The Payment Card Industry Data Security Standard (PCI DSS) was introduced almost a decade ago, but some companies still struggle with compliance. Breaches are common, putting customer information at risk and bringing organizations' governance, risk and compliance processes into question.
SearchCompliance.com Associate Editor Ben Cole recently sat down with Kevin Beaver, an information security consultant at Principle Logic LLC, to discuss some of the latest trends in PCI DSS compliance. PCI DSS compliance barriers do not usually arise because of regulatory complexity, but rather are the result of a lack of organization-wide resources and buy-in necessary to meet the standards, Beaver said.
"It's really because of the culture, the politics, the lack of support, the lack of funding that IT and compliance and information risk managers are up against," Beaver said.
More on PCI compliance
Five strategies to streamline the PCI audit process
Security and compliance lessons from a credit card breach
To maintain PCI DSS compliance, companies first need to understand exactly what their requirements are to determine the best policies, processes and technologies for their specific situation. Perhaps most important, companies should always assume they are a target for a PCI DSS data breach.
"Treat PCI, and really information security in general, as a business issue -- you have to be professional and methodical about it," Beaver said.
In this podcast, learn more about PCI DSS compliance best practices as Beaver discusses the benefits of documentation, what departments should provide PCI security input and tips on minimizing business impact if a breach occurs.
This was first published in September 2012