Group items tagged

The PCI DSS standard was released back in December 2004 and was quickly hailed as one of the most important private-industry data security standards ever developed. Over the past few years, however, amid a steady stream of news about breaches and thefts, the PCI DSS standards has been roundly criticized. At a congressional hearing this month, one congresswoman said, "I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure." Many would agree. A case in point noted by Network World: The breach at Hannaford Brothers, where hackers installed malware on the grocery store chain's internal servers to seize card numbers as they were swiped by customers. Hannaford was certified a PCI DSS-compliant company as the scam was in progress. Heartland Payment Systems, before its scam broke in the news, was also certified compliant by Visa. Visa defends the standard as a way to minimize theft if properly implemented, and you certainly can't blame PCI DSS entirely for recent thefts. For all we know, there would have been many more if not for the standard. Still, the general view is that the PCI DSS standard has become overly complex and has done little thus far to stop fraud, as fraud artists get sophisticated technologically.