Friday, March 13, 2009

For the Love of God, You're Doing it Wrong!!!

Maybe it's just an angry Friday morning for me, but I feel the need to attack PCI. Anoton Chuvakin tweeted a blog post that he saw today, and I couldn't help myself. It's not a new article, but it matters not, since I still found points hilarious.

From Robert Westervelt, News Editor of searchsecurity.com:

Speaking to a group of merchants at a recent PCI DSS conference, Mellinger, who developed the precursor to the current PCI DSS rules, is calling for an overhaul to eliminate subjectivity and ease restrictions to get more merchants to meet the standard.

"I would rather they set the bar lower and then raise it once more merchants have complied," Mellinger said. "The more people we can get compliant, the better off we are."

HOLY CRAP!!!! How can you set the bar lower than PCI? Don't you love how it ties in so nicely with that last sentence about being better off with more people compliant? TRANSLATION (From Google's douche->English translator): The more people that have to pay me to say they are compliant, the better off we are. It continues...

"PCI is the best safeguard to protect a company if there is a problem and there will be incidents," Mellinger said. "But when banks come in and do their audits and don't look at the PCI findings, that's a problem."

How do you type a groaning noise? Uuuughhhh... Sorry, I tried, that doesn't really capture my disgust, but you get the idea. Guys, gals, if you believe that PCI is the best safeguard to protect a company then you are doing it WRONG. For the love of God, you're doing it wrong.

3 comments:

Rob said...

You sure that wasn't a Master P "Uuuughhhh"? Anyway, just look at the last year and all the breaches of places that were supposedly compliant. And they want to *lower* the requirements.

CurtW said...

the fiscal and resource-constrained reality

inertia and corner-cutting mentality

is seen here in it's totality

by those who deal in fatalities

open one eye, close the other eye

you're secure as can be with PCI

Nate McFeters said...

That was awesome... I can't believe a Poem about PCI was published on my blog.

CurtW, you realize by posting on my blog you give up all rights and ownership in totality to your post.

Good, now that that's out of the way :)

Awesome.