Prioritized Approach to PCI Compliance Doesn’t Go Nearly Far Enough
Written by David TaylorMarch 4th, 2009
After breaches of at least two major card processors, the card brands and the standards committee are on the defensive and have finally bowed (somewhat) to the complaints of the merchant community by introducing a risk-based "Prioritized Approach framework" as a response to the recent data breaches of supposedly PCI compliant companies.
Unfortunately, opines GuestView PCI Columnist David Taylor, it does not go nearly far enough.
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
I have strong reservations about the 'individual' certification and posting of that information for merchants. Can you imagine the potential employee poaching that might occur? The implications when competitors can look up how many are certified with each of their competitors? 
-Christine
