Free Newsletter
Register for our Free Newsletters
Zones
Access Control
Alarms
Biometrics
Detection
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
Surveillance
View All
Other Carouselweb publications
 
 
 
 
 
 
 
 
News

Compliance Deadline Passes For Level 1 Merchants in the UK

Lumension Security : 01 October, 2010  (Technical Article)
Certain retail companies in the UK now have to conform to revised PCI compliance guidelines as explained by Lumension
UK Level 1 Merchants that accept Visa payments and process more than 6 million transactions annually will need to comply with the original v1.2 PCI guidelines by September 30 2010. The deadline means Level 1 merchants must demonstrate that they are fully compliant or risk being fined for non-compliance. This deadline comes as European director for PCI, Jeremy King, is raising awareness of PCI across Europe.

Alan Bentley, SVP International at endpoint security firm, Lumension, commented: "PCI compliance might have been around for some time, but merchants are still struggling to get their heads around the requirements. The September 30th deadline is mandating that Level 1 merchants now comply with the original v1.2 guidelines. However, the compliance puzzle doesn't end there. Version 2.0 is just around the corner. Meaning, merchants not only need to be concerned about their ability to prove compliance with v1.2, but with the steps they need to take to get to the next stage of compliance.

"All too often, organisations fall into the compliance trap and focus all their efforts on meeting the requirements of a new deadline, without thinking about the bigger picture. This broken compliance strategy is not only costly, but ineffective when it comes to security. Taking a myopic view of regulatory compliance creates a situation where merchants are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets.

"Merchants must avoid detaching Risk Management from compliance. PCI standards are designed as a starting point to helping build a strong security posture, but are specifically concerned with payment card data. To achieve true, continuous security across all aspects of the organisation, merchants should consider the following:

* Avoid a silo approach - don't separate compliance and risk management
* Gain visibility across security controls and regularity compliance
* Ensure processes are manageable, automated and repeatable to enable 24x7x365 compliance and security
* Enforce security policies with operational endpoint management
* Prevent the execution of malicious code by allowing only approved applications to run in an environment - this can be achieved with intelligent whitelisting
* Centralise data gathering to ease compliance reporting and audit workflows
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com