Javelin Strategy & Research, Nov 2007, Pages: 26
Safeguarding customer data is a necessary component of good business practice, yet the numbers of data breached accounts are at an all time high. Data security has not been given front line priority, and as a consequence an environment of mistrust of the card eco-system has developed among consumers, merchants, acquirers, and issuing banks. To stem this tide, the payment networks have responded with a renewed emphasis, harsher penalties, and more specific deadlines for Payment Card Industry Data Security Standards (PCI DDS) compliance.
Merchants are spending untold amounts to come into compliance, and many are confused as to the value of PCI compliance above and beyond fine avoidance. This report explores the challenges and issues presented by PCI compliance from the merchant perspective including the five biggest compliance problems causing data breaches for merchants extracting from qualitative executive interviews conducted with the PCI council, payment networks, PCI vendors, Qualified Security Assessors (QSAs), and merchants themselves.
Primary Questions
-What is the real value of PCI compliance, aside from avoiding fines?
-What role does state legislation have in PCI compliance?
-What is the nature of merchant confusion with the PCI compliance process, and who is
responsible for allaying this confusion?
-How can merchants be assured of "safe harbour" from lawsuits based on their
compliance?
-What are the top five security weaknesses facing merchants becoming compliant?
-Are there any innovative approaches to help merchants deal with sensitive data
storage?
