As an account manager in the world of security, I am constantly confronted with questions surrounding PCI compliance and the challenges organizations face with ensuring proper controls are in place, and all requirements met. If we get down to the core of the issue, the reality is many organizations either don’t have the budget or resources to build out a mature security program that meets PCI DSS standards, or they don’t care enough about addressing security concerns until something bad happens. Often times, that something bad ends up being catastrophic to the business, and we, as an industry, tend to be too reactive when we should be getting out in front of these issues.
PCI DSS was created in an effort to motivate organizations to work toward creating a more secure payment process to thwart attacks from unauthorized users. From the actual debit/credit transaction, to the storing of card data and everything in between, PCI was supposed to be the driving force behind businesses becoming more proactive and vigilant, but almost 15 years later, far too many organizations are still falling short.
Contrary to popular belief, working toward PCI compliance is not simply a matter of checking a box or adding another notch in your belt; it’s an ongoing process, and while it can be challenging, your business will be better off for taking the necessary steps in doing so. Secure Ideas works tirelessly to assist organizations in better understanding what is required of them, what steps are needed to reach PCI DSS compliance, and, through a collaborative approach based on years of experience, how to become more resilient to attacks.
Because PCI DSS is not law, the only way to truly compel organizations to work toward compliance is to levy punitive fines or take away the ability to accept cards for those that refuse to comply. Until recently, the potential for fines wasn’t much of a concern for organizations, and the inconvenience of dealing with PCI was enough for many organizations to ignore it entirely. Fortunately, we’re now at a point that fines are being assessed with more frequency, and failing to comply will soon be too much of a cost to disregard, thus motivating organizations to address their shortcomings.
While we can sift through the extensive list of controls and requirements that are clearly outlined, if organizations are actively trying to sidestep PCI DSS rather than adhere to or work toward compliance, then we’re not addressing the issue at hand and that is a blatant disregard for proper security controls. Secure Ideas can help navigate your business through the requirements of PCI, but the burden rests on the shoulders of those same organizations to not only reach but exceed the bare minimum.
At the end of the day, the goal is keeping sensitive data out of the hands of malicious persons, and with new technology and things changing daily, we must be more vigilant than ever. Secure Ideas recognizes the challenges of attaining compliance, and that is why we work hand in hand with clients to fully understand the requirements of PCI DSS, and how it benefits an organization to comply.
*** This is a Security Bloggers Network syndicated blog from Professionally Evil Insights authored by Andrew Kates. Read the original post at: https://blog.secureideas.com/2018/10/not-just-another-notch-in-your-belt-organizational-challenges-of-pci-compliance.html