Large UK retailers, such as John Lewis and Tesco, have
shown a relaxed, in control, strategic approach to meeting the
Payment Card Industry Data Security
Standard.
Smaller retailers are, however, struggling to meet the
payment card industry's pressing demands to
secure customer data.
We report this week that retailers have been
afforded some breathing space by two of the
companies behind the rules. Rather than insisting on immediate
compliance with every part of the standard by the 30 June
deadline, Visa and MasterCard are advising firms to prioritise
securing the sensitive customer data on their IT
infrastructure.
This pragmatism is to be welcomed. Most UK retailers only became
aware of the PCI DSS recently, and it will take them two or more
years to catch up.
Nevertheless, there surely has to be a lesson here about the
need to spread the strategic knowledge, in this case around
compliance, embedded in blue chip firms more widely. Information
security is a social good more than it is a weapon of competitive
advantage.
Comment on this story:
computer.weely@rbi.co.uk