The Payment Card Industry Security Standards Council has only been a recognised entity for three years. In this short time compliance to its 12 step Data Security Standard model (PCI DSS) has helped improve the integrity of data on a global scale.

The PCI DSS is quite clear as to exactly what kinds of data need to be protected and this simplicity is one of its most powerful aspects. Protection of cardholder data, personal health information and personally identifiable information are of course key to proper data security. However, data protection under the PCI DSS regulations is not solely based on knowing which kinds of data to protect. It is also about accurate data tracking within a business network as a whole.

Dave Mortman, writing for Security Search, stipulates that proper data management in the PCI is far from solely the concern of IT departments. The technology can only go so far to prevent data becoming compromised. To properly comply with the PCI DSS it is necessary to factor in the human element. Electronic storage and security solutions will use data in a predictable and consistent way. Employees on the other hand will often handle and use data in unique and unimaginable ways. As such, a healthy dialogue created via meetings and interviews will construct a better understanding of the data integrity within your own business.

The fact that some, if not all, of the companies involved in this fraud case were PCI DSS compliant before the attacks sparked questions about efficacy of PCI regulations. Steve Dauber, vice president of marketing at RedSeal, noted that PCI audits are only the beginning.

“PCI is actually a pretty reasonable set of basic security recommendations,” he said. “The problem is that businesses mistake passing a PCI audit with being PCI compliant. Audits aren’t comprehensive by nature— they will never catch every potential error in implementation. More importantly, audits occur at a point in time, but your IT infrastructure changes constantly. So even if you do pass your audit, you may fall out of compliance the next week. If you want to benefit from PCI, you need to maintain compliance both comprehensively and continuously”.