Skip to content. | Skip to navigation

Sections

Personal tools

You are here: Home → wikidblog → Problems with the PCI security standard

Recent entries: Redhat & Fedora hacked admin Aug 25, 2008; Two-factor for the cloud admin Aug 15, 2008; Debunking "Two-Factor Authentication Debunked by TSB Phish" admin Jul 02, 2008; New Howtoforge article - Postgresql admin Jul 02, 2008; World of Warcraft gets two-factor authentication - your bank won't follow admin Jul 01, 2008

Recent comments: Re:Security and Oil admin Apr 25, 2008; Re:Security and Oil Paul feet Apr 24, 2008; Re:100% open source admin Apr 22, 2008; Re:100% open source Adam Apr 22, 2008; Re:Capital Gains Tax Rates and Entrepreneurs Lance Oct 23, 2007

2007/03/27

Problems with the PCI security standard

Mark Curphey has some thoughts about the problems with the PCI security standard and it looks like he is just getting started. I would like to also point out a comment left by an anonymous poster (probably because he or she makes a living doing PCI audits) in a previous post on PCI:

The problem with the Visa PCI standard is that Visa/MC have a vested interested in keeping the business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It takes a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.

I recognize that there are problems with PCI, yet to me, it seems like it is the best of what is out there, especially when compared to something like HIPAA. While all the parties are interested in keeping the money flowing, they are also interested in avoiding excessive regulation and liability.

Category(s): Security and Economics; Two Factor Authentication; Information Security

The URL to Trackback this entry is:: http://www.wikidsystems.com/WiKIDBlog/problems-with-the-pci-security-standard/tbping

Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

Author (Required)

EMail (Required)

URL

Title (Required)

Comment (Required)

Remember your information on cookie?

Verification Code

This helps us prevent automated spamming.

Captcha Image

Categories: Security and Economics (78); Two Factor Authentication (127); Authentication Attacks (53); Phishing and Fraud (86); Miscellaneous (90); WiKID (63); Information Security (64); Strong Authentication (24); Open Source (32); Mutual Authentication (38); Transaction Authentication (11); Wireless, cellular, mobile devices (6); PCI (23)

Feeds and Bookmarks: Digg this!; Del.ico.us; Google; Yahoo bookmarks; Reddit; Spurl; Simpy

Start using WiKID today

Recent Changes: How to configure WiKID for Replication Aug 29, 2008; Installation Documentation Aug 29, 2008; How can I test if the server is working correctly? Aug 27, 2008; Redhat & Fedora hacked Aug 25, 2008; Two-factor for the cloud Aug 15, 2008; All recent changes…

Got Questions? Get Answers.