No thanks, stay here.  

  We notice you are visiting from a U.S. Internet provider. Switch to our U.S. website.

Industry News

PCI DSS compensating controls are not shortcuts, experts remind businesses

By Joseph Trigliari

18/03/2010 - Many businesses think of compensating controls as a shortcut to payment processing compliance. However, compensating controls in reality are nothing near a shortcut - they require research and analysis to correctly implement.

According to Anton Chuvakin and Branden Williams - whose book PCI Compliance is available for preview at CSO magazine's website - the following requirements must be met for a business to be eligible to use compensating controls.

First, the control must meet the intent and rigor of the original PCI DSS requirement, be "above and beyond" - not simply in compliance with - other PCI DSS requirements, provide a similar level of defense as the original PCI DSS requirement, and be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement, said Chuvakin and Williams.

The authors remind business owners that" before immediately running down the compensating control route, be sure that you have done your research and make sure that you legitimately meet all of the requirements for a compensating control." Otherwise, the business will likely not pass the PCI compliance audit.

In general, business owners should concern themselves more with security than compliance, says Bob Russo, general manager of the PCI Security Standards Council. Russo recently told Bank Info Security's editorial director Tom Field in an interview that merchants should "live, breath, eat, sleep, not PCI, but security."ADNFCR-2514-ID-19677881-ADNFCR

Related News - Security and Fraud

Study: PCI compliance a no-brainer among Level Four merchants

10/01/2012

A recent survey by research firm Gartner found nearly one-fifth of retailers and credit card processing services are not compliant with Payment Card Industry Data Security Standards.

Full Article

Tracking spending can be made easy with credit cards

06/12/2011

Many people feel that plastic payment processing options can lead to overspending, but a recent article published by Forbes explains that making payments with credit cards is actually a great way to control costs and track expenses.

Full Article

Keeping business bank accounts safe and secure

11/10/2011

The internet has provided consumers with many new and convenient ways to access their account information, but these advances have also created the need for thorough security measures.

Full Article

Personalized payment chips get fraud prevention upgrade

10/10/2011

Payment chips made by Fiserv will now be further personalized using the Europay MasterCard Visa (EMV) standards, a global credit card payments technology that helps prevent fraud from lost, stolen or counterfeit cards.

Full Article