Thursday, May 24, 2012

My Take on PCI DSS Compliance

As promised, I finished my PCI usefulness post. It can be found on the Shift4 4titude site:

As the title suggests, it is not a glowing review of PCI, or more specifically PCS DSS compliance. Anyway, I don't want to give away too much here. Enjoy.

Thursday, May 17, 2012

Global Payments Breach Growing

The latest reports I read are that the Global Payments breach started in January 2011 -- more than a year earlier than initially thought. To me the story here is that during this timeframe Global Payments went through at least two onsite PCI audits and neither caught the breach in progress. Since Visa and MasterCard were so quick on pulling Global Payment's PCI certification, should they not also pull the QSA's certification(s) as well? I'm not sure if there were more than one QSA involved nor am I certain who it was -- but that does not really matter as my next post will describe. I am currently writing a post on the usefulness of PCI, or lack thereof. Stay tuned...