PCI Council Launches Group to Help Improve SME Compliance

Written by

Industry body the PCI Security Standards Council (PCI SSC) has launched a new group dedicated to simplifying PCI DSS compliance for small businesses across the globe.

Announced last week, the Small Merchant Taskforce will be co-chaired by Barclaycard and the US-based National Restaurant Association (NRA).

The aim is to provide cross-industry expertise for smaller merchants, explaining how they can better protect customers’ payment card data.

The group will offer best practice advice on things like working with security assessors, vendors and security providers, as well as guidance tailored specifically for small businesses to help them benefit from existing “PCI best practices, standards, training programs and solutions.”

Further insight on current market trends, issues and concerns will also be made available via the PCI Council.

Barclaycard payment security manager, Phil Jones, argued that small merchants are especially vulnerable to cyber attack.

“They usually have very limited resources and technical expertise at their disposal, and often lack the necessary tools, information and education to recover and prevent them. Helping these businesses will be a key focus of the taskforce’s efforts,” he added in a statement.

“By working together we aim to provide practical ways to help improve the security of smaller merchants, reduce their risks, and make the experience of PCI DSS compliance quicker and less complicated for them.”

PCI DSS is designed not only to improve data security among businesses which handle card payments, but in the event of a successful breach compliant organizations will usually not been held liable by the card companies.

However, the compliance process has been criticized for being too onerous, and expensive, for small and medium sized firms.

The latest version of the standard, 3.0, came into force at the beginning of  2015 and was designed to given firms greater flexibility to choose the right security approach according to their risk management strategy.  

In March 2015, the Verizon PCI Compliance Report found that although compliance doubled in 2014 compared to the previous year, only 28% of firms were still compliant, less than a year after being certified.

Regular testing of systems and maintaining firewalls are the two areas where most firms fell out of compliance, the report found.

Any merchants interested in helping out with the small business taskforce initiative are invited to contact the PCI SSC on info@pcisecuritystandards.org.

What’s hot on Infosecurity Magazine?