to Getting Low Down Payment Car Insurance
Upon purchase of a new car, there is almost always a requirement to buy an auto insurance policy as - The Wisdom Behind Auto Insurance Comparison Quotes
No one in his right mind would not go for a good deal. In fact, everyone is out on their feet and ru - The Benefits of Auto Insurance Comparisons Florida
Insurance can be expensive. This is something everyone knows about especially in the sunny state of - Auto Insurance Florida: The No-Fault Policy
There are different kinds of car insurance offered by a wide range of providers today. Different sta - Finding the Cheapest Auto Insurance Companies
Everyone is asking and searching for the cheapest auto insurance companies available today. Consider - How do You Compare Private Health Insurance Cover in Australia?
Deciding what is the best and most affordable private health insurance cover can be easy if you take - How Payment Protection Insurance Was Mis-Sold
For over six years the issue of Payment Protection Insurance (PPI) and how it was mis-sold to custom - Finding Quotes For Auto Insurance Online
One of the many concerns when you are shopping for auto insurance is being able to get access to quo - How You Can Find the Best Auto Insurance Online
When it comes to renewing your car insurance you are going to quickly discover that there are a numb - Guidelines For Searching For Auto Insurance Online
The internet can be a great source of discounts and values related to auto insurance. However, many
Most viewed articles in this category:
- Trading Forex With Pivot Points
Forex Pivot Point Trading are used today by Forex Traders and are calculated on the previous days mo - Where To Search For Free Grants
Where do you look for free grants? The search must be thorough or it could be an exercise in futilit - The Connection Between High Blood Pressure and Salt
We are a society of Salt Addicts. It cannot be denied. When you look at the things we do and the pla - Tips For Avoiding HYIP Scams
Before knowing about HYIP Scams, refer to the functioning of HYIP or "High Yield Investment Programs - Getting Credit After Bankruptcy
Consumers do not have to live sans credit following a bankruptcy. By following certain steps consume - Tips For Choosing A Credit Card
Are you looking for that perfect credit card? If so, you may be confused about what exactly to look - Cheap Car Insurance For Teens Online
Many elements determine a car insurance policy. Car insurance companies look at the person's age, hi - What Exactly Is Free Grant Money?
You can apply for free grant money from various government agencies. But where exactly does this mon - Small Business Owners Marketing and Customer Service
Marketing can be time-consuming, but it doesn't have to be hugely expensive now, thanks to the Inter - Apply Online For A Credit Card - How To Choose A Card?
The best type of credit card for you will be dependant on how you intend to use the credit card. Are