• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

How to build a PCI compliant culture

October 8, 2014 by Secure360 and UMSA

luckyraccoon / 123RF Stock Photo

luckyraccoon / 123RF Stock Photo

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) applies to all businesses, organizations and merchants that accept, transmit or store credit card information. Regardless of how few credit card transactions may be processed, it applies. These standards have been around since 2006 and are designed to ensure all companies process, store and transmit credit card information securely. Failure to meet PCI standards can result in fines and increased transaction fees, not to mention leave the company vulnerable to data breach. The responsibility to meet PCI standards fall on the company, making it essential for any organization that handles credit card to build a strong PCI compliant culture.

The roadblocks

Of course you want to keep customer credit information secure, and as security professionals, you’ve got the skills to do it. But that doesn’t make PCI compliance easy; there are some roadblocks:

  • No management buy-in – If the CEO doesn’t care about or understand PCI compliance, it’s going to be extremely difficult to build a PCI compliant culture that all employees take seriously.
  • No obvious ROI – If it doesn’t pay, why would management put any real investment into it?
  • Resources – Putting it in place takes dedicated time and resources.
  • Change – PCI compliance may require change, and change is hard for many.

If done correctly, your PCI culture will offer a return on investment. Talk to management in terms they’ll understand and get their buy-in. If the high-profile data breaches making the news daily don’t convince them, come prepared to show maintaining PCI compliance will positively affect their bottom line. With C-suite support, you can get the rest of the organization on board and making changes for a more secure culture and increase chances of getting dedicated time and a budget.

How to improve PCI culture

PCI compliance is not easy to achieve, and once achieved, it needs to be maintained consistently. In the past five years, not a single company that suffered a data breach was PCI compliant. They may have been PCI compliant at one point, but practices slipped and compliance faded. PCI compliance is an ongoing process.

A few things you need to keep in mind while striving for and achieving PCI compliance:

  • It takes a lot of effort to get there and maintain it.
  • Your processes need to be sustainable.
  • Think of PCI in a wide context.
  • Use compliance as an opportunity.
  • Keep your focus on the scope; you don’t need to protect data the same if you don’t store it.

PCI compliance is not a goal to be marked as done once established. It is going to be a difficult process to put it in place, and none of that work will matter if you don’t maintain it. Your PCI compliance should be built into your overall existing security programs and processes; it cannot effectively standalone. Reaching and maintaining PCI compliance is an opportunity for your organization to increase security and prevent data breaches that could be very costly and destroy its reputation; it’s an investment.

PCI compliance is not a goal; it’s a process that needs to be kept up by everyone within your organization who handles credit card information. Although it may require significant changes to how credit information is handled, getting buy-in from management and helping others understand why the changes need to be made and maintained will help you shift to a compliant culture.

Filed Under: Business Continuity Management, Cybersecurity, Professional Development, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

No tweets found.

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.