The US PCI DSS was put into effect to provide appropriate security guidelines to ALL businesses that handle credit card data and on how to protect their consumer database. The problem is the PCI standard has had little effect as data breaches continue to rise. Of additional importance is that a small proportion of businesses appear not to have any firewall, anti-virus or SSL solution and yet these companies are supposed to be PCI compliant.
Closer analysis of the research compiled by Imperva, a leading database and web application security vendor indicates a high proportion of the businesses with little or no security are in fact ‘small’ businesses. The major problem is that of resource. Most of the companies (60%) claimed they had insufficient resource to comply with the PCI standard. It also appears the economic climate may well have impacted the move to PCI compliance as additional investment and costs would have to be allocated – which in this climate is something CEOs and CTOs are reluctant to justify.
There is a disadvantage in not having PCI compliance – businesses (including merchants) end up paying far higher commissions and in general end up paying more for insurance. So what are the solutions? There is a general consensus in compliance circles that there should in fact be a ‘seal’ or ‘logo’ that customers can identify with. Expect minor changes to PCI-DSS standards in the
For more information about PCI Security I suggest you visit the PCI website
Safe surfing folks!