Visa: Post-breach criticism of PCI standard misplaced
- 20 March, 2009 07:37
- Comments
Visa's top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.
Speaking at Visa's Global Security Summit in Washington, Ellen Richey, the credit card company's chief enterprise risk officer, insisted that despite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) "remains an effective security tool when implemented properly."
Richey added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been "substantial progress" on the security front over the past year.
"I'm sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," Richey said, referring to the Heartland breach. "The fact is, it never should have" - and indeed wouldn't have if Heartland had been vigilant about maintaining its PCI compliance, according to Richey. "As we've said before," she continued, "no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach."
Pointing to Visa's decision last week to remove both of the breached payment processors from its list of PCI-compliant service providers, Richey said that Heartland would face fines and probationary terms that were proportionate to the still-undisclosed magnitude of the breach. "While this situation is unfortunate, it does not make me question the tools we have at our disposal," she said of the PCI rules.
Richey's defense of PCI DSS and criticism of Heartland come as Visa, which has taken the lead among credit card companies in seeking to enforce the standard, is itself facing some criticism over its enforcement actions.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Data breach? Here's what to do, when and how
- Q&A: Head of PCI council sees security standard as solid, despite breaches
- Heartland data breach sparks security concerns in payment industry
- Heartland data breach could be bigger than TJX's
- Visa drops Heartland, RBS WorldPay from PCI compliance list after breaches
- Banks, credit unions begin to sue Heartland over data breach
- What is the PCI Knowledge Base?
-
The NBN, service providers and you... what could go wrong?
-
NBN build gaining momentum daily: Quigley
-
FTC chairman: Do-not-track law may not be needed
-
Kindle sales soar but Amazon mum on actual numbers
-
Wall Street Beat: IPOs, M&A, chip news stir tech optimism
-
Teach Yourself Visually Wordpress
-
Microsoft Office 97 for Windows for Dummies Quick Reference
-
Red Hat Linux Networking and System Administration, Third Edition
-
Marketing for Dummies
-
Windows Vista Sidebar
-
Flash MX Bible
-
Iphone SDK Programming - Developing Mobile Applications for Apple Iphone and iPod Touch
-
Introduction to Programming and Object-oriented Design Using Java 2E Java 5.0 Version Wileyplus/WebCT Standalone Card
-
Introducing Mudbox
Comments
Post new comment