The trouble is, according to Andy Gibbs, director of security and compliance at cloud computing provider Star, that many of the smaller level 4 companies (those handling fewer than 20,000 payment card transactions a year) have "complained that the acquirers and payment card industry have not communicated the requirements and deadline clearly enough". As a result, Gibbs believes there will be "thousands of smaller firms struggling to meet the 12 basic requirements of the standard".
This is particularly worrying as level 4 merchants suffering a security breach exposing customer credit card details will automatically be moved up to level 1 (the big boys category for more than six million transactions a year) making the PCI-DSS compliance process much more expensive.
Gibbs and others will say the answer is to outsource payment processing to a specialist platform provider which is already PCI-DSS compliant. Thatt's not bad advice to be honest, but is it too late in the day to get compliant yourself?
Not according to Barclaycards' Neira Jones who insists "it is never too late!".
Jones says Barclaycard always advises its customers:
*Do not treat PCI DSS as an IT project: it is a Change Programme and needs organisational commitment.
*Train staff at all levels (there will be various degrees of training).
*Understand how card payments are currently processed (people, process and technology).
*Embed an information security culture within your organisation early.
*If you don't need cardholder information, don't have it...
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Data sovereignty a growing priority for UK enterprisesNews Many firms view data sovereignty as simply a compliance issue
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
How ready is your company for NIS2?Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Conquering technology risk in bankingWhitepaper Five ways leaders can transform technology risk into advantage
-
Advancing your risk management maturityWhitepaper A roadmap to effective governance and increase resilience
-
When banking works, the world worksWhitepaper Five ways automated processes can drive revenue and growth across your bank
-
Automating digital resiliency in bankingWhitepaper Prioritize investment in solutions that mitigate a lack of digital resiliency when disruptions strike
