IT GRC Forum

PCI Compliance: Finding Value beyond Fine Avoidance

Javelin Strategy & Research, Nov 2007, Pages: 26

Safeguarding customer data is a necessary component of good business practice, yet the numbers of data breached accounts are at an all time high. Data security has not been given front line priority, and as a consequence an environment of mistrust of the card eco-system has developed among consumers, merchants, acquirers, and issuing banks. To stem this tide, the payment networks have responded with a renewed emphasis, harsher penalties, and more specific deadlines for Payment Card Industry Data Security Standards (PCI DDS) compliance.

Data Breaches and Buyer Behavior:Moving PCI Compliance from Costly Burden to Competitive Advantage

Javelin Strategy & Research, March 2007, Pages: 35

In light of the TJX saga, issuers will no longer passively accept the costs incurred from lost cardholder data that is no fault of their own. Merchants, on the other hand, view PCI compliance as costly and burdensome, and of little value beyond "compliance". Rather than point fingers and assess blame, all industry participants must understand the necessary steps to secure cardholder data efficiently and cost effectively.

Understanding How PCI-Compliant Companies Can Be Breached: Security in a Post-Heartland World

Javelin Strategy & Research, June 2009, Pages: 49

The Payment Card Industry Data Security Standard (PCI DSS) raises the high water mark for data security. But there's a persistent myth that PCI compliance equals security. The reality is that PCI is only a baseline, and one that needs to be monitored constantly as the threat landscape changes. In the months following what may be the largest the data breach in U.S. history at Heartland Payment Systems®, many people are wondering if PCI is effective.

World Firewall Management Solutions Market

Frost & Sullivan, May 2009, Pages: 74

Regulatory Compliance and the Need for Efficient Corporate Governance

Due to the sensitive nature and potential ramification of information being lost, local, state, and federal governments have enacted legislation and regulations to protect computerized information. Examples of such regulations include the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI-DSS) requirements.