We notice you are visiting from a U.S. Internet provider. 
01/03/2010 -
Restricting access to payment processing data is considered the most important aspect of PCI DSS compliance - yet it is also the aspect merchants struggle with most.These are the results of a study released Monday by the Ponemon Institute, on behalf of IT security firms Thales.
In a survey of Qualified Security Assessors, the Ponemon Institute found that Requirement 7 - which requires that merchants restrict access to cardholder data to individuals on a "business-driven need-to-know basis" - was the requirement respondents felt was most important to achieving PCI compliance, yet QSAs also noted that it is the most difficult requirement for merchants to meet.
Other survey questions reinforced the common conception that merchants are focusing more on PCI compliance - and therefore on avoiding fines - than on true payment processing security.
"This study indicates a significant concern among QSAs that many merchants are primarily focused on complying with PCI and less on what should be equally important - protecting sensitive information," said the report.
Many industry experts, including PCI Security Standards Council general manager Bob Russo, emphasize the importance of taking a long-term view of payment processing security, as a short-term, compliance-focused view can actually present significant security - and consequently financial - risks.
