- 1 Dec
Route-map to PCI DSS compliance
Retail-only solutions and service provider, Retail Assist, has formed a specialist team to project-manage the route to achieving and maintaining PCI DSS compliance in conjunction with its retailer clients.
By offering a dedicated resource to look at this critical subject, the company enables retailers to continue mainstream IT work without impact on inhouse staff. The team is headed by Retail Assist’s associate consultant, Geoff Clark. He believes that the greatest response will come from tier 2 retailers who have integrated systems and solutions but who lack the resources to concentrate on compliance as a separate exercise.
He explains “PCI DSS compliance is not an opt-in; it’s unavoidable. But, as frequently happens with legislative topics, the approach to compliance is not always obvious. We know that PCI DSS is on everyone’s agenda but, for some, it has no fixed time-line. Also, for more complex retail groups with multi-faceted architectures, the challenge is a significant one.”
Retail Assist has observed that many retailers are overwhelmed by the volume and complexity of information that exists on the subject, which rarely spells out the implications in retail business terms. The company believes that there is a need for practical advice and understanding of the impacts.
Continues Geoff Clark: “Whilst the fundamentals of credit card processing are common to all retailers, the way in which they are applied can vary and have compliance implications. Our USP is that we tell retailers what it means to them. We identify the hot spots and the likely practical implications, then work these through with the retailer to tailor-make the route to compliance.”
The initial phase of the project is a consultation meeting which explains the topic from a business perspective as opposed to banking terms. A pre-compliance audit is then conducted to assess the retailer’s exposure, based upon its solutions, processes and knowledge.
Retail Assist is already working on PCI DSS compliance with two of its clients in the apparel sector and is also offering the service to the wider market. “It’s clear that this can be useful to other retailers, so we’re extending it beyond our user base as a stand-alone project that retailers can contract for.”
Concludes Geoff Clark: “PCI DSS is not just about becoming compliant as a one-off project in the way that Year 2000 was; it’s about remaining compliant. Retailers need to be self-regulating and make sure their working practices and methodologies are compliant going forward. We can help them to achieve this.”