In recent articles Digital Transactions News, the electronic news source for covering the payment card industry, interviewed Volubis CEO Michael Dahn.

One interview addresses Dahn as a PCI expert and reports on the increating rate of compliance for merchants.

“For large organizations, they are facing a really complex system,” he says. Many aren’t aware, for example, of the standard’s allowance for so-called compensating controls, which permit merchants to satisfy certain rules using less costly measures. One merchant, for example, met a requirement for file-integrity monitoring, which could have triggered huge software costs, by using “an open-source product that did not require them to incur a per-license fee,” making it cheaper to install on the company’s multiple servers, Dahn says.

One interview covered large point-of-sale (POS) merchants that are seen as a large risk to the payment card industry. They are not being addressed with the change in Visa USA’s merchant levels.

With Visa USA this week introducing a revision of the volume bands by which it groups merchants for PCI compliance, the card association’s data-security rules now encompass all or most large brick-and-mortar retailers, forcing them to meet more stringent PCI validation requirements, including at the least self-assessments to certify compliance, says Michael Dahn, president of Volubis Inc., a San Francisco company that has contracted with Visa to help train PCI assessors and educate merchants on the standard. The change took effect July 18.

Bookmark to:
          

This entry was posted Monday, August 14th, 2006 at 12:25 pm and is filed under PCI DSS. You can leave a response, or trackback from your own site.