Secure Payments, PCI DSS, Regulatory Compliance Blog

PCI Awareness Month

February 17th, 2007 by datasecurity Posted in Compliance

calendar.jpgWe are naming March to be PCI Awareness Month. Not enough people seem to know about PCI compliance or about the security measures that need to be in place to protect cardholder data. We should have a month of awareness just like other awareness efforts.

Awareness is about defining the risk and allowing companies to make decisions based on that information. Too many times companies are inundated with ‘compliance overload’. They experienced the burdensome and disruptive effort of SOX and are eternally turned off to anything with the word ‘comply’ in it. (Do you think there are psychological impacts on company names such as ComplyGuard, and TruComply?)

What we would like to do is make companies aware of their fiduciary requirements to secure their customers’ information. What they do beyond that is up to them.

Why March?

Well, there are many things happening in March that make it important. First, March 31, 2007 is the deadline for filing your Certificate of Attestation that you do not store prohibited data. If you don’t file it, fines will follow.

March 22-23 is also the dates of our PCI training session in San Francisco. Be sure to register and learn the details, risks, and liability of compliance. Sign up now to guarantee your spot.

Throughout March we will be bringing you stories and information about PCI and what others are saying about it in the news and on the blogs.

Why post this in February?

PCI compliance is not something that is easy to achieve. There are many details to be considered any many remediation measures to implement. But awareness is not about defining the details. Instead, awareness is about making more people aware of their responsibility and directing them to locations that they can learn more. It’s about waking people up to the fact that compromises happen and no company is exempt. And we need lots of lead time to prepare for this.

Where in the World is PCI DSS?

Jesper writes about PCI from Sweden.

Ambersail blogs about PCI from the UK.

Moneris in Canada has a great PCI DSS resource page.

PCI Consultants page in Germany.

Who else is writing about PCI? I read blogs from the US all the time, but how about other areas of the world?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

  1. 3 Trackback(s)

  2. Feb 28, 2007: 2nd Annual Payments Security Summit at PCI Compliance Demystified
  3. Feb 28, 2007: 2nd Payments Security Summit at PCI Compliance Demystified
  4. Mar 4, 2007: 5 Myths of PCI Compliance at PCI Compliance Demystified

Sorry, comments for this entry are closed at this time.