Skip to main content

PCI compliance in the local news

The Atlanta-area transit authority was forced to accept only cash due to software errors it blamed on their efforts to meet PCI compliance.

MARTA passengers had to rely on only cash to purchase fares over the Labor Day holiday weekend, when a software problem wouldn’t allow Breeze cards to be used. The agency said earlier this week that the problem might involve software used to help make the Breeze card system compliant with major credit and debit card companies’ security requirements.

I haven't blogged about PCI compliance in a while.  Of course, we have a lot of customers that use WiKID to meet the two-factor authentication requirement 8.3 and we still get a number of customers deploying two-factor authentication for the first time (though increasingly they are switching from a more expensive competitor).  But really, it seemed like most of the organizations that needed to be compliant were. 

It brings back that old debate of whether PCI is a floor or a ceiling. Many infosec professionals and analysts are aware of companies that look at PCI and do that and only that.  Some have said they know of companies that reduce their security to PCI levels. 

That may be the case, but at WiKID, we see the other side: companies now increasing their security spend to meet PCI.  These are often smaller companies or newer retailers. We may have a biased view, but I think there are far more companies that don't have security professionals and don't use infosec analysts than those that do.  So I think PCI has increased overall security. 

That being said, PCI needs to keep raising the bar.  The MARTA situation shows that there are still some major holes as well.

 

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom