Visa: Post-breach criticism of PCI standard misplaced
- 20 March, 2009 07:37
- Comments
Visa's top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.
Speaking at Visa's Global Security Summit in Washington, Ellen Richey, the credit card company's chief enterprise risk officer, insisted that despite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) "remains an effective security tool when implemented properly."
Richey added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been "substantial progress" on the security front over the past year.
"I'm sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," Richey said, referring to the Heartland breach. "The fact is, it never should have" - and indeed wouldn't have if Heartland had been vigilant about maintaining its PCI compliance, according to Richey. "As we've said before," she continued, "no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach."
Pointing to Visa's decision last week to remove both of the breached payment processors from its list of PCI-compliant service providers, Richey said that Heartland would face fines and probationary terms that were proportionate to the still-undisclosed magnitude of the breach. "While this situation is unfortunate, it does not make me question the tools we have at our disposal," she said of the PCI rules.
Richey's defense of PCI DSS and criticism of Heartland come as Visa, which has taken the lead among credit card companies in seeking to enforce the standard, is itself facing some criticism over its enforcement actions.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Data breach? Here's what to do, when and how
- Q&A: Head of PCI council sees security standard as solid, despite breaches
- Heartland data breach sparks security concerns in payment industry
- Heartland data breach could be bigger than TJX's
- Visa drops Heartland, RBS WorldPay from PCI compliance list after breaches
- Banks, credit unions begin to sue Heartland over data breach
- What is the PCI Knowledge Base?
- How will CIOs meet growing Security Threats?
- Guidance for Calculation of Efficiency (PUE) in Data Centers
- Aberdeen Group Analyst Insight Report: Does Your Enterprise Have a “Dropbox Problem?”
- Securing SOA and Web Services with Oracle Enterprise Gateway
- Case Study: Keeping information on the move: Clearswift protects Maman, the logistics experts
-
Australia's first 4G smartphone is the HTC Velocity 4G
-
Social networking, ignorance, and apathy
-
China's Alibaba sees big growth with AliExpress site
-
10 Tips for Dealing with a Bully Boss
-
How to design a successful RACI project plan
-
Bend or break: Flexible Policy
DON’T. PANIC. Aligning business and IT needs has always been a challenge. Finding the right balance between ensuring the safety of sensitive data and enabling the free flow of information is increasingly difficult in today’s evolving regulatory and threat environment. Read on. -
Protecting Generation Web
From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on. -
So Long, Silos: Why Multi-Domain MDM Is Better For Your Business
Say “so long” to silos. This white paper explains why a multi-domain MDM solution is far better than single-domain, single-focused point solutions. You’ll learn what to look for in a multi-domain solution so you don’t outgrow it or are forced to purchase multiple products down the road. You’ll also get tips on how to select a multi-domain solution that can lead to multiple benefits over many years. The age of multi-domain MDM is here. See why you should say “hello” to it!
-
Microsoft Office
-
Windows 7 for Seniors for Dummies®
-
Excel 2007 All-In-One Desk Reference for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Office 2007 All-In-One Desk Reference for Dummies
-
Office 2007 for Dummies
-
Windows 7 for Dummies®
-
Teach Yourself Visually Windows 7
-
Computers for Seniors for Dummies, 2nd Edition
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment