Retail & IT Security

Getting compliant with Payment Card Industry Data Security Standards (PCI DSS) is no small feat, whether you're a neighborhood dry cleaner or a big-box retailer. That is the reason why companies, while doing their best to implement measures and technologies to meet the prescriptive 12-step requirement, are peppering the PCI Security Standards Council with questions for clarification and seeking whatever guidance they can get from their vendors and service providers.

Though the deadline for PCI-DSS has long since passed and compliance rates are finally rising steadily across businesses of all sizes, more rules are waiting in the wings. As of June 30, companies will be required to either have their custom applications reviewed for common vulnerabilities by a vendor, or deploy a web application firewall.

This latest requirement, in what is likely to be a long procession of them, means no quick end to the confusion. But new initiatives, such as a scaled-down self-assessment questionnaire customized to a company's size, are trying to simplify the process for businesses. And there are other steps and technologies to consider that can help mitigate compliance pain.

In this section, we take a look at IT security implementations in retail situations.