PCI DSS neglect can damage a business’ reputation

The payment card industry data security standard (PCI DSS) is a set of requirements developed and maintained by an industry council made up of some of the biggest names in the game.

Compliance with these measures is important for businesses and clients – not to mention financial providers – as it protects their reputation and helps to enhance the purchasing experience.

However, a recent interview published by ZDNet on April 24 with a leading expert on PCI DSS asserted that many firms had neglected their security obligations.

According to senior security consultant Steven Surdich, companies sometimes engaged in so-called 'patching' behaviour before a yearly audit rather than ensuring their system was adequately protected at all times.

The PCI expert stated that this kind of activity was obvious to external qualified security assessors who are charged with ensuring that a company's defences are in line with the industry standards

Mr Surdich explained: "The environment that was certified as PCI compliant – that needs to be protected from unauthorised changes.

"You want to make sure that you understand the environment, and that you're actually part of the change process in some capacity."

Regular reviews of the payment card systems by a registered professional can be helpful in this process, as they explain the requirements on a relatable basis.