PCI Compliance is Insignificant if Not Fully Implemented
PCI Compliance is Insignificant if Not Fully Implemented
Lumension forensic analyst Paul Henry urged PCI to enhance its miimum acceptable standards to eliminate credit card breach.Henry pointed that PCI ‘failed to adequately address consumer risk by not mandating end-to-end encryption as part of its requirement, allowing the use of compensating controls in lieu of encryption in order to spare those under PCI requirements from the expense of properly securing the data they were entrusted to protect'.
Henry also specified firewall as one of the requirements PCI compliance should focus on. PCI currently requires a packet filter, despite the growing need for an application layer firewall.
“Hence, you could simply layer IDS signature on top of your packet filter and call it an application firewall and meet the requirement. A real opportunity to raise the bar for the good of all was completely missed – for no other reason than perhaps to reduce the cost of being PCI compliant," Henry said.
In conclusion, Henry claimed PCI compliance will become invaluable if its standards and policies will not be revamped.
“It is moving yet further away from protecting cardholders'/consumers' interests, which in my opinion should be the primary if not the only focus of PCI. PCI and the industry must raise the bar and not seek to lower it or be faced with a greater risk of governmental regulation, a potential greater risk to the industry as a whole," Henry added.
- Littlefish Rescue Unavailable
- Main
- Rescue Me
- I'm on a Mac! Please Rescue Me
- Features
- Utility Computing
- Privacy
- Offers
- Jobs
- Testimonials
- Carbon Friendly
- Sitemap
- Our Culture
- Contact Us & Our Clients
- Company
- IT Support
- IT Services News
- Disclaimer
- IT Companies
- IT Services
- Emergency IT Support Cover
- IT Support Local Areas
