Skip to main content

PCI news & updates

According to this article on InformationWeek:

The Payment Card Industry Data Security Standard--known as PCI DSS, or just PCI--is meant to safeguard cardholder data. Yet, 67% of PCI-regulated companies are still not in full compliance with the standard.

At the same time, the PCI Council has pointed out that if you have a call-center that processes credit card data, it needs to be in scope.  

I'm firmly in the camp that PCI is "raising the security floor".  We know from experience that organizations that never would have before are deploying two-factor authentication to their infrastructure.  I think that two-factor authentication is, in particular, a technology that indicates a change in the market. Deploying strong authentication affects end-users, as opposed to deploying an application firewall, for example.  While great strides have been made, clearly, the PCI effort still has a long way to go. 

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom