Skip to main content

Leveraging Risk Strategy to Move Beyond Check-Box PCI Compliance

October 29, 2018

Merchants often put compliance spending at the top of their list for budgeting purposes because the consequences of non-compliance can be expensive. Fear of increased processing fees from acquiring banks, penalties from credit card companies and the risk of brand and reputational damages can be quite compelling. 

However, compliance does not always equal security. Merchants can be 100 percent complaint and still be breached. The time has come to think beyond the Payment Card Industry (PCI) requirements and embrace a unique, holistic Secure Payment approach. Leveraging existing PCI compliance foundations and technology investments, while incorporating leading cyber security best practices, enables merchants to secure their entire payment lifecycle.   

The increasing popularity of simplified payment methods, such as PayPal, Apple Pay and Venmo, amplifies the importance of data privacy and the need to protect an organization – in addition to its customers. The attack surface continues to expand with the explosive growth of Point of Sale (POS) types and related applications creating more end points on-premises and in the cloud. As applications move to the cloud, exposure spreads – requiring different security techniques.   

Time for change. 

Merchants have a decision to make. Continue to invest budgets and resources in PCI compliance, leaving parts of the business vulnerable, or shift the paradigm and leverage those investments to secure the entire payment lifecycle. Continuing to add to existing technology debt is not sustainable in the long run. However, merchants need to evolve with new POS endpoints, launch new applications, expand loyalty programs and pursue digital transformation – all while protecting data and meeting compliance requirements. 

Transitioning to a focus on securing the entire payment lifecycle with risk-based decision making, rather than maintaining a laser focus on PCI compliance requirements and check-box compliance, can help merchants reduce priority juggling and optimize compliance spending. PCI compliance will become an intrinsic outcome of security instead of a separately funded and managed function. Tighter alignment of security and compliance means merchants can: 

  • Protect cardholder data at rest and in motion  
  • Identify, assess, qualify and manage risk in a prioritized manner 
  • Secure applications across the payment lifecycle 
  • Achieve security and compliance agility 

It’s time for merchants to consider risk beyond PCI requirements. A successful and comprehensive risk strategy considers risk inside and outside the cardholder data environment (CDE). Learn how to achieve a holistic payment security program by reading our white paper

    Bryan Wiese

By: Bryan Wiese

Vice President, Identity and Access Management

See More

Related Blogs

October 15, 2018

Keeping Credentials Safe: Worldwide in Real-Time

If you were to gather ten cyber security experts in a room and ask them what the most common threat actor access point is for today’s enterprise, ever...

See Details

October 08, 2018

3 Key Ways To Improve Your Incident Response

As attack surfaces expand it is critical for enterprises to develop and implement a proactive incident response (IR) plan that combats an increasing l...

See Details

October 01, 2018

Staying Cyber Safe During Digital Transformation

It’s October and that means National Cybersecurity Awareness Month (NCSAM) is upon us. This annual initiative raises awareness about the importance of...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.