Managing PCI compliance in the era of IT consumerization

Managing PCI compliance in the era of IT consumerization

The advent of mobile devices in the consumer marketplace is creating a growing trend toward consumerization in enterprise IT departments. In turn, businesses are facing an increasingly complex regulatory environment that must manage device security on numerous platforms and reach out to consumers through both ecommerce and mcommerce channels without breaching PCI compliance standards.

A recent InformationWeek report highlights the case of a business that considered deploying an iPhone-based mcommerce platform to illustrate just how complex PCI compliance can get when dealing with mobile devices.

The company in the story was struck when a young intern started working and emailed the vice president wondering why the organization did not have a mobile-optimized site or application to sell its products on the iPhone. The vice president, like so many other current executives, happened to be quite interested in new technologies and was immediately captured by the idea of using the iPhone to support business goals.

The incident led to a long chain of emails between the vice president, the intern and the IT department discussing why there was not a platform to deploy an iPhone-based mcommerce solution. In this case, the idea was simply not on the radar. So the company did some extensive research, performed analysis and found the demand for an iPhone was not high among the organization's target audience, but the issue should be closely monitored for the future, the report said.

At this point, the report asked an interesting question by saying "how would your company have responded to the same intern?" The report warned that many organizations would move quickly to take advantage of the mcommerce platform and move to develop an application. This practice could be disastrous because a hastily developed program may not take PCI compliance into consideration, which could set the company up for a major compliance incident.

The moral of the story, according to the report, is that consumer technologies are inundating the enterprise space, and companies must respond by ensuring PCI compliance is a built-in part of every system used by each worker. Otherwise, they risk serious consequences.

A recent Javelin Strategy & Research report adds further emphasis to the importance of PCI compliance on mobile devices by emphasizing how important mcommerce is becoming. According to the report, mobile platforms are becoming a critical area for expansion, especially for financial institutions, and companies need to respond by marketing on the channel and developing systems that support the platform.