IDG Contributor Network: What’s next in payment security?

There’s a revolution going on the payment technology space right now, no doubt about it. However, it’s vitally important for businesses to embrace payment security innovations at the same time and at the same pace. Hardware-based POS terminals and infrastructure are quickly being replaced with faster, more open, more mobile and more software-oriented payment solutions. These innovations bring convenience to customers and in the process, raise revenue for businesses.

New entrants are building much of this software with little or no traditional payment processing or payment security experience. For conventional payment processing companies, the software and systems they are creating are based on open operating systems and Internet connectivity which may be new for them. At the same time, all of this constant newness and interconnectedness is stressing security teams. It’s no wonder that breaches are happening at an alarming and growing rate.    

Over the past few months, people have been asking me what I think is going on with compliance and where I think things are headed. I believe three fundamental changes are going on in payment security that every card-accepting business and payment solution provider must know.

Certified security solutions vs. DIY compliance

The first thing to be aware of is that compliance is solutionizing. While it’s been happening for a while, the pace is picking up. The PCI Data Security Standard (DSS) is made up of roughly 335 security controls that card-accepting businesses are required to be compliant with 365 days a year. Most companies have tried to comply by following each requirement to secure their cardholder data environment. I call this DIY (do it yourself) Compliance. With DIY Compliance, businesses do their best to purchase and configure payment solutions and to secure their networks and workstations.