Visibility & PCI Security
I'm a fan the PCI security standard from Visa, Mastercard and American Express. It is a tight in all the right ways and loose in the right ways. It tells credit card processors and merchants explicity that they must use two-factor authentication for remote access, but nothing more. If PCI has a problem, it is that it will be too little too late to protect card holder data and stave off regulation. The structure of the credit card industry makes it tough for it to be otherwise. Will making retailers liable for credit card breaches help? I'm not sure.
To me one of the biggest problems is a lack of information regarding the security practices of credit card processors and merchants. Is there a place we can go to see if the credit card processor we're considering has passed their PCI audit? If my processor fails their PCI audit, are they required to notify me and their other merchants?
The credit card industry is a duopoly at the top, with Visa by far the biggest. They can make this kind of change happen. While they risk angering their customer, it will probably be better than more regulation.
- Category(s)
- Security and Economics
- Phishing and Fraud
- PCI
- The URL to Trackback this entry is:
- http://www.wikidsystems.net/WiKIDBlog/visibility-pci-security/tbping
Re:Visibility & PCI Security
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
