PCI Compliance and Identity
I don't know if it's just that time of the year when retailers large an small are gearing up for Black Friday, or if it is something else but, PCI Compliance is on the minds of many and I felt compelled to blog about the discussions I've had with several organizations from School Districts to large privately held Level 1 companies lately, and why identity is at the center of it all.
Oh, and I'll also fill you in on a way for PCI Level 3 organizations to implement a solution for $100,000 which is the proposed amount of a fine if you are found non-compliant.
Identity is at the center of PCI becuase it requires organizations to restrict access of identified and authorized employees to getting at the identity information of customers.
The conversations I have had the past few weeks have been interesting. It turns out that one level 3 organization I spoke to has been trying for 2 years to come up with something that will get them compliant. Not because they wanted to, but because their bank wanted them to prove compliance. Interesting that banks are moving risk back to the customers, at least the little ones.
The other conversation I had was with a diversified company in the midwest that stores and uses a ton of information related to PCI, and their customers were the ones asking for proof that they were PCI complaint, or at least had protections in place at the same level or better than what the customer had. It was interesting because it seemed to me that their customer was trying to assess and mitigate risk and enforce policy and standards inside and outside their 4 walls, which is a HUGE issue for companies today, PCI compliance or not.
Anyway, take a look HERE and you will be able to download the PCI specification and bullet by bullet how TNT can help you staisfy 60% of the requirements in less than a week.
identitystuff @ gmail.com
Oh, and I'll also fill you in on a way for PCI Level 3 organizations to implement a solution for $100,000 which is the proposed amount of a fine if you are found non-compliant.
Identity is at the center of PCI becuase it requires organizations to restrict access of identified and authorized employees to getting at the identity information of customers.
The conversations I have had the past few weeks have been interesting. It turns out that one level 3 organization I spoke to has been trying for 2 years to come up with something that will get them compliant. Not because they wanted to, but because their bank wanted them to prove compliance. Interesting that banks are moving risk back to the customers, at least the little ones.
The other conversation I had was with a diversified company in the midwest that stores and uses a ton of information related to PCI, and their customers were the ones asking for proof that they were PCI complaint, or at least had protections in place at the same level or better than what the customer had. It was interesting because it seemed to me that their customer was trying to assess and mitigate risk and enforce policy and standards inside and outside their 4 walls, which is a HUGE issue for companies today, PCI compliance or not.
Anyway, take a look HERE and you will be able to download the PCI specification and bullet by bullet how TNT can help you staisfy 60% of the requirements in less than a week.
identitystuff @ gmail.com
1 Comments:
PCI Compliance and Identity
Post a Comment
<< Home