Each merchant seeking to comply with Payment Card Industry data-security standards faces specific challenges based on its business processes, but this year a few common themes are emerging globally, Jeremy King, European director of the PCI Security Standards Council, tells PaymentsSource.
“Large multinational companies to smaller companies in the ecommerce space are beginning to see the merit in applying the PCI Data Security Standard to a broader range of data in their organizations, King said in a Sept. 22 interview during the council’s annual meeting in Scottsdale, Ariz. (
“PCI compliance is no longer just about protecting magnetic stripe credit card data,” King said. “It is gradually serving a broader approach to overall data security, as companies take a broader look at business processes in the data-security context.”
And as more companies tackle data-security issues, they are turning to one another for help in surmounting obstacles, King contended.
“The most surprising thing about how PCI compliance is evolving is the way companies from around the world, often in different industries, are asking each other ‘Tell me how you did that’ and are getting creative ideas and [potential ways to resolve issues] from one another,” he said.
The council’s first European security-standards community meeting is slated for Oct. 17 to 19 in London, King noted.
Each company tends to have its own challenges, but one of the most common problems organizations share when tackling PCI compliance is the difficulty integrating new data-security processes with older information-technology systems that often are costly to replace, King said.
“We are hearing a lot about the dilemmas companies face when trying to protect card data with older, legacy systems when working to protect card data,” King said. “It can be costly to replace legacy systems and many companies are struggling with this.”
Another common theme for corporations working to achieve PCI compliance is the challenge of getting top management to understand its importance and to allocate appropriate funds, where necessary, to invest in consulting and new technology, he said.
Many corporations with franchise operations also are asking questions about how they can get franchisees to help shoulder the cost of new payment terminals and data-security technology, King indicated.
PCI compliance is such a widely varying task, based on each company’s own structure and reach, that the council cannot provide specific roadmaps for its members, King said.
“It’s very difficult to generalize about what any company needs to do to achieve PCI compliance, but there are certainly some common learnings, and merchants are coming together at community meetings like these to share information," he said.
What do you think about this? Send us your feedback.
