Companies processing less than 6 million transactions cannot rest easy, Infosecurity notes, as levels two, three and four merchants – which covers most online retailers – will automatically be moved to level one status in the event of a data breach occurring.
According to IT audit and data logging specialist LogRhythm, with the deadline looming – and the penalties for non-compliance more costly and onerous than ever – merchants are currently focused on achieving compliance.
However, says the company, organisations should not adopt any quick fix measures in order to meet the impending deadline, but instead think carefully about their long-term security needs.
Ross Brewer, LogRhythm's managing director of international markets, said that many merchants are falling into the trap of viewing PCI DSS as a list of requirements that simply need to be ticked off a list within a specific timeframe.
"However, compliance is not a one-time only requirement. Instead organisations should approach it as an ongoing process that requires the automation and optimisation of increasingly complex IT and data operations", he explained.
According to Brewer, LogRhythm believes that merchants are all too often treating PCI compliance as the responsibility of a single business division, without considering how the measures it prescribes can improve operational efficiency across all areas of the organisation.
Many merchants, he says, are taking a siloed approach to PCI DSS, thinking about how it impacts card transaction procedures, rather than viewing it as a set of best practices that can actually improve the performance of the entire business.
And, he notes, whilst such 'kneejerk' responses to PCI mandates may seem relatively cheap to implement, in reality they are a false economy.
Instead, he explained, it makes sense to deploy monitoring solutions that can add value in as many areas as possible. After all, there is a significant difference between simply complying and actually doing something that benefits the business as a whole.
Against this backdrop, LogRhythm is advising merchants that automated, centralised and fully integrated log management platforms, capable of providing deep insight into how IT systems are being used across the whole business and on an ongoing basis, should be the cornerstone of their compliance strategies.