« Podcast: Security as a Service, An Idea Whose Time Has Come: A Discussion With Alert Logic | Main | Phishing Targets High Level Executives »

According to Infoweek, the Payment Card Industry (PCI), and the severe fines they have levied against companies, has become one of the primary motivations for companies to protect their data. And if that's not convincing enough, the seemingly unending bad publicity and ever-mounting costs of the TJX data breach should be more than enough.

"TJX is the new poster child for why PCI compliance is essential," says George Peabody, director of the emerging technologies advisory service at Mercator Advisory Group, which specializes in research and consulting for the payments industry.

Large payment processing firms, such as Intuition Systems, are trying to get the jump on the PCI compliance requirement that is coming in 2008 and will require organizations to use application firewalls. Where a network firewall primarily blocks malicious data traffic, an application firewall provides information about requests coming into their Web applications.

Intuition, which uses Imperva's SecureSphere Web app, has reportedly spent $250,000 on hardware and software need to achieve PCI compliance, which does not include labor costs associated with implementing the technology. TJX's data breach was primarily the fault of not being PCI complaint, and as I blogged recently, their recent first quarter earning reported a $12 million loss because of the breach, but that number is expected to escalate (some have said into the billions).

But even as is, $250,000 give or take, vs $12 million and up, including all the negative publicity, it just doesn't add to be PCI noncompliant.

Have a great Memorial Day weekend, all.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1916