Welcome Guest | Sign In
ECTNews.com
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider
Discussions

E-Commerce Times Talkback

 
ECT News Community   »   E-Commerce Times Talkback   »   Re: Breaches Make a Mockery of PCI Security Standards



Re: Breaches Make a Mockery of PCI Security Standards
Posted by: Jason Z. Cohen 2008-05-14 05:36:49
See Full Story

The restaurant-slash-arcade-slash-bar Dave & Buster's is the latest U.S. outlet to suffer a breach of its credit card processing system. Hackers based in Ukraine and Estonia -- assisted by a guy in Miami -- apparently installed packet sniffer malware at the point of sale systems in several D&B outlets, which siphoned off "Track 2" data as the information was being transmitted over the company's network from the point of sale server to a data processor's server.


PCI - Reiteration
Posted by: grwilliamson 2008-05-14 07:28:11 In reply to: Jason Z. Cohen
Jason, from what I have seen it is a long time coming, most organizations, enterprises will not even make this years cut-off date.

The flip side is, being PCI compliant does not at all mean you are secure. If we build our security based on the current standard (ISO27001/ISO27002), which itself is "always" updated,then we are all that much better off.

Simply stating "we were compliant" at the time of the compromise is similiar to "we are 100 percent secure against any/all vulnerabilities" Neither statement is ever true in todays rapid changing technology.

Sorry, but I disagree.............
Posted by: nellwal 2008-05-14 05:52:32 In reply to: Jason Z. Cohen
The PCI is not a "fairly basic set of rules" it's a relatively strict standard if followed properly. But, the problem lies in how the standard is applied and AUDITED. Auditors can only test what they are told about. If these data breaches were more closely examined I think you would find that either the auditor is not being told everything, or, as soon as they leave all attempts to comply with PCI go out the window under operational pressures. Since IT is often not seen as a "revenue producer" by the business side (which of course makes no sense) many IT managers have to fight to get resources they need to continue meeting the standard on a day to day basis. If the standard is made tougher, that's only going to force more companies into a position of rolling the dice by covering up problems, even more so than they are right now.
Jump to:
Which type of online advertising is most likely to attract your favorable attention?
Straightforward display ads
Ads based on my interests
Informational articles on products/services
Video ads
Ads designed to grab my attention, e.g. pop-ups, autoplay
None -- I avoid all online ads