Join the Community

22,053
Expert opinions
43,987
Total members
381
New members (last 30 days)
184
New opinions (last 30 days)
28,690
Total comments

PCI compliance through the looking glass

This whole PCI DSS compliance thing is beginning to make my head hurt.

Here, Visa chief enterprise risk officer Ellen Richey says: "PCI DSS remains an effective security tool when implemented properly - and remains the best defense against the loss of sensitive data. No compromised entity to date has been found to be in compliance with PCI DSS at the time of the breach."

So neither Hearltand Payment Systems or RBS WorldPay were PCI-compliant when they were looted by Internet criminals earlier this year?

Well, er, yes...and no. Both had received certification from Visa, but that certification measures compliance only at the time of the audit.

It's a clever get-out for Visa, fearing repercussion from future legal tussles with banks and card customers. On the one hand, it can claim that the industry is working to clean up its act by enforcing the standard - and on the other, that compliance certification is worthless after the fact.

It's a distinction that would make Lewis Carroll proud.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,053
Expert opinions
43,987
Total members
381
New members (last 30 days)
184
New opinions (last 30 days)
28,690
Total comments

Trending

Now Hiring