Retailers don’t have a clue and it is indeed difficult to differentiate between vendors when everybody claims to be the best. Sometimes, security vendors take advantage of and get retailers precisely on their weak points. Not too many retailers understand what PCI compliance really means.
Here is an interesting headline, “Transaction Wireless First Cloud-Based Digital Giftcard Platform to Earn Highest PCI Level 1 Certification.” What is the vendor trying to say? That there are different levels and grades of ROC (Report on Compliance)? Or, is he just uninformed? First of all, PCI compliance is either a pass or a fail and that’s it. Secondly, it is not a certification but a compliance assessment.
Rather than educating and helping retailers pick the best solution for data security, vendors focus on selling compliance. A differentiator in their service or solution would be a better guide for retailers to pick the right security vendor.
For questions on data security and compliance in your environment, email firstname.lastname@example.org.