PCI DSS compliance – It’s easy to make it tough on yourself….

Posted on July 2nd, 2009 by Drazen Drazic

It’s been an interesting few months as we’ve seen a rapid rise in the number organisations coming to talk to us about PCI DSS compliance. The really cool thing as mentioned here, is that we are seeing proof that if you approach your PCI DSS compliance projects like we suggested here in this post; “PCI Compliance Projects – The road to nowhere…“, you will have a greater chance for success!

We’ve worked with so many great companies in recent months who’ve taken the advice on-board seriously and have made awesome inroads in regards to their IT security position (and PCI DSS compliance) – most now “compliant”, (….well as compliant as you can get).

On the flip-side, and lets not dwell on this too much, we’ve also seen a few organisations prove that not approaching a PCI DSS compliance project, as recommended in our post, does make for an expensive and very much time-consuming/wasting exercise for all.

A PCI DSS compliance project is what you make of it. You can give up and claim it is impossible, (and close your eyes to the fact that there are others who have done it), or you can make it work. The principles of a successful PCI DSS compliance project are no different to the principles you would adopt to make any other project successful!

Related Links:
- Previous PCI Posts (Uncut)
- Six ways you can bork PCI
- PCI: Choosing your Auditors Carefully

3 Responses to “PCI DSS compliance – It’s easy to make it tough on yourself….”

  1. V3ndor Says:
    July 5th, 2009 at 5:19 pm

    LOL. Talking to some people about PCI compliance projects is akin to their Everest. The easiest solution is to either give up or pass the buck to some other poor guy who will spend 6 months doing nothing before he then does the same.

  2. Philip Hall Says:
    October 27th, 2009 at 7:00 pm

    Would be good if they finally started to issue fines to medium sized merchants who are not PCI DSS compliant, so that everyone else starts taking it more seriously!

    Plan to share some insights / views relating to PCI in the coming weeks on my security blog site:

    http://www.philiphall.com

  3. Drazen Drazic Says:
    October 29th, 2009 at 12:25 pm

    Philip, the threats have been around for a while but somehow it’s that last hurdle and almost a situation of each bank waiting for another to be the big bad guy first. I could be wrong and there could be a heap of fining going on right now but so far, all seems like just threats.

    Looking forward to reading your work at:
    http://www.philiphall.com

    DD

Leave a Reply