IMGCAP(1)]
In the aftermath of the Princeton, N.J.-based Heartland Payment Systems Inc. and Atlanta-based RBS WorldPay consumer-data breaches, more industry players are beginning to understand that companies should update their data security more frequently. "What we're learning is it's not just a matter of being PCI-compliant today," says Josh Scheiner, a partner with Wholesale Merchant Group, a Weston, Fla.-based ISO and provider of merchant processing services. "You can be compliant today and be breached tomorrow because something changed," he says. Merchants, processors and others can stay compliant by installing software patches as needed and by scanning for open holes in their networks regularly, says Bob Russo, general manager of the Wakefield, Mass.-based Payment Card Industry Security Standards Council. To better help the industry understand the need for regular compliance, a large part of Visa Inc.'s security-related messaging now "focuses on the need for ongoing compliance" with PCI data-security standards, says Eduardo Perez, Visa global head of security. Merchants, processors and other in the industry must not "study for the test today, pass it tomorrow and forget about it for a year," says Russo, referring to PCI compliance.
