Skip to main content

PCI Compliance Is a Holistic Effort

9/26/2014

Bob Russo, general manager, PCI Security Standards Council, offers the following advice about complying with PCI Data Security Standards, including the upcoming October 2015 deadline for U.S. retailers to accept cards with Europay, MasterCard, Visa (EMV)-compliant chips.



No Single Security Solution: “As evidenced by recent high-profile breach incidents, keeping payment data secure in today’s world is an increasingly complex challenge,” explained Russo. “While EMV chip implementation solves one part of the problem, there’s no single solution that addresses all security challenges. For example, the EMV chip is not intended to protect the ever-growing part of our global economy that conducts business online. Increasing security and reducing fraud requires a layered approach to security.”



Consider Whole Payment Infrastructure: EMV chips provide excellent protection against fraud in a face-to-face environment, according to Russo.



“But in preparing for migration to the EMV chip, multichannel organizations need to consider their entire payment infrastructure, not just brick-and-mortar, and specifically e-commerce environments,” he said. “EMV chip migration is a great opportunity to look at overall terminal security, and for retailers to invest in a terminal that meets various

security standards and needs.”



Stay Vigilant: Organizations with security controls in place as part of complying with PCI Security Standards improve their chances, both of avoiding a breach in the first place, and of minimizing the resulting damage if they are breached.



“These findings, coupled with recent breach incidents, highlight the need for businesses to build security into their ‘business as usual’ practices,” Russo said. “In the case of PCI Standards, that is especially important that this does not become a once-a-year event, when a compliance assessment is due, but rather is a daily occurrence.”

X
This ad will auto-close in 10 seconds