Visa: Post-breach criticism of PCI standard misplaced
- 20 March, 2009 07:37
- Comments
Visa's top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.
Speaking at Visa's Global Security Summit in Washington, Ellen Richey, the credit card company's chief enterprise risk officer, insisted that despite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) "remains an effective security tool when implemented properly."
Richey added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been "substantial progress" on the security front over the past year.
"I'm sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," Richey said, referring to the Heartland breach. "The fact is, it never should have" - and indeed wouldn't have if Heartland had been vigilant about maintaining its PCI compliance, according to Richey. "As we've said before," she continued, "no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach."
Pointing to Visa's decision last week to remove both of the breached payment processors from its list of PCI-compliant service providers, Richey said that Heartland would face fines and probationary terms that were proportionate to the still-undisclosed magnitude of the breach. "While this situation is unfortunate, it does not make me question the tools we have at our disposal," she said of the PCI rules.
Richey's defense of PCI DSS and criticism of Heartland come as Visa, which has taken the lead among credit card companies in seeking to enforce the standard, is itself facing some criticism over its enforcement actions.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Data breach? Here's what to do, when and how
- Q&A: Head of PCI council sees security standard as solid, despite breaches
- Heartland data breach sparks security concerns in payment industry
- Heartland data breach could be bigger than TJX's
- Visa drops Heartland, RBS WorldPay from PCI compliance list after breaches
- Banks, credit unions begin to sue Heartland over data breach
- What is the PCI Knowledge Base?
- Managing Data Storage in the Public Cloud
- Cost Effective Security and Compliance with Oracle Database 11g Release 2
- Case Study: Fairbrother constructs a reliable backup platform across its remote Branch Locations
- Case Study: BNP Paribas Deploys Oracle Exadata to Accelerate Information Processing - The Hardware Perspective
- Email Encryption/Decryption and Signing integrated into a comprehensive content security solution
- iPhone 5 rumour rollup for the week ending February 10
- 3D mapping revives underwater city
- Academic challenges Turnbull over NBN satellite criticism
- What are you saying: Telstra’s customer service slowly improving, SA minister urging Facebook to overturn its photo ban
- In pictures: Capgemini opens new Canberra office
-
Maingear's six-core laptop has 1.8TB of SSD storage
-
After Megaupload shuts, BTJunkie follows
-
Windows Event Viewer phishing scam remains active
-
NeuroSky MindWave: Fun with Brainwaves
-
20 popular Ubuntu Linux apps you may want to try
-
Windows 7 for Seniors for Dummies®
-
Office 2007 All-In-One Desk Reference for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Computers for Seniors for Dummies, 2nd Edition
-
Microsoft Office
-
Office 2007 for Dummies
-
Windows 7 for Dummies®
-
Windows 7 for Dummies® Dvd+book Bundle
Comments
Post new comment