Because of the experiences of organisations in the US related to PCI and data security, these organisations now understand that good data security and PCI compliance are key to protecting the organisation’s reputation. Compliance deters would-be attackers and presents an opportunity for organisations to reinforce public and customer confidence in their brand. In this market no organisation can risk the massively damaging effects of a publicised breach of cardholder data.
As the deadline approaches the only option for many will be to take the unfortunate ‘checklist approach’ to PCI compliance, rather than relying on ongoing good security practices to protect cardholder data.
While most organisations hear loud and clear that continuous compliance activity is essential, the majority of these organisations are not implementing the processes or tools required to achieve that objective – smaller organisations have clearly underestimated the serious implications of PCI. For UK merchants the objective should not be to just pass a PCI audit. Achieving continuous PCI compliance should be viewed as just one way of demonstrating that good security practices are in place. If compliance itself is the driving factor, organisations will struggle to achieve the goal. Instead, if organisations focus on putting in place security best practices, they often achieve continuous PCI compliance as a natural by-product and benefit.
Senior Director of International Marketing, Tripwirewww.tripwire.com