Comments on: Required Actions for PCI Compliance http://www.merchantequip.com/merchant-account-blog/194/required-actions-for-pci-compliance Merchant Accounts, Ecommerce, Processing Equipment Fri, 23 Sep 2011 22:04:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: StrongBox http://www.merchantequip.com/merchant-account-blog/194/required-actions-for-pci-compliance/comment-page-1#comment-21316 StrongBox Fri, 11 Dec 2009 16:41:36 +0000 http://www.merchantaccountblog.com/archives/194#comment-21316 I recently participated in a seminar on Secure Commerce Payment Data-Enterprice Payment Security which was hosted by Bill Zujewski-V.P.Product Marketing at ATG, Dave Glaser- V.P. Global Services at Cybersource and Chris Pogue- Sr. Security Consultant at Trustwave. The focal point of discussion was security of data in relation to the Order Management Lifecycle. To share my impressions briefly-I guess the main point of the seminar was that the PCI compliance regulations are merely a way to reduce the amount of fraud that is out there, but unless the data will actually be somehow completely eliminated the risk of theft and fraud will always exist- that is regardless if a company is PCI compliant or not. Therefore, as Mr. Dave Glaser said- it is time for a NEW approach- to work on ELIMINATING the data rather than CONTAINING IT. He called the containment approach that is practiced today - " sub-optimal". I guess one may say then, that the PCI regulations of today are implemented as a part of an ongoing process that is desperately trying to solve the "sensitive data pollution" issue and we will see many other attempts in the near future to prevent the "leaks" from happening. In my humble opinion,following PCI policies and regulations is one thing, however how to implement and change our data handling daily habits is another. How many of us REALLY do wash our hands after being out? Well the statistics show that unfortunately most of us DO NOT, yet I believe we all know about germs and how easily they spread and that the prevention of the spread of germs can be limited if we would follow one simple procedure- namely: washing our hands regularly. If I we would apply this tendency in human nature to simply "ignore danger" by not washing hands, to the way of handling sensitive data, the outlook for fraud prevention as long as it is handled by us, is ...well, not very positive. Having a certificate of being "secured" from data fraud, is not and will not be enough. I believe that the success of data security lies in "hands" of each individual business owner, and it's up to him/her to change the "data hygiene habits". This can be done by implementing a secure business etiquette, using the correct and safe commerce /merchant payment solutions, secure processing companies, secure shopping carts and secure back-office softwares-that is, of course, in combination with implementation of good old-fashioned common sense. There are solutions that can ease the safety "routine" so why not use them? StrongBox I recently participated in a seminar on Secure Commerce Payment Data-Enterprice Payment Security which was hosted by Bill Zujewski-V.P.Product Marketing at ATG, Dave Glaser- V.P. Global Services at Cybersource and Chris Pogue- Sr. Security Consultant at Trustwave. The focal point of discussion was security of data in relation to the Order Management Lifecycle.
To share my impressions briefly-I guess the main point of the seminar was that the PCI compliance regulations are merely a way to reduce the amount of fraud that is out there, but unless the data will actually be somehow completely eliminated the risk of theft and fraud will always exist- that is regardless if a company is PCI compliant or not. Therefore, as Mr. Dave Glaser said- it is time for a NEW approach- to work on ELIMINATING the data rather than CONTAINING IT. He called the containment approach that is practiced today
- ” sub-optimal”.
I guess one may say then, that the PCI regulations of today are implemented as a part of an ongoing process that is desperately trying to solve the “sensitive data pollution” issue and we will see many other attempts in the near future to prevent the “leaks” from happening.
In my humble opinion,following PCI policies and regulations is one thing, however how to implement and change our data handling daily habits is another.
How many of us REALLY do wash our hands after being out? Well the statistics show that unfortunately most of us DO NOT, yet I believe we all know about germs and how easily they spread and that the prevention of the spread of germs can be limited if we would follow one simple procedure- namely: washing our hands regularly. If I we would apply this tendency in human nature to simply “ignore danger” by not washing hands, to the way of handling sensitive data, the outlook for fraud prevention as long as it is handled by us, is …well, not very positive.
Having a certificate of being “secured” from data fraud, is not and will not be enough.
I believe that the success of data security lies in “hands” of each individual business owner, and it’s up to him/her to change the “data hygiene habits”. This can be done by implementing a secure business etiquette, using the correct and safe commerce /merchant payment solutions, secure processing companies, secure shopping carts and secure back-office softwares-that is, of course, in combination with implementation of good old-fashioned common sense. There are solutions that can ease the safety “routine” so why not use them?
StrongBox

]]> By: Datasecurity http://www.merchantequip.com/merchant-account-blog/194/required-actions-for-pci-compliance/comment-page-1#comment-1051 Datasecurity Tue, 31 Oct 2006 02:52:17 +0000 http://www.merchantaccountblog.com/archives/194#comment-1051 If you would like more information about PCI DSS compliance you should check out the datasecurity blog. It outlines and clarifies the intent behind many requirements. http://datasecurity.wordpress.com/ If you would like more information about PCI DSS compliance you should check out the datasecurity blog. It outlines and clarifies the intent behind many requirements.

http://datasecurity.wordpress.com/

]]>