Skip to main content

visibility-and-pci-security

(0 comments)

I'm a fan the PCI security standard from Visa, Mastercard and American Express. It is a tight in all the right ways and loose in the right ways. It tells credit card processors and merchants explicity that they must use two-factor authentication for remote access, but nothing more. If PCI has a problem, it is that it will be too little too late to protect card holder data and stave off regulation. The structure of the credit card industry makes it tough for it to be otherwise. Will making retailers liable for credit card breaches help? I'm not sure.

To me one of the biggest problems is a lack of information regarding the security practices of credit card processors and merchants. Is there a place we can go to see if the credit card processor we're considering has passed their PCI audit? If my processor fails their PCI audit, are they required to notify me and their other merchants?

The credit card industry is a duopoly at the top, with Visa by far the biggest. They can make this kind of change happen. While they risk angering their customer, it will probably be better than more regulation.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom