This article can also be found in the Premium Editorial Download "Information Security magazine: Identity crisis solved: Tips from a top identity management expert."
Download it now to read this article plus other related content.
With the goal of reducing fraud, the credit card associations' PCI standard scores points for clarity.
Credit-card fraud losses:
Complying with a straightforward standard:
Source: Privacy Rights Clearinghouse, number of accounts compromised since ChoicePoint breach in February 2005; The Nilson Report, $1.05 billion in credit-card fraud in 2004.
Getting corporate executives to approve money for security projects can be like pulling teeth. But when Erik Goldoff, IT systems manager at The Honeybaked Ham Company, explained to the company's top brass the steep penalties for not complying with the Payment Card Industry Data Security Standard, dollars earmarked for security soon flowed.
"From down in IT, it's very difficult to get any cost approved that doesn't generate revenue," says Goldoff. "If there is not some substantial return, [a project] may get sidelined or pushed to the next fiscal year."
The Norcross, Ga.-based specialty meat retailer is among the thousands of companies working to comply with the standard--more commonly known as PCI--created by credit card associations. Nearly a year after the deadline for PCI compliance, many large companies are well along in the implementation of IT security measures designed to protect cardholder information. At least five million U.S. merchants are affected by PCI, according to Visa U.S.A.
This was first published in May 2006