Comprehensive Security: Going Beyond the First Lines of Defense
Senior retail managers who have relegated PCI compliance responsibility to lower levels of the organization may be missing a critical opportunity to protect and even grow the business. Evidence is ample that, even after a months-long audit, attaining PCI-DSS compliance certification does not even guarantee that the enterprise was completely compliant at that moment. Retailers must adopt the mindset that data security is a critical and constantly moving target, and devote sufficient resources to developing a comprehensive framework to continually assess and address risk. A well-thought-out, comprehensive security plan can not only protect the enterprise from risk, but also reduce costs by abandoning a patchwork approach and enable innovation by providing a secure environment in which to develop new initiatives.