Posted by:
admin
12 years, 3 months ago
The Atlanta-area transit authority was forced to accept only cash due to software errors it blamed on their efforts to meet PCI compliance.
I haven't blogged about PCI compliance in a while. Of course, we have a lot of customers that use WiKID to meet the two-factor authentication requirement 8.3 and we still get a number of customers deploying two-factor authentication for the first time (though increasingly they are switching from a more expensive competitor). But really, it seemed like most of the organizations that needed to be compliant were.
It brings back that old debate of whether PCI is a floor or a ceiling. Many infosec professionals and analysts are aware of companies that look at PCI and do that and only that. Some have said they know of companies that reduce their security to PCI levels.
That may be the case, but at WiKID, we see the other side: companies now increasing their security spend to meet PCI. These are often smaller companies or newer retailers. We may have a biased view, but I think there are far more companies that don't have security professionals and don't use infosec analysts than those that do. So I think PCI has increased overall security.
That being said, PCI needs to keep raising the bar. The MARTA situation shows that there are still some major holes as well.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)