The card associations are sternly scolding non-compliant merchants this year, and the attention around PCI related issues has never been greater. Why is it so hard to comply? Surely merchants have some level of security around their customer data, otherwise there would be a compromise every week. Is it technology? Is it cost? Or is it just a lack of motivation from the top down to wrap up these compliance projects?

This year, we released a paper that reviewed 60 Reports On Compliance from 50 of our customers over a 15 month period. What surprised us was that what we perceived as one of the easiest requirements to meet–PCI Req 11.2, perform quarterly scans internally & externally–was the TOP failure! Why would something that is such a relatively easy process cause the most failure among our customers?

This issue has a relatively simple fix in our minds, though we also validated common industry buzz on items that are not. Logging and encryption continue to cripple companies pushing towards PCI compliance. Both of these issues require well thought out strategies that must encompass the entire enterprise to fully implement. Point solutions rarely if ever work in the long term, and their nature tends to cause short term gains to turn into long term costs.

Inside this paper, we explore many of these issues, and provide free tips on how to make smart decisions on becoming compliant with the PCI Data Security Standards without breaking the bank. Any company that is affected by PCI can take this paper to their organization for practical ideas on how to reduce the impact PCI has on their business.

Download this paper here!

This post originally appeared on

Possibly Related Posts: