Why PCI Is Good For Business

Time to take a step back and look at PCI. We all know and love it, or love to hate it for various reasons, but I’d like to go back to the roots of it all and ask one question, “What is PCI for?” The simple answer that I can get on board the most with is that it’s to promote spending by increasing consumer confidence. So the obvious goal is to reduce account take-overs, and information disclosure wherever possible - not necessarily to eliminate it, but to increase buyer confidence by lowering the statistical probability that they will be compromised by purchasing online.

I’ve always been an advocate of increasing the potency of PCI by making it more stringent for which I have been told I am anti-business. Not exactly. Let’s use an example. Let’s say I’m mega huge company-A and I follow every security restriction on the planet that I can to ensure that data isn’t leaving our site, but meanwhile mega huge company-B is doing nothing, or the bare minimum. Since we will most likely share a great deal of users if we have any amount of web presence company-A is now at the mercy of company-B. Users tend to use the same passwords, answer the same answer to secret questions and so on, so once a user on company-B is compromised, they are also compromised on company-A. Same exploit another day.