PCI - Payment Card Industry compliance, why should it not be Protect Customer Identity (tm) compliance ? For the rest of this article (because I wrote it), PCI is Protect Customer Identity (tm). The (tm) is fake, I have no rights over this name. But I would definitely like the abbreviation changed !!.
Why is PCI compliance important ? More so, why is awareness to such a standard important ? I personally feel getting people to know about Data and Identity theft and PCI's war against it is as important as the AIDS awareness program that started over a decade ago. I am neither a guru, nor an evangelist , I like, however, to challenge the human thought and I apply logic. Yes miracles do happen and there are mystic unexplained theories (how does a sock disappear in a washing machine) , but I will leave solving them for another life. I will stick to logic in this one. It makes living life both easier to justify and pragmatic.
Now for the real deal, PCI - for a lot of people it never really exists. Or in other words , no one cared if it did. At least not until a few million had their credit and bank accounts zapped. Some even today are trickling by the pennies and cents, who cares about a few pennies here and there ? You would probably have more lying in that glass jar sitting on top of the kitchen table. Do the math times a few billion and you would know what I am trying to get at. Yet...who cares for a few pennies here and there.
This is partly because people have left the decision making on how sensitive data should managed to someone else (Banks, e-commerce shops, Stores, Utilities etc etc). An average person will leave his identity information in over 50 different places a month.
Not following a PCI compliance is abetting a crime !! Yet...who cares for a few pennies here and there. However, there are companies who do and value this as a service to their customers and it is them who make the community they thrive on proud. It is these companies who will succeed in gaining the customers trust and translate it as long term value. And in them I lay my trust as a consumer and it is with them my business commitment lies.
A simple shopping cart that gets and stores credit card information needs to be PCI complaint. Not all major frauds happen in large companies, they happen at a smaller (more frequent though) scale in smaller businesses that are a hacker's paradise. PCI is not just about storing data the right way but also a having the right infrastructure to be able to protect it. PCI Vaults that store CC/DC information and encrypted through patented algorithms are only a part of the solution. One would still need a robust and impenetrable infrastructure to protect this data. And this is always a lead-lag process. Hackers will find new ways to get to the data and we have to keep finding ways to keep them at bay.It is a relentless war against identity theft.
Why is PCI compliance important ? More so, why is awareness to such a standard important ? I personally feel getting people to know about Data and Identity theft and PCI's war against it is as important as the AIDS awareness program that started over a decade ago. I am neither a guru, nor an evangelist , I like, however, to challenge the human thought and I apply logic. Yes miracles do happen and there are mystic unexplained theories (how does a sock disappear in a washing machine) , but I will leave solving them for another life. I will stick to logic in this one. It makes living life both easier to justify and pragmatic.
Now for the real deal, PCI - for a lot of people it never really exists. Or in other words , no one cared if it did. At least not until a few million had their credit and bank accounts zapped. Some even today are trickling by the pennies and cents, who cares about a few pennies here and there ? You would probably have more lying in that glass jar sitting on top of the kitchen table. Do the math times a few billion and you would know what I am trying to get at. Yet...who cares for a few pennies here and there.
This is partly because people have left the decision making on how sensitive data should managed to someone else (Banks, e-commerce shops, Stores, Utilities etc etc). An average person will leave his identity information in over 50 different places a month.
Not following a PCI compliance is abetting a crime !! Yet...who cares for a few pennies here and there. However, there are companies who do and value this as a service to their customers and it is them who make the community they thrive on proud. It is these companies who will succeed in gaining the customers trust and translate it as long term value. And in them I lay my trust as a consumer and it is with them my business commitment lies.
A simple shopping cart that gets and stores credit card information needs to be PCI complaint. Not all major frauds happen in large companies, they happen at a smaller (more frequent though) scale in smaller businesses that are a hacker's paradise. PCI is not just about storing data the right way but also a having the right infrastructure to be able to protect it. PCI Vaults that store CC/DC information and encrypted through patented algorithms are only a part of the solution. One would still need a robust and impenetrable infrastructure to protect this data. And this is always a lead-lag process. Hackers will find new ways to get to the data and we have to keep finding ways to keep them at bay.It is a relentless war against identity theft.
From here on , PCI is Payment Card Industry.
To know more about PCI and PCI compliance and be up-to-date with what is happening in the PCI world please visit, or keep an eye on this blog site for more updates.
http://www.pcicomplianceguide.org/
or
http://www.pcisecuritystandards.org/
Posts
No comments:
Post a Comment