Personal tools
You are here: Home wikidblog Visibility & PCI Security
« August 2008 »
Mo Tu We Th Fr Sa Su
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Recent comments
Re:Security and Oil admin Apr 25, 2008
Re:Security and Oil Paul feet Apr 24, 2008
Re:100% open source admin Apr 22, 2008
Re:100% open source Adam Apr 22, 2008
Re:Capital Gains Tax Rates and Entrepreneurs Lance Oct 23, 2007
 
2007/03/02

Visibility & PCI Security

I'm a fan the PCI security standard from Visa, Mastercard and American Express. It is a tight in all the right ways and loose in the right ways. It tells credit card processors and merchants explicity that they must use two-factor authentication for remote access, but nothing more. If PCI has a problem, it is that it will be too little too late to protect card holder data and stave off regulation. The structure of the credit card industry makes it tough for it to be otherwise. Will making retailers liable for credit card breaches help? I'm not sure.

To me one of the biggest problems is a lack of information regarding the security practices of credit card processors and merchants. Is there a place we can go to see if the credit card processor we're considering has passed their PCI audit? If my processor fails their PCI audit, are they required to notify me and their other merchants?

The credit card industry is a duopoly at the top, with Visa by far the biggest. They can make this kind of change happen. While they risk angering their customer, it will probably be better than more regulation.

Category(s)
Security and Economics
Phishing and Fraud
PCI
The URL to Trackback this entry is:
http://www.wikidsystems.com/WiKIDBlog/visibility-pci-security/tbping

Re:Visibility & PCI Security

Posted by Anonymous User at Mar 23, 2007 11:58 AM
The problem with the Visa PCI standard is that Visa/MC have a vested interestedin keepin gthe business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It take a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.

Re:Visibility & PCI Security

Posted by Bad Credit Loan at Aug 01, 2007 04:05 PM
I too am for the tightening of credit card security. The number of fraud cases caused by lax credit card security is on the rise even with these new changes. I believe a bit more responsibility has to be pushed to the retailer as some retailers don't even check signatures at this moment.
Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

(Required)
(Required)
(Required)
(Required)
This helps us prevent automated spamming.

Start using WiKID today
Got Questions? Get Answers.