Visa: Post-breach criticism of PCI standard misplaced
- 20 March, 2009 07:37
- Comments
Visa's top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.
Speaking at Visa's Global Security Summit in Washington, Ellen Richey, the credit card company's chief enterprise risk officer, insisted that despite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) "remains an effective security tool when implemented properly."
Richey added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been "substantial progress" on the security front over the past year.
"I'm sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," Richey said, referring to the Heartland breach. "The fact is, it never should have" - and indeed wouldn't have if Heartland had been vigilant about maintaining its PCI compliance, according to Richey. "As we've said before," she continued, "no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach."
Pointing to Visa's decision last week to remove both of the breached payment processors from its list of PCI-compliant service providers, Richey said that Heartland would face fines and probationary terms that were proportionate to the still-undisclosed magnitude of the breach. "While this situation is unfortunate, it does not make me question the tools we have at our disposal," she said of the PCI rules.
Richey's defense of PCI DSS and criticism of Heartland come as Visa, which has taken the lead among credit card companies in seeking to enforce the standard, is itself facing some criticism over its enforcement actions.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Data breach? Here's what to do, when and how
- Q&A: Head of PCI council sees security standard as solid, despite breaches
- Heartland data breach sparks security concerns in payment industry
- Heartland data breach could be bigger than TJX's
- Visa drops Heartland, RBS WorldPay from PCI compliance list after breaches
- Banks, credit unions begin to sue Heartland over data breach
- What is the PCI Knowledge Base?
- Look both ways - Protecting your data with content inspection
- Case Study: Keeping information on the move: Clearswift protects Maman, the logistics experts
- Eight things senior managers need to know about data encryption
- The State of Data Security
- Forrester Research | Your Enterprise Database Security Strategy 2010
-
Jailbreak of Apple iOS 5.1.1 due 'in days'
-
Nokia launches new Windows Phones
-
Nokia Lumia 900, 610 heading Down Under
-
Consider desktops in the cloud for BYOD
-
Samsung Apps store hits 100 million downloads
-
Hacking RSS and Atom
-
Digital Photography for Dummies, Quick Reference
-
Java Concepts 4E eGrade Plus Standalone Access
-
Microsoft Office XP Step By Step Courseware
-
Webex Web Meetings for Dummies
-
Unix for Dummies Quick Reference, 4th Edition
-
Professional Visual Studio 2008
-
Windows XP Visual Encyclopedia
-
Ecai 92 10th European Conference on Artificial Intelligence Held 3/7.8.1992
Comments
Post new comment