Gartner recently released their Retail Security & Compliance Survey 2011 that details the costs associated with becoming PCI compliant. Excluding the cost of assessors – these costs are estimated at $1.7 million over the survey period, 2.35 years. Level 1s  spent approximately $2.1 million on PCI compliance and Level 2-4s approximately $1.1 million. In the [...]

    Lunch & Learn Session Co-Sponsored by Host.net and StillSecure BOCA RATON, FL (March 10, 2011) – Learn how to protect your enterprise data against attacks, whether you’re housing it locally or in the cloud, in “Don’t Leave Your IT Security to Luck,” a lunch-and-learn session from 11:30am-1:30 pm on Thursday, March 17 being [...]

In today’s security world of ever changing threats, there are some threats that get overlooked by most IT professionals trying to secure their systems. Generally most threats target port 80(HTTP), 25(SMTP), and 21(FTP). Thus these common ports are the ones most defended, however, the overall feeling concerning 443(SSL”HTTPS”) is that the information passing through is [...]

Data breaches: 4 fundamental ways to shore up your defenses Insider (reg req’d): Better data security doesn’t have to be complicated or expensive. Try these four  fundamental improvements for preventing corporate data breaches. ‘Nightmare’ kernel bug lets attackers evade Windows UAC security Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that [...]

While listening to Dr. Anton Chuvakin (@anton_chuvakin) the other afternoon on a webcast and talking briefly with Joshua Corman (@joshcorman) the other week, I started to realize that the problem the merchant industry is dealing with around compliance vs. security isn’t really with the PCI DSS.  The PCI DSS is just about a goal – getting people [...]

We believe it’s time our industry stepped up to the plate.  Claims that technology products will make someone PCI compliant have to stop.  Hand waves towards compliance aren’t acceptable any more.  Companies that sit on both sides of the table – both auditor and service provider – are setting their clients up for failure and damaging the reputation of our industry.

PCI compliance is the best way to give companies a solid baseline for security moving forward – but only if it’s done correctly.  It’s no wonder that the distraction of the current solutions delude companies into thinking they are secure as a result of their compliance efforts.  Compliance should be achievable and manageable so companies aren’t distracted from taking true, measurable steps towards better levels of security.

And, that’s how PCI Complete was born. Out of the frustration and confusion that we were hearing from customers; out of the pain of melding a variety of solutions, processes, and personnel to solve a problem that has vexed the vast majority of merchants and transaction processors; and, out of the gap in the market – where no single, consistent PCI solution existed.