PCI DSS Compliance in a Changing Business Environment

Download the Output Report from this Corporate IT Forum workshop. The report has been produced from input from 23 corporate IT professionals representing 15 organisations from a wide cross-section of enterprises including media, financial services, retailing, utilities, a government body and transport & leisure.

Senior corporate IT professionals shared their experiences of their PCI DSS journey, from inception to business as usual (BAU). The discussion covered non-technical aspects such as outsourcing, awareness training, risk-based approaches, governance, call centre issues and voice recording. It also dealt with more technical aspects such as penetration testing, vulnerability testing, logging, enterprise architecture and network issues. The panel Q&A was wide ranging, and included contributions on the role of Merchant of Record, outsourcing, Web applications, subcontracting by third parties, e-commerce, merchant compliance reporting, the passing on of fines and compliance costs to the end consumer, and the expected cost of breaches.