After an SME representative spoke out early last week against the enforcement of PCI DSS regulatory measures, saying that they would damage small businesses, security experts have come out to defend the data security standards, although the issue is clearly complex.
Data security expert Jan Fry explained in an interview with SC Magazine that there was growing animosity between credit card companies and smaller businesses, but also said that this mistrust of the security standards came from a lack of comprehension of the terms and implications of the PCI DSS.
Mr Fry said that it was acknowledged by those within the industry that the current standards were not universal in their appropriateness, but that fighting against security standards that are ultimately put in place to protect the consumer could be more damaging to businesses than complying with regulations.
In fact experts were keen to explore the PCI DSS in a way that showed off its flexibility and scalability, with Mr Fry saying that most businesses accept the necessity for adherence because in most cases the benefits outweigh the pitfalls. He also said that there was no reason for small businesses to fear that they would be ‘exterminated’ as a result of non-compliance and derided the partisan attitude taken by a number of PCI DSS’ detractors.
It is accepted that most small businesses are looking to take on the PCI DSS with as little financial impact as possible and in a recent study by Ponemon and Imperva it was discovered that many believed that compliance was an intrinsically expensive procedure, which discouraged business owners from even attempting to follow the guidelines.
Imperva’s Amichai Shulman said that small businesses should consider the PCI DSS as a way of mitigating the risks of security breaches and data loss. He cited a recent hack suffered by an online store which originated from a single insecure application that failed to meet industry standards, making it easy for cybercriminals to steal the payment card details of the site’s customers.
However, Mr Shulman added that credit card companies needed to work with small businesses closely in order to ensure a wider level of acceptance and ultimately better data security for all.
