What is the true cost of staying compliant?

20 September 2014

Ensuring all equipment and software remains security compliant is an ongoing focus for retailers, but recent developments in Payment Card Industry Security Standards Council (PCI SCC) regulations are forcing a quicker – and in some cases more costly – evolution.

Whereas Point of Sale (PoS) equipment might have at one point had a ten year life cycle, the rate at which security requirements are changing are shortening this span all the time. Retailers may now find their hardware needs changing every 5-6 years, not even factoring into the equation how long it takes to find and deploy the most suitable alternative.

As a result, retailers are spending more money, more often, on ensuring they are PCI DSS compliant across their business. And the latest version three standards released by the council have led to another wave of merchants looking to or at feeling they might have to replace their equipment or software.

As the PCI Council revises its guidelines, the flexibility of suitable solutions that will reduce compliance scope is diminishing, and limiting the number of options that retailers can pursue. This can create situations in which implementations become costlier, either because less costly alternatives do not meet security standards, or merchants are having to make changes to their wider network in order to integrate validated solutions. Equally, some of the software runs from new hardware devices which is not always particularly retailer-friendly, and can affect the time it takes to carry out necessary tasks.

Thankfully, there are solutions reaching the market that provide much easier integration at the same time as reducing scope for PCI DSS. However, lack of effective planning can lead to retail businesses rushing into a decision, opting for a costly replacement that has limited scalability for future security developments – meaning the life cycle of their latest investment is limited.

The need to update in-store equipment and software to ensure customer data is closely protected will never go away. Retailers who manage these requirements best will be those who plan ahead and seek the best long-term solution.

What is the true cost of staying compliant?

Ensuring all equipment and software remains security compliant is an ongoing focus for retailers, but recent developments in Payment Card Industry Security Standards Council (PCI SCC) regulations are forcing a quicker – and in some cases more costly – evolution.

Whereas Point of Sale (PoS) equipment might have at one point had a ten year life cycle, the rate at which security requirements are changing are shortening this span all the time. Retailers may now find their hardware needs changing every 5-6 years, not even factoring into the equation how long it takes to find and deploy the most suitable alternative.

As a result, retailers are spending more money, more often, on ensuring they are PCI DSS compliant across their business. And the latest version three standards released by the council have led to another wave of merchants looking to or at feeling they might have to replace their equipment or software.

As the PCI Council revises its guidelines, the flexibility of suitable solutions that will reduce compliance scope is diminishing, and limiting the number of options that retailers can pursue. This can create situations in which implementations become costlier, either because less costly alternatives do not meet security standards, or merchants are having to make changes to their wider network in order to integrate validated solutions. Equally, some of the software runs from new hardware devices which is not always particularly retailer-friendly, and can affect the time it takes to carry out necessary tasks.

Thankfully, there are solutions reaching the market that provide much easier integration at the same time as reducing scope for PCI DSS. However, lack of effective planning can lead to retail businesses rushing into a decision, opting for a costly replacement that has limited scalability for future security developments – meaning the life cycle of their latest investment is limited.

The need to update in-store equipment and software to ensure customer data is closely protected will never go away. Retailers who manage these requirements best will be those who plan ahead and seek the best long-term solution.