PCI Survey
July 30th, 2008 Posted in Compliance, Europe
If you are not already subscribed to Rob Newby’s blog then maybe today is the day you do. His is one of the few that is syndicated via the Society of Payment Security Professionals. He has put online a survey on PCI DSS compliance that is meant to identify some of the roadblocks to compliance.
Since Rob is based in the UK this survey is targeted mostly at European companies, but I’d urge you all to participate. The more information available to the public the more we can identify the roadblocks and remove them.
We already know that things such as Chip-PIN have had an ideological impact on PCI DSS adoption within the UK and Europe. It goes a long way towards protecting cardholder data, but it alone will not protect merchants from exposing sensitive data. Merchants must understand that integrated POS devices could retain “track equivalent data” which cannot be retained post authorization.
Other issues include the multi-acquirer relationships within Spain and Italy. This power shift makes it harder for acquires to push for compliance within their merchant community.
Also, things such as Single Euro Payments Area (SEPA) may bring changes to how merchants see their PCI scope. There are a number of things that companies must consider and an equal number of roadblocks.
In the end, excuses are just that. If you choose to not wear a life preserver just because your neighbor isn’t then both of you will down when the ship springs a leak. Ignorance is no excuse.
Also, if you’d rather read up on a Web App Sec survey check it out.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
