Businesses struggle with data governance, PCI compliance
Many online retailers have a number of success stories to share after the holiday season turned out particularly well, despite a still sluggish economy. As they move forward into the new year, however, it may be wise to temper that optimism with strong safeguards to protect the data they collect. This is likely one of the warnings that will come from a PCI audit software firm Ground Labs in its presentation at the PCI London 2013 conference, held on January 24.
"Criminals are always going to look for opportunities to steal sensitive cardholder data," explained Stephen Cavey , director of corporate development for Ground Labs. "It is alarming that many organizations still overlook critical steps, such as identifying the location of all sensitive information. Such steps are the foundation of a solid information security program and must occur before the organization can establish a plan for achieving and maintaining PCI compliance on an ongoing basis."
Research from Ground Labs revealed a significant gap in data governance practices, as the company's software found 20 million credit card numbers stored by a company that believed it had no sensitive data. As Cavey noted, businesses must improve visibility over the information they collect and manage to be able to protect it effectively.
The road to PCI compliance can be a difficult one to navigate due to the complexity of regulations and the ambiguous nature of certain guidelines. While it may seem like an overwhelming task, some companies mitigate their risk by forming partnerships with consulting firms and compliance software providers. As Hungry Howie's recently illustrated by implementing solutions from SecureConnect, however, technology should be supplemented with operational improvements.
In addition to emphasizing the need for a robust compliance solution at its National Franchisee Convention, the company spread awareness through email and educational sessions so that franchises could set realistic PCI compliance objectives and reach them.
Website owners that want to start implementing PCI compliant safeguards can implement an SSL certificate to better protect sensitive customer data.