PCI: Not Just For Payment Anymore
Evan Schuman writes on StorefrontBacktalk:
As retail CFOs begrudgingly approve extensive dollars to help with PCI accreditation efforts—even though many IT departments are using those dollars for projects that primarily have little to do with security—many are discovering that a program designed to protect payment data will also do a fine job at protecting almost any other kind of data.More here.
With CRM systems trying to interact with Web analytics, mobile databases, purchase and returns histories and tons of other non-payment databases, the amount of non-credit-card data that is at risk easily dwarfs Visa transactions.
The same common sense guidelines that are the soul of PCI—dealing with wireless, encryption, knowing what you're retaining and retaining only what you need—can be widely extended. But the same checklist mentality that is PCI's weakness also pigeonholes PCI into only being used for payment, which is silly.
0 Comments:
Post a Comment
<< Home