NEW YORK -- Perhaps it's time to think about paying with cash only. In less than a week's time thousands of companies will have demonstrated that they are incapable of complying with a set of security guidelines to prevent data breaches and protect credit card data against indentity theft.
All organizations that store, process or transmit credit card payments are required to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS) by 30th June 2007. But studies have indicated that less than half of all affected businesses will be able to meet that deadline.
Why are merchants struggling so hard to comply with what many in the security industry say are basic, common-sense security measures? Is consumer data at more risk of being stolen and abused than we've feared? Even the penalties for noncompliance -- fines of up to $500,000 and loss of the ability to accept credit cards - apparently haven't been enough to get affected businesses to take security seriously.
David Taylor, president and CEO of The Payment Card Industry Security Vendor Alliance (PCI SVA), an organization formed to assist and educate the payment card industry on the requirements and business value of PCI DSS, can discuss:
- The biggest threats to data security - and why hack attacks continue to happen despite the billions of dollars companies spend on security.
- What businesses need to do right now to avoid data breaches, penalties and fines.
- Why so many businesses have failed to met the compliance deadline despite the fact that PCI DSS only requires best-practices security processes and policies.
- Why organizations can't afford to ignore PCI DSS, even if fines and penalties aren't immediately imposed after the June 30 deadline. (Card companies have recently indicated that they'll be willing to accept risk mitigation plans in lieu of full compliance, since so many businesses will fail to meet the deadline.)
- The Return On Data Security Investment (RODSI) that companies can expect to achieve if they are compliant with PCI DSS
- Why simply following the letter of the PCI DSS guidelines is not enough to guarantee hack-proof security.