For many retailers, the obstacles to compliance can feel overwhelming — to the point that, until recently, fewer than half of organizations were in full compliance with PCI DSS. However, with the right tools, careful planning and knowledge of the requirements, retailers can set themselves up to not only follow the rules, but to even provide additional security around their customers’ payment data.
“PCI compliance, just like a single security assessment, is a point in time,” says Rocco Grillo, executive managing director of the cybersecurity consulting firm Stroz Friedberg. “When there’s a change to the network, a merger or acquisition or even the standard being updated, it’s a whole other story. That causes frustration to companies. Just because you’re compliant this year doesn’t mean you’ll be compliant next year.”
“There are awesome technologies out there, but technology alone doesn’t solve it,” Grillo adds. “One of the big fallacies is the idea that there’s a silver bullet technology. If you rely on a silver bullet, you’re going to run into a lot of problems.”