company does not currently offer any financial incentives for merchants outside the U.S.
"While Visa USA did offer some monetary incentives for U.S. merchants for a short period of time, the major motivator for merchants to achieve compliance has been their desire to properly protect cardholder data and to prevent being the target of a data compromise," she says.
Keep the global perspective
Regardless, security experts agree companies must look at PCI security as a global mandate and ensure that the same controls used in the U.S. are being used elsewhere. There's a danger of that not happening when companies find themselves deep in the weeds trying to get their arms around the sheer scope of the standard, says Daniel Blander, a CISM, CISSP and president of Techtonica Inc. in Los Angeles.
His advice is to not let the scope of the challenge get the better of the organization, and use every remediation and control to give something back to the business that provides a non-PCI return on investment.
"File integrity monitoring is great for improving the quality of implementations and maintaining configuration standards if used correctly; configuration standards can improve the delivery of services and systems by promoting consistency," he says, noting that's good for business as a whole -- wherever in the world the company operates from.
Reprinted with permission from CSO. Story copyright 2008 CSO Inc. All rights reserved.
Post new comment