Visa: Post-breach criticism of PCI standard misplaced

Chief risk officer: No breached companies have been compliant with the data security rules

Jaikumar Vijayan (Computerworld)
20 March, 2009 07:37
Comments

Page:

1
2
next >

Visa's top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.

Speaking at Visa's Global Security Summit in Washington, Ellen Richey, the credit card company's chief enterprise risk officer, insisted that despite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) "remains an effective security tool when implemented properly."

Richey added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been "substantial progress" on the security front over the past year.

"I'm sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," Richey said, referring to the Heartland breach. "The fact is, it never should have" - and indeed wouldn't have if Heartland had been vigilant about maintaining its PCI compliance, according to Richey. "As we've said before," she continued, "no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach."

Pointing to Visa's decision last week to remove both of the breached payment processors from its list of PCI-compliant service providers, Richey said that Heartland would face fines and probationary terms that were proportionate to the still-undisclosed magnitude of the breach. "While this situation is unfortunate, it does not make me question the tools we have at our disposal," she said of the PCI rules.

Richey's defense of PCI DSS and criticism of Heartland come as Visa, which has taken the lead among credit card companies in seeking to enforce the standard, is itself facing some criticism over its enforcement actions.

Page:

1
2
next >

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Fifth Third Bancorp, Visa, Worldpay

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"{A friend linked me to this resource."

The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."

Apple and Google disagree over licensing of essential patents
"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch

Tags: pci standard, security breach, visa

Latest Blog Posts

Whitepapers

IBM zEnterprise System Brings Hybrid Computing Capabilities to Midsize Organisations
This paper focuses on the IBM z114 cross-tier solution, which brings IBM AIX Unix and Linux workloads into the mix, with Microsoft Windows support to follow in the future. This blended approach to computing allows workloads running on any of those operating systems to communicate more quickly and effectively with the System z, producing business benefits from the orchestration, or coordination, of management for all of the workloads running across all of the linked platforms.

Learn more »
The State of Data Security
Recognize how your data can become vulnerable, including the latest issues stemming from unprotected data on mobile devices and social media sites. Understand the compliance issues involved, and identify data protection strategies you can use to keep your company’s information both safe and compliant.

Learn more »
A buyer’s guide to application lifecycle management (ALM) solutions
This buyer's guide describes the key criteria for application lifecycle management (ALM) solutions for today's high-performance teams. It includes key considerations for enhancing your single- or multi-vendor ALM environment.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Fibre Channel over Ethernet in the Data Center: An Introduction

Fibre Channel over Ethernet (FCoE) is a newly proposed standard that is being developed by INCITS T11. The FCoE protocol specification maps Fibre Channel natively over Ethernet and is independent ...

Recent comments

"{A friend linked me to this resource."
The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."
Apple and Google disagree over licensing of essential patents
"As are ours."
Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."
FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."
QLD govt demands answers after pay glitch

HP and IDG news, product videos and resources

Follow CIO

Market Place

How does Gartner rank ALM providers? Download the analysis report

Application Lifecycle Management Zone - Whitepapers | Videos | Events | e-books | Case Studies and more. Visit the Zone

Improving Storage Efficiencies with Data Deduplication and Compression - Download free resource

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Visa: Post-breach criticism of PCI standard misplaced

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Internode, iiNet improve results in customer satisfaction survey

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

Apple and Google disagree over licensing of essential patents

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Fibre Channel over Ethernet in the Data Center: An Introduction

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses