PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Technical Challenge or Business Enabler? Seizing the Opportunity of PCI DSS Compliance

Arnaud Crouzet by Arnaud Crouzet
October 17, 2019
in Compliance and Regulation, Industry Opinions, Security
0
Technical Challenge or Business Enabler? Seizing the Opportunity of PCI DSS Compliance

Technical Challenge or Business Enabler? Seizing the Opportunity of PCI DSS Compliance

2
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

As data breaches continue to rise globally, protecting the integrity of customer data (especially in the payments world) is vital. One essential security standard helping keep such data secure is PCI DSS – an information security standard for organizations that handle cardholder data. But aligning with the standard can be complex, time consuming and costly. And, as result, many payments stakeholders are becoming complacent about compliance.

In fact, less than 18% of organizations measure their DSS controls across their entire environment more frequently than requirements specify. While doing the bare minimum means that companies avoid receiving hefty non-compliance fines, it doesn’t achieve a great deal more…

Adopting a compliance framework that complements commercial objectives alongside the latest security and privacy requirements is key to truly reap the benefits of PCI DSS. With a new approach, stakeholders can maximize their investment in compliance to achieve greater efficiencies, tap into new revenues and deliver more valuable services to customers. With this in mind, how can the business opportunities of PCI DSS be unlocked?

Scoping it out

Defining the scope – where organizations outline the infrastructure that falls under the requirements of the standard – is one of the most important phases of PCI DSS compliance. But by using it as an opportunity to scrutinize systems, it can also be a useful tool to streamline operations and ‘reduce the scope’ of compliance.

Consider insuring a house. Without any locks on the doors or windows, premiums will be high. But, by considering all entry points and securing them effectively, the risk can be reduced. Taking this one step further, by permanently blocking an unused entrance, for example, the risk posed to the house can be dramatically reduced – and, in turn, so can the insurance premiums!

Scope reduction with PCI DSS works on the same principles. With the right attitude, companies can significantly reduce the scope of their systems that fall under PCI DSS, reducing the risk, ongoing expense and time of compliance.

If it isn’t broken, make it better!

Once your payment infrastructure is in place, it can be difficult to both critically assess your own systems and challenge the different parts of the chain, such as processors and acquirers. It’s very easy to say, “It works, so why touch it?”, but this can be a costly approach longer term.

PCI DSS compliance is the perfect trigger to ask: “Why do we do it this way?”, “Can we be more secure?”, “Can we be more efficient?”, “How can we do better?”. By using the time dedicated to review systems and achieve compliance more constructively, players can spot opportunities to put in place better processes, methodologies and technologies. The resulting systems are not only smoother operationally, but deliver significant cost and time efficiencies long term.

Deliver added value

If implemented intelligently, new technologies added to achieve compliance can also supplement the delivery of new value-added services.

Take payment tokenization, for example, used to encrypt end-to-end cardholder data. While significantly reducing the scope of compliance, these tokens can also be used to identify customers across omnichannel retail environments and automate loyalty programs without (or alongside) a separate loyalty card. For brick-and-mortar retailers, this can help bridge the gap between the online and offline world while bringing greater simplicity and flexibility to the consumer.

Loyalty programs are hugely effective in increasing revenues (members on average spend $42.33 more than other shoppers), so tapping into this market helps maximize return on investment.

Looking to the future

PCI DSS is currently only applied to transactions routed by the PCI member payment schemes. But, they’re a strong benchmark for the protection of all payment systems and customer data universally.

If already applying PCI DSS for card payments, extending it to cover ‘transactions’ generally – protecting instant payments, credit transfers, P2P payments, International Banking Account Numbers (IBANs) and more – can help safeguard and secure systems for the future.

Following the PCI DSS rules blindly can be costly, complex and, in some cases, impossible. The guidelines need to be applied intelligently, using new methodologies and technologies to do things in new, better ways and, in turn, realize commercial benefits beyond compliance.

All of this can be hard to achieve alone, but with the right approach, businesses can make PCI DSS work for them.

To learn more about where to start on the path to achieving PCI DSS compliance and best practice for enabling a positive digital transformation, read our eBook.

Tags: FIMEPCI CompliancePCI-DSSSecurity
2
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023
    mule. real-time

    Early Detection of Mule Activity Requires Real-Time Solutions

    May 22, 2023
    embedded finance, ecommerce

    How Retailers Can Enter the World of Embedded Finance Confidently 

    May 19, 2023
    cross-border

    Cross-Border Trade is a Cinch with the Right Payments Partner

    May 18, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from Brightwell: