VIGILANCE IS KEY
But even with new standards in
place, retailers still need to remain vigilant against a breach.
“Nothing is foolproof, but the best
defense convenience stores, or any
merchant for that matter, will have
against a breach are these standards,”
Russo said. “PCI is a very good base-
line. But retailers have to remain
attentive. PCI is something you have
to maintain on a regular basis—you
can’t do it once and forget about it.”
And that is where most retailers
find themselves in hot water. One way
to keep your chain in the clear is to
remember that maintaining compli-
ance year-round falls under three key
areas: people, process and technology.
“If there was something out there
you could just buy to make you bullet proof that would be wonderful,
but unfortunately that does not exist,
so until it does exist—and there is no
doubt in my mind that at some point
in the future we probably will reach
that point—until then you really have
to be vigilant and look at these standards as your best bet against having
a breach and stay on top of what needs
to be done,” Russo said.
Achieving PCI compliance, Russo
explained, is a lot like putting the dead-
lock bolts on your doors, but security
is making sure you lock them every-
day before you leave the house.
Now that the PCI deadline has
passed, PCI SSC has entered a formal
feedback period and is encouraging its
participants to fill out an online form
to help improve the standards.
“If you’re not a part of the council, you
can submit questions and suggestions
and we compile this feedback over a
six month period and look to see where
we need to make updates, clarifications
and additional guidance based on the
feedback. We also have special interest
groups that have been elected. So you
can volunteer to be on one of those to
help us make these standards better,”
Russo said. “Our actual lifeline is the
merchants who are the ones that see, on
a regular basis, people trying to steal this
data and can tell us the areas where we
really need to concentrate.” CSD
But those who fail to implement the
standards are more likely to experience a breach and if a breach occurs it
wouldn’t just result in fines for a small
chain, but it would likely put them out
“The costs of recovering from a
breach are infinitely more than any
costs you’re paying to become compliant or to take credit cards,” noted Bob
Russo, general manager, PCI Security
Standards Council (SSC).
Zero Data Breaches.
Zero in on Network Security.
Make a secure move.
Contact us today.
(866) 559-2170| firstname.lastname@example.org
Circle No. 60 on the Inquiry Card