The ongoing, worthwhile progress of PCI adhering practices within both large and small businesses will likely be dependent on the forging of strong partnerships between payments technology vendors. The reason for this is that many businesses that process, store or transmit cardholder data are simply not equipped to change at the speed required by the burgeoning payments industry to comply with the stringent security standards.
That’s not to say that the enforcement of a set of best-practice procedures to arrest the global losses to payment fraud and identity theft isn’t extremely necessary, however, the level of change management required for any business to be PCI compliant should not be undervalued. The first version of the PCI DSS were issued less than a decade ago (Dec 2004) and the additional expense, training, resourcing and I.T development that a business may have to go through to meet these still relatively new standards could be crippling if not dealt with sympathetically.
The drive to get a share of the PCI pie has led many high-quality technology businesses to develop advanced services and innovative solutions within the payments chain, but their convergence to deliver supportive customer service could be the real key to PCI success and the protection of merchants against fraud.
This is especially true as the enforcement of PCI standards is trickled down to smaller level 3 and 4 merchants, for whom this could be a real culture shock or, worse, become a mere ‘lip-service’ paperwork exercise. A merchant’s understanding of the risks and their belief in the PCI practices is surely the best way to improve the security of sensitive data for the long term. The delivery of exceptional support and customer service has a real transitional role to play here and the partnership of technology vendors to provide this to a consistent industry standard is a must. Perhaps there should even be a PCI MCSS (Merchant Customer Service Standard).
The ongoing, worthwhile progress of PCI adhering practices within both large and small businesses will likely be dependent on the forging of strong partnerships between payments technology vendors. The reason for this is that many businesses that process, store or transmit cardholder data are simply not equipped to change at the speed required by the burgeoning payments industry to comply with the stringent security standards.
That’s not to say that the enforcement of a set of best-practice procedures to arrest the global losses to payment fraud and identity theft isn’t extremely necessary, however, the level of change management required for any business to be PCI compliant should not be undervalued. The first version of the PCI DSS were issued less than a decade ago (Dec 2004) and the additional expense, training, resourcing and I.T development that a business may have to go through to meet these still relatively new standards could be crippling if not dealt with sympathetically.
The drive to get a share of the PCI pie has led many high-quality technology businesses to develop advanced services and innovative solutions within the payments chain, but their convergence to deliver supportive customer service could be the real key to PCI success and the protection of merchants against fraud.
This is especially true as the enforcement of PCI standards is trickled down to smaller level 3 and 4 merchants, for whom this could be a real culture shock or, worse, become a mere ‘lip-service’ paperwork exercise. A merchant’s understanding of the risks and their belief in the PCI practices is surely the best way to improve the security of sensitive data for the long term. The delivery of exceptional support and customer service has a real transitional role to play here and the partnership of technology vendors to provide this to a consistent industry standard is a must. Perhaps there should even be a PCI MCSS (Merchant Customer Service Standard).
The ongoing, worthwhile progress of PCI adhering practices within both large and small businesses will likely be dependent on the forging of strong partnerships between payments technology vendors. The reason for this is that many businesses that process, store or transmit cardholder data are simply not equipped to change at the speed required by the burgeoning payments industry to comply with the stringent security standards.
That’s not to say that the enforcement of a set of best-practice procedures to arrest the global losses to payment fraud and identity theft isn’t extremely necessary, however, the level of change management required for any business to be PCI compliant should not be undervalued. The first version of the PCI DSS were issued less than a decade ago (Dec 2004) and the additional expense, training, resourcing and I.T development that a business may have to go through to meet these still relatively new standards could be crippling if not dealt with sympathetically.
The drive to get a share of the PCI pie has led many high-quality technology businesses to develop advanced services and innovative solutions within the payments chain, but their convergence to deliver supportive customer service could be the real key to PCI success and the protection of merchants against fraud.
This is especially true as the enforcement of PCI standards is trickled down to smaller level 3 and 4 merchants, for whom this could be a real culture shock or, worse, become a mere ‘lip-service’ paperwork exercise. A merchant’s understanding of the risks and their belief in the PCI practices is surely the best way to improve the security of sensitive data for the long term. The delivery of exceptional support and customer service has a real transitional role to play here and the partnership of technology vendors to provide this to a consistent industry standard is a must. Perhaps there should even be a PCI MCSS (Merchant Customer Service Standard).