John Kindervag is vice president and principal analyst at Forrester Research, and a former qualified security assessor (QSA). He says that business owners should start thinking about PCI compliance as something like a 12 step program. It’s not bulletproof, but it addresses the tendency of each website owner to see security as someone else’s problem. Kindervag adds, “No one likes to be told what to do. But when you ask people which PCI requirement they think should be omitted, they are forced to admit that they are all important.”
The PCI DSS offers a sensible starting point for any security program. But companies concerned with the safety of their website and their customers’ information shouldn’t stop there.
According to SCMagazine.com, most companies need to do more than what they are currently doing to improve chances of not getting hacked. Cyber security is no longer optional. Current PCI DSS requirements have not stopped cyber crime. However, they have provided a baseline for security practices which individual companies and independent organizations have built upon. And it (the data security standard) is credited with improving security for the industry and for those companies complying with the Payment Card Industry.
Mary Castleton is the IT project manager at Davinci Virtual Office Solutions. She says that “PCI compliance is beneficial to a company collecting credit card or private information to make sure their customers’ information remains safe.” But staying PCI compliant can be troublesome. It can take tons of time and resources when trying to tackle security issues on your own.
However, having a good security scanning partner, like Trust Guard, can make life a whole lot easier. They can scan your site for more than 75,500 vulnerabilities. If they find an issue, they will send you a report. They can then guide you through the process of repairing the issue. This way, Trust Guard removes a lot of your stress of keeping your site free from hackers.
Trust Guard can also help you with your Self-Assessment Questionnaire (SAQ). Their questionnaire template makes getting the SAQ to the PCI simple. There is much more that you need to do, like keeping passwords safe and constantly updating software, just to name a few. But basic PCI DSS compliance will point you in the right direction to an online presence that is free of hackers and cyber crime.