Security rules are wonderful things, and nowhere are they more needed than in retail and payment-card data. But a common criticism of the organization handling such matters—the PCI Council—is that it delivers security edicts in a vacuum, with minimal regard to how different types of merchants function in the so-called real world. Such critics were given three golden examples this month. The examples, in the areas of cloud guidance, P2PE validations and Windows XP end of life, illustrate the types of collisions that are inevitable when committees seeking ideal security approaches run into chains with razor-thin margins (or losses), workforce reductions and store closings. Put more bluntly, it's the age-old battle of the ideal versus the pragmatic.
This is explored in StorefrontBacktalk's February monthly column in Retail Week, the U.K.'s largest retail publication. The column lives here at Retail Week. For those who don't have a Retail Week subscription—shame on you!—here's a