Payment Card Industry (PCI) Compliance

Writing by AppLabs on Tuesday, 29 of June, 2010 at 5:01 am

In 2006, the Payment Card Industry (PCI) Security Standards Council (SSC) was founded by the leading payment card brands. It developed the Data Security Standard (DSS) as a single set of requirements for enhancing the security of payment account data. Any organization that stores, processes or transmits cardholder data is required by contractual obligation to be compliant with the DSS.

As such, PCI compliance is often perceived by some organizations as something that is a valueless and externally mandated one-time activity. To many it is a burden, consuming resources they would rather spend on other efforts. At the same time, many other organizations have effectively launched security programs around DSS or have expanded their security programs using DSS. So which is it: shackle or launch pad?

The PCI Data Security Standard (DSS) is comprehensive and specific enough to be the foundation for (or at least a component of) a solid information security program of any organization irrespective of size. The DSS includes requirements for security management, policies, procedures, network architecture, software design and development and other critical protective measures. Due to the breadth of areas covered by its requirements, the DSS can help an organization consider and address most areas of information security. In short it can act as a springboard to security compliance in letter and spirit.

Organizations that perceive PCI compliance to be a valueless, one-time activity are not getting the true worth out of the program. This perception reflects an immature and dysfunctional security program. The key to effective PCI compliance and information security in general is in the long-term commitment to consistent and focused effort throughout the organization. When PCI compliance makes the transition from being a one-time activity to a long-term corporate commitment and culture, is when a security program matures and becomes effective. The PCI Data Security Standard can be the launch pad to making this significant transition.

Category: Compliance Testing, Offshore Software Testing, PCI Data Security Standard, Security Testing Services

No Comments

No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>