Australia lagging in data security compliance: PCI Security Standards Council

Lack of fines and public naming and shaming to blame for Australia's lag in adopting measures to protecti customers from credit card breaches.

Tim Lohman 21 May, 2009 13:43:00

Tags: data security, pci standard

A lack of financial penalties and a mandate to publicly admit data breaches may be clouding the real state of credit card payment and customer information security in Australia, according to a senior executive from the Payment Card Industry (PCI) Security Standards Council.

In Australia for the AusCERT conference this week, Bob Russo, general manager at the Security Standards Council, said the industry group had identified Australia as lagging behind in the adoption of its Data Security Standard (DSS) aimed at protecting customers and brand reputations from credit card breaches.

“Australia is one of the countries we have targeted this year to make sure there is awareness here, and better adoption in the area,” he said.

Russo said a major contributor to the lag in DSS adoption was the lack of local laws mandating that an organisation must publicly declare any breaches in the security of its customer records.

"One of the biggest differences between North America and here is that [North Americans] tend to publicise all the breaches we have," he said. "Consequently, there is a lot of awareness in North America, as opposed to Australia, where breaches are not well publicised at all,” he said.

Additionally, a lack of significant fines, levied by financial institutions on their merchants for any breach in the security of customer records, has resulted in there being no impetus for adopting the PCI security standard, Russo said.

“[Merchants] haven’t seen any fines yet, so there is really no ROI there for them when they go to management and say they have to spend money to comply with the [PCI standard],” he said. “As there doesn’t seem to be any reports on [security] compromises, then the ability to affect brand reputation isn’t there.”

itdrilldown
comments

However, Russo said it was likely that financial institutions would soon begin levying fines on merchants for non-compliance of the PCI standard.

“Consumers are getting smarter and if they find out their information has been breached by a merchant at some point there is a good possibility that they will not frequent that merchant,” he said. “Merchants should be looking at this as a grace period to get themselves prepared and compliant.”

Internationally, increasing numbers of financial, and related organisations -- such as network providers -- were realising the benefits of the PCI standard, Russo claimed.

When the PCI Council formed in September 2006 it had five core members -- American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa. , Russo says the organisation now has some 500 participating organisations.

“We have found in the US that no merchant who has been compliant has been breached, and if they have been breached they were not compliant at the time of the breach,” Russo said.

See also the Security Standards Council's Six steps towards PCI DSS compliance.

References

More about etwork, Visa, American Express, CERT

Comments

Sat, 17/10/2009 - 01:37 — sem (not verified)

Data Protection

I would be curious to know if identity theft is a larger issue in America than it is in Australia. If not, then Australia's government is not doing a very effective job in safeguarding its citizens. Companies are not affected financially if a hacker steals client information to use elsewhere, because unless that hacker is caught, the security breach will never be traced back to the company. It is the government’s job to make it the law that business owners must have quality data protection software that keeps client information safe from hackers and criminals. Without this law, businesses have no financial incentive to spend money on data protection software.

Wed, 02/09/2009 - 19:26 — Sports betting (not verified)

I think, that's should be OK,

I think, that's should be OK, if you try found Zespół na wesele and try liten songs, who is priority of the best your widding time :).
Nice post
Regards

Post new comment

Whitepapers

Articles

Testimonials

Austin Health Case Study:
- Kyocera came out the clear winner.
SWARH Rural Health Case Study:
- After short listing 3 suppliers - Country Wide Technologies (Lexmark), Canon, and Kyocera - Kyocera came out on top and were selected as the sole supplier, replacing Lexmark after four years on contract. Read more on why Kyocera was the right choice.
Kyocera and the Australian Mint:
- Read more on how Kyocera's reliability has been proven at The Australian Mint.
Health Sector Case Study:
- Switched to Kyocera in 2001 - clear winner on total cost of ownership and we've continued to buy them ever since. Read more on how Kyocera continues to deliver.
Harmony Case Study Government Security 2008:
- Kyocera on the NIST Security Checklist

Wondering how to improve your business with UC on an IP Network?

Join Computerworld's Live Webinar where we will address the move many companies are making towards IP based voice services (SIP trunking, VoIP) and look at how they are using a single connection for data and voice rather than separate lines. Learn about the latest in IP networks and how it can help your organisation.

Wednesday 25th November 2009, Time 10.30 am EST (Sydney, Australia) Screening at your desk

Register now

+

CIO Industry Insight Podcast #6: Brenton Smith, Managing Director, CA (ANZ) 26 October, 2009 12:47:52

CIO Australia Editor Matt Rodgers talks with Brenton Smith, CA's managing director in Australia and New Zealand, about how the software multinational coped with the global economic downturn, it's Mainframe 2.0 initiative and the company plans for cloud computing.

[ MP3 (3.78 MB) | Windows Media (3.85 MB) ]
+

CIO Live Podcast #88: Mark Toomey, author of Waltzing with the Elephant: A Comprehensive Guide to Directing and Controlling Information Technology 24 September, 2009 11:55:25

CIO Australia Editor Matt Rodgers interviews Mark Toomey, author of "Waltzing with the Elephant: A Comprehensive Guide to Directing and Controlling Information Technology". Framed around the international standard ISO/IEC 38500, Waltzing with the Elephant explains what IT governance is, how it fits into the overall regime of corporate governance and IT service management and also defines the characteristics that organisations should exhibit when they are truly effective in governing their use of IT.

[ MP3 (5.52 MB) | Windows Media (5.61 MB) ]
+

Special Report: Building Smarter Business with Cloud Computing 10 September, 2009 10:27:53

Cloud computing is an important new stage in the evolution of commercial IT, but this technological advancement is still confusing to many senior IT executives. In this special edition podcast, CIO Australia editor Matt Rodgers speaks to Stephen Hains, Director, ANZ IBM, to help clear the fog surrounding cloud computing models.

[ MP3 (8.21 MB) | Windows Media (11.07 MB) ]
+

CIO Industry Insight Podcast #5: Lindsey Armstrong, Head of International Field Sales, Salesforce.com 21 August, 2009 10:13:46

CIO Australia Editor Matt Rodgers talks with Lindsey Armstrong, head of Salesforce.com's international business, about how the global financial crisis is affecting the SaaS provider, the state of the company's partnerships with the likes of Facebook, Amazon and Twitter, and the role that its platform-as-a-service offering, Force.com, will play in the future of Cloud Computing.

[ MP3 (5.99 MB) | Windows Media (8.08 MB) ]
+

CIO Live Podcast #87: Rethinking the Customer Relationship Part II: David Jaffe, co-author of The Best Service is No Service 10 August, 2009 09:46:25

Part II of CIO Australia Editor Matt Rodgers' interview with David Jaffe, co-author of The Best Service is No Service, a new book which asserts that Customer Relationship Managers are using the wrong metrics and should be instead trying to reduce customer contacts by treating service an indicator of dysfunction and figuring out how to eliminate the demand.

[ MP3 (6.32 MB) | Windows Media (6.42 MB) ]

More >

+

CA brings SOA security to open source JBoss 09 February, 2010 10:08:00
More commercial options for widely-used app server

CA has announced its SiteMinder and SOA Security Manager products are now available for the open source JBoss middleware platform.
+

Indian pleads guilty in overseas stock hacking scheme 08 February, 2010 07:50:00
The group of hackers compromised brokerage accounts, then pumped up the prices of stocks

An Indian national pleaded guilty Friday to conspiracy and aggravated identity-theft charges related to an international fraud scheme to hack into online brokerage accounts in the U.S. and use them to manipulate stock prices, the U.S. Department of Justice said.
+

E-mail scam steals €3 million in carbon credits 05 February, 2010 06:47:00
The phishing scheme resulted in losses of up to €3 million from companies

A clever phishing scheme launched last week may have stolen more than €3 million (US$4.1 million) worth of carbon emission permits from companies.
+

Windows 7 Tips: Best Security Features 04 February, 2010 04:52:00
IT can specify which applications can run on employees' desktops

For both enterprises and consumers, one of the big draws of Windows 7 has been its tighter security features.
+

Twitter forces password reset to protect some accounts 04 February, 2010 05:48:00
The company has discovered that log-in information has been stolen in compromised torrent file-sharing sites

Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.

More >

More >

Media Releases

Kyocera takes the guess work out of cutting technology costs 27 January, 2010 17:20:00
Riverbed Provides Seamless Integration Between Network Assessment and Acceleration with Enhanced Cascade Solution 27 January, 2010 15:25:00
Devious Ransom Trojan Takes Your Data Hostage 27 January, 2010 14:08:00
Symantec Simplifies Information Management for Enterprise Organisations with NetBackup 7 27 January, 2010 11:52:00
Extreme Networks announces scalable virtualised infrastructure for managed hosting and enterprise data centres 27 January, 2010 11:51:00

More >

Sign up as a CIO Member to get your FREE issue of CIO magazine today! Check out CIO's Quick Introductions to Technology Topics

IDC Resource | IP VPN: The Key Enabler for an Optimised Enterprise ICT Environment

With the strong upbeat business sentiment on an economic recovery, IDC is expecting that IP VPN services – with multiprotocol label switching (MPLS) taking the lead – will increasingly become the technology of choice among enterprises. Read more now.

CIO Industry Insight Podcast #6: Brenton Smith, Managing Director, CA (ANZ)
Listen to the latest edition of CIO Live which is now available for download.

Listen to the podcast
Sign up to the CIO Live email

Whitepaper

Securing People and Information: How to Protect Against Today’s Web-based Threats

This white paper explores the benefits of an Application Delivery Network, highlighting the ability to protect your users and applications and still deliver outstanding application performance with confidence, consistency and cost-effectiveness across your distributed network.

Read Whitepaper

Brought to you by

Weekly Tech News Update: 5th February, 2010

Weekly Tech News Update: 29th January, 2010

Weekly Tech News Update: 22nd January, 2010

Intel reports strong Q4 on server, PC chip sales

Weekly Tech News Update: 15th January, 2010

Market Place

Don't let IT/data issues keep you awake at night: Moving Data and its storage is mission critical

Small Business Unified Communications for Dummies | Read for UC Overview, Implementation, and Results

True freedom in networking is here! See your cost advantage now with HP ProCurve.

Get complete security protection - Join McAfee's live webcasts and download free whitepapers here

Get your free Harvard Business review on Business Analytics click here

BSA reveals cost of using illegal software

Legacy Tools: Not Built for Today's Helpdesk | Best practices in supporting remote employees while cutting costs

IDC Executive Brief | Application Networking: Optimisation, Acceleration, and Virtualisation

Click here for Australia's data centre industry guide

Take the virtualization assessment to see how much your business can save with VMware by reducing IT costs while allowing increased IT efficiency and availability.

Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate

Advertisers Click here to advertise your jobs to thousands of job seekers monthly.

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

CA brings SOA security to open ...

Report: Google to make Gmail m ...

Oracle buys AmberPoint for SOA ...

Union Pacific Railroad ditches ...

Free BlackBerry Apps: Your Sma ...

"<a href="http://www.webmasterpro.de/portal/news/2010/02/05/international-op ..."

"<a href="http://www.webmasterpro.de/portal/news/2010/02/05/international-op ..."

"Every business need good leader with excellent skills to achieve success in ..."

"I think they should have managed the customer support planing prior to rele ..."

"Whether or not CIOs or IT personnel use cloud computing or virtualization f ..."

Related Articles

References

Comments