IT Governance Blog on IT governance, risk management, compliance and information security.

Over the weekend, you may have heard of Global Payments’ data breach, which caused 1.5 million credit card accounts to be compromised.

Global Payments, which processes payments for fims such as Visa, Mastercard and American Express admitted that thieves had accessed card account numbers, expiration data and security codes.

As a result of the data breach, Global Payments has:

• Suffered an 12% price drop in shares
• Lost one of its most important customers; Visa promptly dropped Global Payments from its list of approved vendors and Global Payments is expecting Mastercard to do the same

So in less than 4 days, the US payment processor has suffered a significant loss to their company, including vital and powerful customers, a drop in share prices and significant brand damage.

How easy do you think it will be for Global Payments to win back contracts with Visa and possibly Mastercard? Will they ever regain trust from both customers and clients?

It looks unlikely, but they can always hope. Global Payments Chief Executive Paul Garcia has pledged to spend more on security, but is it all a little too late?

We don’t just tell you this stuff to scare you, they’re real facts that are happening to real companies throughout the world.

In the UK, all organisations must comply with the Data Protection Act and every organisation that stores, transmits or processes card holder data must comply with the Payment Card Industry Data Security Standard (PCI DSS).

Get your company up to scratch with DPA, PCI DSS and Information Security (ISO 27001) with specific training courses >>

Source: BBC

Compliance is a dirty word that many folk get turned off by and tend to ignore. Let’s turn this around and make it exciting. Let’s make it easy and let’s make it a positive business enabler!

There are three compliance issues that I want to discuss today and before you turn off and press Ctrl D, you will not want to miss this, I promise!

I’ll start with a little teaser. Would you like to achieve any of these outcomes:

• Reduce your monthly costs?
• Demonstrate to the board that you are protected against fines?
• Empower your customers to love you even more?
• Win new business because of your competitor’s shortcomings?
• Attend a one day training course for free?

I’m guessing that you agree with all of these, yes? Great, let’s find out how …

Read on or skip to the good stuff!

The three compliance issues I want to discuss are issues that affect many UK organisations. Firstly we have the UK Data Protection Act (DPA). Secondly we have the Payment Card Industry Data Security Standard (PCI DSS). And finally we have the very real threat that all organisation should be looking to combat right now, the threat of Cyber Attack.

Ok, you may be thinking that cybersecurity isn’t a compliance issue. Technically you may be correct but in reality, sooner or later your shareholders, your customers and more than likely your supply chain, will be demanding that you demonstrate compliance with the international Cybersecurity Standard ISO 27001.

So how will compliance help achieve these outcomes? It’s fairly straight forward …

Reduce your monthly costs:
Have you checked your bank charges statement lately? Have you seen the charge for ‘PCI DSS compliance’?
This isn’t a charge for compliance – this is really a charge for non-compliance. It’s costing most SMEs £600+ per annum to be non-compliant.

Demonstrate to the board that you are protected against fines?
Organisations found to be in breach of the DPA are being fined up to £500K by the Information Commissioner’s Office! Achieving DPA compliance will remove this risk and protect you from regulatory fines.

Empower your customers to love you even more:
By achieving DPA and PCI compliance, you will demonstrate to your customers that you take the security of their personal and sensitive data seriously. You will give them confidence to spend money with you and they will love you even more.

Win new business because of your competitor’s shortcomings
The press are all over data breaches and Cyber attacks right now. Take a look at Sony – Following a stream of data blunders, primarily at the hand of Cyber criminals, they have basically sent their customer packing. Savvy competitors have capitalised on Sony’s misfortune (misfortune used very loosely here), and won market share by demonstrating robust cyber resilience, and thus inspiring confidence in the market place.

Attend a one day training course for free
Do I have your buy-in for achieving compliance with the DPA, PCI DSS and ISO27001? Great, let’s find out how to make it exciting and easy. I hope by now, that you’ve seen how compliance can be a positive business enabler.

The DPA, PCI and ISO 27001 Foundation Combination Package is the most cost effective route to DPA and PCI compliance and will set you on the path to ISO 27001 Certification.

	DPA, PCI and ISO 27001 Foundation Combination Package Book in March to get one course free! RRP: £1,429 Price: £954 You Save:£475

Becoming PCI compliant can help you avoid potential fines, loss of business and brand damage. It also demonstrates to your customers and stakeholders that you take cyber security and the protection of personal data seriously.

At IT Governance we have created the PCI compliance toolkit to help organisations become compliant quickly and cost-effectively. We have helped hundreds of businesses become compliant, but don’t just take our word for it, take a free demo of our PCI Compliance toolkit today.

	PCI DSS Documentation Compliance Toolkit (V2.0) Price: €299.95

Consisting of just 45 pages, PCI DSS A Pocket Guide provides a complete overview of the Payment Card Industry Data Security Standard V2.0.

Written in non-technical language, this easy-to-read pocket guide will teach you:

• Who needs to be PCI compliant
• Consequences of a breach
• How to comply with the standard
• PCI self-assessment questionnaire (SAQ) – including the new SAQ C-VT
• Procedures and Qualifications
• Overview of the Payment Application Data Security Standard

	PCI DSS A Pocket Guide, Second edition by Alan Calder & Nicki Carter Price: €11.95

Compliance by Design: IT controls that work

PCI DSS A Practical Guide to implementing and maintaining compliance

ITG PCI DSS Online Course, Staff Awareness Edition

Many would think that PCI DSS concerns only those that are involved in IT, but this is not true. PCI DSS concerns everyone involved in the project; which includes IT staff, Finance, HR and Senior Management alike.

	PCI Foundation Training Course – in London Price: £495.00 Special Online Offer: Book this course online and receive a free download of PCI DSS: a Practical Guide to Implementation, worth £29.95!