From Robert Westervelt, News Editor of searchsecurity.com:
Speaking to a group of merchants at a recent PCI DSS conference, Mellinger, who developed the precursor to the current PCI DSS rules, is calling for an overhaul to eliminate subjectivity and ease restrictions to get more merchants to meet the standard.
"I would rather they set the bar lower and then raise it once more merchants have complied," Mellinger said. "The more people we can get compliant, the better off we are."
HOLY CRAP!!!! How can you set the bar lower than PCI? Don't you love how it ties in so nicely with that last sentence about being better off with more people compliant? TRANSLATION (From Google's douche->English translator): The more people that have to pay me to say they are compliant, the better off we are. It continues...
"PCI is the best safeguard to protect a company if there is a problem and there will be incidents," Mellinger said. "But when banks come in and do their audits and don't look at the PCI findings, that's a problem."
How do you type a groaning noise? Uuuughhhh... Sorry, I tried, that doesn't really capture my disgust, but you get the idea. Guys, gals, if you believe that PCI is the best safeguard to protect a company then you are doing it WRONG. For the love of God, you're doing it wrong.
Posts
3 comments:
You sure that wasn't a Master P "Uuuughhhh"? Anyway, just look at the last year and all the breaches of places that were supposedly compliant. And they want to *lower* the requirements.
the fiscal and resource-constrained reality
inertia and corner-cutting mentality
is seen here in it's totality
by those who deal in fatalities
open one eye, close the other eye
you're secure as can be with PCI
That was awesome... I can't believe a Poem about PCI was published on my blog.
CurtW, you realize by posting on my blog you give up all rights and ownership in totality to your post.
Good, now that that's out of the way :)
Awesome.
Post a Comment