Is PCI DSS enforcement is only banking companies?
No, PCI DSS compliance may not be limited to Banking and Payment Card companies. It may be enforced for any company handling customer credit card data. You can see now, even Sony PlayStation network is attacked and data thieves have stolen a large amount of customer credit card data.
This is not to scare the companies, but to educate about customer data security. Data thefts may not stop in the near future and get restricted to only one set of companies. The thieves may shift the target one set of companies to the other set. They will look out for credit card data, irrespective of the type of company they breach. Your company should not become a victim. This is what Visa executive has to say about the recent Sony PlayStation network data breach.
Small and medium companies are not afford to take chance and go out of business. As the adage 'Prevention is better than cure' goes, be wise to prevent. Set your security policy fool proof and get it implemented. Get compliant with regulations like PCI DSS to reduce your risk of customer data theft.
ManageEngine EventLog Analyzer offers pre-built compliance reports for PCI DSS as part of the security offering to fortify your network security. Have a look at it.
This is not to scare the companies, but to educate about customer data security. Data thefts may not stop in the near future and get restricted to only one set of companies. The thieves may shift the target one set of companies to the other set. They will look out for credit card data, irrespective of the type of company they breach. Your company should not become a victim. This is what Visa executive has to say about the recent Sony PlayStation network data breach.
Small and medium companies are not afford to take chance and go out of business. As the adage 'Prevention is better than cure' goes, be wise to prevent. Set your security policy fool proof and get it implemented. Get compliant with regulations like PCI DSS to reduce your risk of customer data theft.
ManageEngine EventLog Analyzer offers pre-built compliance reports for PCI DSS as part of the security offering to fortify your network security. Have a look at it.
In the UK, and for companies trading in the UK (such as Sony), PCI-DSS is not optional and must be enforced. The level of compliance varies depending on the number of transactions that take place as opposed to the total value of those transactions. So companies with very high value goods and a smaller rate of transactions may follow a lower standard of security than ones with low value, but higher transaction rates. It is important to remember that the security of the network is also a critical part of PCI-DSS, so Sony may be required to proved that they had taken adequate steps to secure theit network - the fact that it was breached makes me wonder what the outcome might be. (As an aside, I would be interested to see if they are prosecuted under the UK's Data Protection Act for failing to take good care of details in their care.)