PCI DSS: is the cure worse than the disease?

PCI compliance is an expensive business, but is it worth it?

By Sophie Curtis, Techworld |  Security, pci compliance, PCI DSS

"The Data Protection Directive has some significant challenges and requirements around customer data that are going to make PCI look like a walk in the park," said King.

"If you have got to protect all of your customer data, that means significantly more work; and if you're then required to notify your information commissioner within 24 hours of a breach, that's going to be a challenge; and if the data commissioner can then have the opportunity to fine you 2% of your global turnover, then that is not just the card schemes that are giving you fines."

Kiron Farooki, partner at Bond Pearce law firm, pointed out that some insurance companies are already responding to the European Data Protection Directive by providing "cyber insurance" that will allow businesses and retailers to spread out the cost of insurance over time.

However, Birch maintained that a more cost-effective solution is needed.

"You're never going to get the cost reductions that everybody needs, we have to rethink it, and I think looking at these more identity-centric ways is the way forward," he said.

"We have to work with a proper identity infrastructure, which isn't something to do with payments or banks, it's a cross-sector thing."


Originally published on Techworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness