The Present and Future of PCI Compliance
Looking around the internet this week…
Chris McClean, at the Forrester Blog for Security and Risk Professionals,
suggests that in the future PCI compliance audits, and the auditors who perform
them, will “be
set under the most finely tuned of microscopes to be examined for accuracy and
thoroughness.”
Despite such increasing scrutiny, it’s unlikely that the human
element of data security will ever disappear entirely, even if people do
stop, but for one example, disabling
personal firewalls.
Data security, it would seem, isn’t important to nearly enough people, with the
notable exception of CPAs, who
place it at the top of their list.
As with anything, though,
prioritization is a relative concept, and “data
classification” (and PCI compliance) often isn’t prioritized the way it
should be.
Perhaps if people better understood the “enormity
of the threat,” (hat tip – Database
Security 3.0) and the need for prioritizing internal controls, they could
ease the “struggles”
of the credit card industry in keeping data secure.
The future of the payment and data security industries could include a variety
of partial solutions, from biometric-based
security to SMS-based
messaging. Regardless of what
the future may portend, however, the tools of the present (PCI compliance
coupled with strict internal controls) are the best way to keep your, and your
customers’ data secure.
