CONTINUE TO SITE »
or wait 15 seconds

Blog

What do you do after you become PCI compliant?

December 5, 2012 by Brad Cyprus — Chief of Security and Compliance, Vendor Safe Technologies

Congratulations! You took the time to become PCI (Payment Card Industry Data Security Standard) compliant by accurately filling out your Self-Assessment Questionnaire (SAQ) and passing all the requirements; remediating your location until you internal and external vulnerability scans passed; and training your employees. Your location is secure now, right? Well, in all honesty, the answer is a resounding maybe.

You must understand that PCI is a good compliance standard, but it is no guarantee that you are actually secure. The PCI standard came about so that merchants who took credit cards would understand and comply with the minimum level of security that the credit card companies demanded to protect their credit cards. While PCI can be daunting, especially if you try to do everything on your own without professional guidance, it is only the minimum precaution you should take when trying to keep your environment safe.

To complicate matters even more, computer hackers do not stand still. They are constantly inventing new ways to break into systems, and protections that were adequate yesterday will no longer keep them out once they develop these new techniques. If you really want to stay secure in the long run, you must constantly have a process to identify new risks to your stores and react to them.

You are probably thinking to yourself, “But I’m not a security expert. How could I possibly find these risks.” You are right, and this can be a challenge. For small merchants in particular without formal training in risk assessment, the task is daunting, so taking a step back might help.

For most brick and mortar locations there are usually 3 primary risks (if your particular location has more complicated data storage, or if sensitive data is moved off-site, then you will have more than these 3). In no particular order, you should be concerned about external hackers and threats; internal issues and malicious employees; and physical theft. For each of these, you must identify your risk; determine what would be affected if you were compromised; protect your assets; and figure out how to mitigate the risk.

The PCI Security Standards Council has released a document to help you understand this process, but it was really designed for large environments with a qualified IT staff. Like many things in PCI, it is sometimes a best practice to admit that you need help and to ask a professional for guidance. It is better to get the help before you are affected than to be surprised later.

About Brad Cyprus

None

Connect with Brad:

Related Media

Marketing
From storefront to screen: A modern retailer's guide to leveraging technology for success
AI
AI-powered digital avatars: The next frontier for retail CX
Technology
Augmented reality and virtual reality: Reimagining try-before-you-buy
General
2025 State of the Industry: Store Innovation Report
Presented by Toshiba Global Commerce Solutions, Inc.
Recent Posts
Criminal gang stole millions from Home Depot over several years
Warby Parker teams with QB Arch Manning for brand ambassador strategy
Consumers prioritizing convenience, flexibility, hybrid shopping
Spirit enters Chapter 11, issues letter to travelers
Amazon Just Walk Out Cafe debuts at South Carolina hospital


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'