Community
This whole PCI DSS compliance thing is beginning to make my head hurt.
Here, Visa chief enterprise risk officer Ellen Richey says: "PCI DSS remains an effective security tool when implemented properly - and remains the best defense against the loss of sensitive data. No compromised entity to date has been found to be in compliance with PCI DSS at the time of the breach."
So neither Hearltand Payment Systems or RBS WorldPay were PCI-compliant when they were looted by Internet criminals earlier this year?
Well, er, yes...and no. Both had received certification from Visa, but that certification measures compliance only at the time of the audit.
It's a clever get-out for Visa, fearing repercussion from future legal tussles with banks and card customers. On the one hand, it can claim that the industry is working to clean up its act by enforcing the standard - and on the other, that compliance certification is worthless after the fact.
It's a distinction that would make Lewis Carroll proud.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
25 November
Vitaliy Shtyrkin Chief Product Officer at B2BINPAY
22 November
Kunal Jhunjhunwala Founder at airpay payment services
Shiv Nanda Content Strategist at https://www.financialexpress.com/
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.