PCI Perspectives Redux
Datasecurity from PCI and Data Security Compliance was kind enough to both comment on my PCI thoughts from yesterday and pen an entry of his (her?) own. Apparently though I must not have been clear in my thoughts.
Datasecurity replied
I’m sorry to hear you feel that PCI is a tough pill to swallow.
To be accurate, I personally think PCI can have great impact in numerous ways. My question is pointedly about small business owners who may find the controls and changes needed for compliance to be a rather bitter pill.
Also Datasecurity stated
This is true, but why should a small or medium sized company be permitted to put my credit card data at risk just so they can reduce costs?
Of course no one is advocating reckless abandon with your personal credit card data. This paints a rather negative picture of those with whom you choose to do business. I think instead that for many small merchants compliance is an issue of control. Personally, as a network weenie I like the controls that compliance must introduce. Compliance encourages a more complete approach to security and processes. I like that. But what I would like to hear are how people have successfully (or not-so-successfully) introduced these controls and measures within small merchants.
Compliance for compliance sake is a good thing, but I would like to find strategies to convey that compliance can have so much more value. How can we help small merchants find the silver lining of compliance and begin to view it as a benefit rather than a burden?