Merchants need to immediately start understanding what additional budget they are planning to allocate to tackle the increased time and costs necessary to maintain PCI compliance. Even working to find and procure the services of an approved scanning vendor will take time and internal resources.
For many merchants, PCI Compliance and related activities are a necessary annual pursuit that require additional work for resource strapped internal business units. The looming complexities of PCI DSS 4.0, combined with transitioning to a Level 1 merchant, will likely leave many organizations in the lurch as they determine how to handle these increased responsibilities.
Security attacks should be mentioned in the same breath for predictability as death and taxes, and increasingly an organization’s security resources are too strapped for time to operate, complete project work, and continue to adapt and tune their security approach. Third parties who can evaluate your current security environment and provide critical, unbiased feedback with a plan for continued improvement are more vital than ever before.
There’s an inherent stickiness to any token provider, but as companies evaluate their payment architecture and look at pricing, performance, service level agreements (SLAs), and other factors, chances are that swapping out a provider or adding a new service will require a token conversion.
For petroleum marketers, now on the other side of Outdoor EMV implementation, payments at the pump seem more secure and less prone to fraud. This view is only somewhat true, however: Committing fraud by way of stolen card is now more difficult, but sensitive payment data is both more vulnerable and more under attack than…