JOHANNESBURG – Typically, any organisation that has a Payment Card Industry (PCI) requirement will automatically have a Protection of Personal Information (PoPI) requirement as well, for the simple reason that credit card data is personal information.
Given the ever-increasing rate of card fraud and identity theft, if businesses want to attract and retain customers, they’ll need to show those customers that they’re taking the right steps to minimise the risk of doing business with them.
That means prioritising PCI Data Security Standard (DSS) compliance – which is required of any organisation that processes, transmits or stores cardholder data – and then moving on to PoPI compliance.
Businesses will have an easier time doing it in this order, for the simple reason that the PCI requirements are clearly defined, explaining exactly what is required of an organisation in order to become and stay compliant.
Fortunately, achieving compliance isn’t as onerous as it may first appear, and once all of the processes and procedures are in place for PCI DSS compliance, it becomes a simple matter of adjusting scope instead of beginning the compliance procedure anew to meet PoPI’s requirements.