In the era of three letter acronyms – many of which have spawned billion dollar industries – it turns out that reputation is a critical motivator for investments in IT, legal and compliance.
One of these acronyms is PCI – the Payment Card Industry Standard. In short, if you are a retailer or merchant processing credit or debit cards, you need to comply or get fined. But the real motivator is loss of reputation. As Michael says:
PCI is good, strong, it has the right ideas and motives, but it doesn’t cost enough to ignore. £500,000 isn’t enough for a big push, or even the big publicity to generate more talk around a big push. The loss of brand reputation absolutely is.
Just look at the TJMax case. The reputational damage is now in the extreme and a major communications issue. I wonder how many communications teams are working with the IT teams on crisis planning related to IT compliance? If not, get going…
Hey – no mention of NZ today!
There are many reasons to comply with PCI and one of them is brand reputation. There are several companies who qualify as a Level 2 or 3 but choose to validate as a Level 1 in order to reduce their risk and protect their brand.