Background: As an on-line retailer, although PCI compliance is not mandatory, the risks and potential costs associated with non-compliance are prohibitive. The most obvious way to demonstrate due diligence for payment card handlers is working towards PCI-DSS compliance.
Most e-commerce retail websites will use an external secure payment service firm like WorldPay, SagePay or PayPal for handling their payment card transaction. This simplifies certain aspects of payment card handling, but for PCI compliance, all touch points where card detail may be communicated or transmitted need to be reviewed. This will touch IT systems at OS, Db, and application levels. It will also affect working processes e.g. manually writing details down on paper, telephone systems, including phone call recording systems. Most firms will find that they may need to adopt new technology and alter working practices in order to achieve PCI compliance.
Scenario – Necessity to achieve PCI compliance.
Nervousness that legacy configuration and development needs reviewing for backdoors and poor security hygiene.
Concern over Hacking Team, (Remote Control Software) access via Smart Phones.
Aware of current repeated intrusions, and aware that the consequences may mushroom.
Cyber Security high on the C’ Level priorities list. Need to demonstrate due diligence.