28 June 2016

PCI DSS assessment is wrong and outdated

The way PCI DSS compliance is assessed does little to improve a company’s security profile, argues Charles White, CEO of security specialist IRM.

Following the PCI Council revealing in February that they would be publishing a new version of the Payment Card Industry Data Security Standards (PCI DSS) in 2016, which will feature updated deadline dates for the Secure Sockets Layer (SSL)/Early Transport Layer Security (TLS) migration, it has led to some in the industry looking at how PCI DSS compliance is currently measured and assessed.

As it currently stands, the way the PCI Council regulates the PCI DSS compliance requirements is fundamentally wrong for businesses today. In fact, the harsh reality is that for many organisations, the process of gaining PCI DSS accreditation is nothing more than a tick box activity that they must go through – a rush to compliance nirvana.

Organisations need to stop going through the motions with PCI Compliance and adopt a risk based approach which will enhance their understanding and visibility of the whole business’ security risks.

Read the full article on Information Age