International Cyber Expo International Cyber Expo
  • About Us
Thursday, 9 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance

by The Gurus
November 12, 2019
in Regulation
PCI DSS Compliance Word cloud
Share on FacebookShare on Twitter

By Arnaud Crouzet, VP Security & Consulting at FIME

As data breaches continue to rise globally, protecting the integrity of customer data (especially in the payments world) is vital. One essential security standard helping keep such data secure is PCI DSS – an information security standard for organizations that handle cardholder data. But aligning with the standard can be complex, time consuming and costly. And, as result, many payments stakeholders are becoming complacent about compliance.

In fact, less than 18% of organizations measure their DSS controls across their entire environment more frequently than requirements specify. While doing the bare minimum means that companies avoid receiving hefty non-compliance fines, it doesn’t achieve a great deal more…

Adopting a compliance framework that complements commercial objectives alongside the latest security and privacy requirements is key to truly reap the benefits of PCI DSS. With a new approach, stakeholders can maximize their investment in compliance to achieve greater efficiencies, tap into new revenues and deliver more valuable services to customers. With this in mind, how can the business opportunities of PCI DSS be unlocked?

Scoping it out

Defining the scope – where organizations outline the infrastructure that falls under the requirements of the standard – is one of the most important phases of PCI DSS compliance. But by using it as an opportunity to scrutinize systems, it can also be a useful tool to streamline operations and ‘reduce the scope’ of compliance.

Consider insuring a house. Without any locks on the doors or windows, premiums will be high. But, by considering all entry points and securing them effectively, the risk can be reduced. Taking this one step further, by permanently blocking an unused entrance, for example, the risk posed to the house can be dramatically reduced – and, in turn, so can the insurance premiums!

Scope reduction with PCI DSS works on the same principles. With the right attitude, companies can significantly reduce the scope of their systems that fall under PCI DSS, reducing the risk, ongoing expense and time of compliance.

If it isn’t broken, make it better!

Once your payment infrastructure is in place, it can be difficult to both critically assess your own systems and challenge the different parts of the chain, such as processors and acquirers. It’s very easy to say, “It works, so why touch it?”, but this can be a costly approach longer term.

PCI DSS compliance is the perfect trigger to ask: “Why do we do it this way?”, “Can we be more secure?”, “Can we be more efficient?”, “How can we do better?”. By using the time dedicated to review systems and achieve compliance more constructively, players can spot opportunities to put in place better processes, methodologies and technologies. The resulting systems are not only smoother operationally, but deliver significant cost and time efficiencies long term.

Deliver added value

If implemented intelligently, new technologies added to achieve compliance can also supplement the delivery of new value-added services.

Take payment tokenization, for example, used to encrypt end-to-end cardholder data. While significantly reducing the scope of compliance, these tokens can also be used to identify customers across omnichannel retail environments and automate loyalty programs without (or alongside) a separate loyalty card. For brick-and-mortar retailers, this can help bridge the gap between the online and offline world while bringing greater simplicity and flexibility to the consumer.

Loyalty programs are hugely effective in increasing revenues (members on average spend $42.33 more than other shoppers), so tapping into this market helps maximize return on investment.

Looking to the future

PCI DSS is currently only applied to transactions routed by the PCI member payment schemes. But, they’re a strong benchmark for the protection of all payment systems and customer data universally.

If already applying PCI DSS for card payments, extending it to cover ‘transactions’ generally – protecting instant payments, credit transfers, P2P payments, International Banking Account Numbers (IBANs) and more – can help safeguard and secure systems for the future.

Following the PCI DSS rules blindly can be costly, complex and, in some cases, impossible. The guidelines need to be applied intelligently, using new methodologies and technologies to do things in new, better ways and, in turn, realize commercial benefits beyond compliance.

All of this can be hard to achieve alone, but with the right approach, businesses can make PCI DSS work for them.

To learn more about where to start on the path to achieving PCI DSS compliance and best practice for enabling a positive digital transformation, read our eBook.

Share4Tweet
Previous Post

IoT under fire:

Next Post

By the time you’ve been compromised, it’s already too late

Recent News

hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026
Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

July 8, 2026
Kirsty Fowler, WorkNest Secure

Next Gen Spotlights: Building a More Resilient Future – Q&A with WorkNest Secure

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol