PCI Compliance

Understanding the Difference Between Security and Compliance

We are all familiar with what it means to be secure - protecting people, organizations, and information against danger or loss.  However, more often than not, business owners focus their concerns on compliance with industry and governmental regulations, assuming this will make them secure.  They are typically interested in passing audits and assessments; yet assessments, audits, and regulations are not security - they are merely measurements, guidelines and standards that a particular group is concerned with.  Only the organization itself knows what the organization does, and how they do it.  Therefore being “security centric” means that the organization is interested in its own security - continually identifying the threats and vulnerabilities that could potentially impact the organization.  By approaching things from this perspective and implementing security best practices, the organization can become compliant with the regulations and standards they are looking to follow.  Learn more about our SecureConnect^® Solutions.

Security isn't Just an IT Function

As would be expected within business, decisions and processes always hinge on threats and vulnerabilities within the marketplace - always concerned with what their competition is doing and how they can minimize their exposure to their competition.  Security breaches like we are seeing today, place entire organizations directly at risk, thus stressing the importance of executive levels of management to be equally concerned with information security as much as they are with market security—it isn’t just an IT function anymore.  Security is more than just loading anti-virus software and installing a firewall, true security involves looking at the entire picture and understanding how policies and procedures, new software installations and systems can impact the safety of the data flowing through your organization.

PCI Compliance is Not an Option

According to the PCI Security Standards Council any organization that processes, stores, or transmits payment card data must comply with the Payment Card Industry Data Security Standard (PCI DSS) or risk losing their ability to process credit cards and avoid non-compliance fines from their acquirer. The rapid increase in use of credit cards in Quick Service Restaurants has been a great opportunity to attract more customers, provide faster service, and increase cash flow. However, maintaining security and managing PCI compliance has proven to be a serious challenge for restaurant operators.

Developing Security Best Practices

Although at first it may seem daunting and impossible, it is much easier than one may think, but it does take diligent leadership to create a new culture.  This starts with a comprehensive Information Security Policy (ISP).  An ISP should enable, not disable, the company to do what it does best.  An ISP that creates undue hardship to business process results in policy violations, in turn security vulnerabilities that can go unnoticed.  Remember:

The Cost of a Security Breach

Having good policy, good auditing, and good supporting procedures is what enables executives to be in the know. This fulfills their obligation of ongoing due diligence, increasing awareness when threats and vulnerabilities arise.

Most organizations never fully recover from data breaches because the loss is greater that the data itself.  Not considering the immediate financial repercussions stemming from litigation, fines, fees, lost revenue, and lost market share – the incalculable injury to their brand is unrecoverable.  In today’s business, in today’s economy, there is a clear correlation between information security and brand security.

PCI compliance is not a simple task, if you are unsure about what you need to do in order to secure your network and establish security best practices, we encourage you to talk with one of our PCI experts.  Contact us today for a free PCI consultation!