Somerfield tests its payment card security

Somerfield tests its payment card security

PCI compliance can drive good corporate governance, says supermarket

Supermarket chain Somerfield has completed a risk assessment on its IT systems to ensure compliance with new payment card industry (PCI) standards.

By the end of 2007, any organisation that accepts payment card transactions must adhere to the PCI data security standard.

The assessments have had unexpected advantages, said Colin Clark, head of corporate business control at Somerfield.

"I've been very wary of wireless technology – the tests help me assess what was vulnerable and what wasn't, allowing us to use technology we were previously afraid of," he said.

The testing has given the Somerfield board confidence that the company is protecting its assets correctly.

Companies can be fined £30,000 a month if they do not comply with PCI regulations – as well as being denied the right to take credit card payments.

And it's in their best interests to comply, said Clark.

"This came through the door as PCI, but it's really just good corporate governance," he said.

Risk assessments were done by vendor Pentura.