[attach id=254066 size="medium"]Trevor Axiak, director at Kyte Consultants.[/attach]

In the last 12 months, Kyte Consultants, a firm specialising in PCI DSS compliance and certification, has seen a rapid increase in the number of companies wanting to become compliant and in general taking compliance, as a process, on board.

PCI DSS is a standard developed by the major card brands and is intended to set a baseline in terms of the minimum controls to be in place to secure credit card data.

Complying with PCI DSS standard is mandatory for all entities storing, processing or transmitting credit card transactions.

Companies falling within the scope of PCI DSS are required to validate their compliance status every year. The type and volumes of credit card processed dictate whether an audit or a self-assessment is required.

Kyte Consultants, as the only qualified security assessor in Malta, has been successful in helping many local merchants, payment gateways and banks achieve compliance and has also issued certifications. It has also been entrusted with the certification of many companies outside Malta, and the number is on the rise.

Trevor Axiak, director at Kyte Consultants believes that the company’s success in attracting these clients has been primarily a result of its ability to understand the needs and limitations of small companies, especially in the context where the requirements for compliance are the same for all, irrespective of the size of the organisation.

A small company with limited resources might have less complex systems, but at the same time does not have the luxury to outsource or purchase products or services to meet the standard’s requirements.

A contributing factor to the increasing number of companies going for certification has been the tightening of client acceptance procedures by banks and service providers in general.

Being certified as PCI DSS compliant is not only a mark of achievement, but also a necessary passport for the company to be allowed to do business with other companies. Recent security breaches, especially those involving credit card data, have made companies averse to doing business and sharing data with non-compliant entities.

Kyte Consultants is also pleased to note that whereas complying to the standard has for years been seen by many as a painful and complex yearly exercise, the perception is now changing to one where compliance is built into the company as a business process and an exercise that gives value to the company both from an information security point of view but also in terms of brand reputation.

Version 3 of the PCI DSS standard is expected to be rolled out at the end of the current year and one should expect to see new requirements addressing emerging technologies such as virtualisation and cloud computing.

These subjects are currently problematic areas in terms of compliance as understanding and auditing such systems present many challenges.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.