IT security may need more regulation!

IT security may need more regulation

While there are PCI compliance standards that eCommerce businesses need to adopt in order to accept credit card payments, an executive for SecureData Europe said IT security may need more regulation in general, according to CRN.

“Effectively people are choosing to self-regulate by saying ‘trust me, I'll do it in the right way', but very few do it the same way," Etienne Greeff, professional services director for SecureData, said in the news source. "IT security is a matter of national interest and infrastructure, and it is appropriate that IT systems are important to the national interest and that there are moves to do more and more."

He said while there are standards for payment by PCI DSS, there is no standard on how to use the information received from customers. He said the industry is completely un-regulated and said there needs to be an overseeing body.

Brian Honan from BH Consulting told SC Magazine many vendors are trying to move toward ISO 27001, an IT security standard applying to businesses at all levels. Companies need to make sure they are implementing the best security practices to safeguard payment processes, otherwise they risk losing customers to more reliable and secure businesses.