This page contains a Flash digital edition of a book.
Feature
that they tick the compliance box
today, tomorrow and every day.
“THERE IS A LOT OF EDUCATION AND
Such ‘mom and pop’ businesses
COMMUNICATION REGARDING PCI DSS
are vulnerable because they are run
by people who multi-task and as THROUGHOUT THE WORLD”
such they are jack of all trades and
masters of none – compliance
being one of them. It is indeed • If you do need to store, that fails to get the important
exactly this sort of ‘low hanging understand where and why it is messages across. For others the stick
fruit’ that hackers have gone after being stored. Introduce a culture is an essential weapon.
rather than the larger multi-million of good discipline like a hard “I heard one businessman say
pound level one candidates who drive version of a ‘clear desk ‘please fine me, it will make my
would more quickly spot and trace policy’. business case for compliance’” said
breaches of security because they • Break the issue down into bite Brook Wallace.
are constantly looking for them. size chunks. Talk to advisors, Perhaps what is needed is a
Indeed 80 per cent of forensic banks, card companies about carrot-shaped stick that both
investigations have proved to be your compliance strategy and encourages and cajoles while at the
level four candidates. how you are going to approach it same time provides the shadow of
Brooks Wallace, Trustwave Sales and by when a threat when raised at retail board
Director for Europe, Middle East • Don’t think of compliance as the level. Whatever the approach, the
and Africa added a note of main point – a box to tick. Think message of compliance is an
optimism. “There is a lot of of it in terms of the end game of important one and will not go
education and communication not allowing your data to be away while the fruits of fraud are
regarding PCI DSS throughout the compromised and putting your there for the taking.
world. In fact, many level 1, 2 and online brand and reputation ‘on But as Paul Rodgers, CEO of
3 businesses are compliant, or very the line’ Vendorcom concluded:
close. The challenge lies with • Make sure your firewalls are up “Compliance is not about the
educating level 4 merchants – to standard to deal with incoming banks or the card holders, it is
smaller businesses such as mom and raids about a collective ownership to a
pop shops – and helping them to Compliance has been seen as a common problem that could result
mitigate risk and validate carrot and stick. Both work for in merchants not only losing money
compliance. These businesses need different people for different though fraud and fines, but also
to take this issue seriously as they reasons as every business is their trading reputation as trust
are the most at risk simply because different and has its characters. For will diminish along with
they don’t have the knowledge or many, talk of fines for non- shareholder investment and the
the resource necessary to validate compliance are a negative approach business itself.” RF
compliance with the PCI DSS.
Engaging is such tasks is too much
for them because they don’t know
where to start and become easily
overwhelmed.”
In terms of actually ‘eating the
elephant’ of PCIDSS compliance,
the round table discussion provided
some useful tips directed at
vulnerable businesses.
• The first place to start is an audit
of the business compliance need –
where you are and where you
need to be
• Use common sense – treat your
data like every other valuable
commodity and keep it safe
• Question the need to store data
in the first place – is it a legacy of “Complaince
previous business practice or is not a
essential to your business? In destination,
short, storage is a cheap and lazy but part of a
solution. If you don’t need to journey”
store data, don’t. By so doing, it says Andrew
removes from scope many of the Henwood of
compliance issues Trustwave
22 • RETAIL FRAUD
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44
Produced with Yudu - www.yudu.com. Publish online for free with YUDU Freedom - www.yudufreedom.com.