Navigation

PCI DSS! Is The Payment Industry Serious About Getting and Keeping Itself Secure?

Sep 10, 2007

The PCI DSS program has been in place in its original incarnation as AIS/CISP since 2001! Why is it then that so few organizations world wide are not compliant? Why is it then that so many service providers are still doing business "flying under the radar screen"??? Could it be that the Card Association isn't serious about security? Or could it be because politics and people in decision making power positions lack the real hands on knowledge and expertise regarding online payment systems and applications to make this well intended and very necessary, supposedly mandatory, security program move forward quickly and effectively? It has been 6 years since the program began its pilot as AIS/CISP!

Gartner analysis suggests that PCI audit program has been “shallow, random, & incomplete”

Gartner believes program needs to be updated with more practical implications

Some requirements impractical to implement such as card level encryption, require support of POS manufacturers

Visa & MasterCard may not be able to effectively support the program apparently unable to answer program questions especially in the area of mitigating controls.

PREVIOUS POSTS
Nov 17.06 | I’ll Take a Ticket on You Kid!

About 6 pm, Wednesday evening October 25, Jimmy, my dearest friend and mentor, transitioned into heaven to begin the next phase of his life! A time for great sorrow and great celebration! read more

May 26.06 | Big Money, Bigger Lifestyle, Biggest Lies!

You know my two sons consistently tell me that I am too honest to be in business. My consistent reply back to them is nonsense. There is no such thing as being too honest in business. I take great pride in always standing in my truth and knowing that my word can be trusted. read more

May 08.06 | What is Happening with My Opinion?

What is My Opinion? read more

ARCHIVE