Thursday, June 18, 2009

PCI Standards "Inadequate"

SC Magazine reports that Paul Henry, security and forensic analyst at Lumension, claimed that breach after breach of credit card data has become all too commonplace, and PCI should raise the bar and increase the minimum acceptable standards to become compliant in light of these many failures.

Pointing to the Heartland incident, Henry stated that PCI had "failed to adequately address consumer risk by not mandating end-to-end encryption as part of its requirement, allowing the use of compensating controls in lieu of encryption in order to spare those under PCI requirements from the expense of properly securing the data they were entrusted to protect."

He concluded by claiming that PCI compliance is at risk of becoming nothing more then a form of "get-out-of-jail free card" for merchants and processors that meet a below grade standard in achieving PCI compliance.

No comments:

Web Analytics