Back at work this morning after the holidays and for the first time in 2008, I picked up a copy of Digital Transactions while having my morning coffee. The issue was from November 2007 but featured “The 10 Most Pressing Issues in E-Payments”. Of particular interest on the list was 3. PCI And Data Security:

“The Payment Card Industry Data Security Standard (PCI DSS) has turned into the next Sarbanes-Oxley. What with a seemingly never-ending rash of card-data leaks, businesses are finding themselves under pressure as never before to shore up internal systems, stop collecting certain data from mag-stripe swipes, and keep themselves from becoming the next breach headline.” [Read more in the Digital Transactions archives].

It seems like 2007 was a breakthrough year in terms of the awareness of credit card data storage and fines however there is still an alarming number of companies who are not compliant. The year in review over at Search Security written by Mike Rothman quite frankly sums up 2007:

Looking ahead, it’s hard to envision 2008 being that different from 2007. We’ll see more data breaches, more disclosures and probably more legislation and regulation. Companies will continue to spend money to keep their auditors happy and stay one step ahead of the compliance reaper. But until we really see an organization raked over the coals because of a compliance violation, we’ll continue to deal more with the specter of compliance than the reality. [Search Security]

This quote is pretty harsh as it describes a more reactionary step toward compliance, rather than preventative. Companies can be confronted with as many scare-tactics as possible but PCI DSS is something that benefits your business and your consumers, and should be proactively considered.

The deadline for Tier 2 companies (those who process between 1 and 6 million transactions a year) was December 31, 2007. However, the PCI council does not impose fines - those come from credit card companies/payment brands like Visa (who has recently been named the “World’s Leading Credit Card” for the 10th year in a row [BusinessWire]).

For more information, tailored to merchants courtesy of Visa, visit their Cardholder Information Security Program website.

For more information about the Payment Card Industry Data Security Standard, read through the FAQ on the PCI DSS website.

This blog post is a part of the E-xact Transactions Ltd. PCI Blog Series.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.