In the News

By Joseph Trigliari

12/02/2010 - The PCI DSS may be complex and even burdensome for small and midsize organisations, but "complaining about it will not get companies anywhere," reported IT security publication SC Magazine.

The magazine spoke with Jan Fry, head of PCI at penetration testing firm ProCheckUp, about the burden of PCI for small organisations. Fry concluded that while the standard may be hard to understand, it is no excuse for companies to not be fully compliant.

"Everyone has had at least five years to digest the standard. It stuns me that organisations are stuck in this 'I don't like it, so I'm not going to do it' mentality," Fry told the magazine.

What many merchants seem to be doing is reading a given requirement once, not understanding it, and giving up. However, this is not the right approach, as payment processing breaches can be tremendously expensive.

Bob Russo, general manager of the PCI Security Standards Council, recently emphasized the importance of complying with PCI regulations in an interview with CNET News, noting that the enormous financial damages that come as a direct result of a payment processing breach are only secondary to the reputational damages that the business will incur as well.