PCI: "Follow the Standards to the Letter"
An interesting quote from Bob Russo on how the PCI standard should be followed:
Bob Russo, the general manager for the PCI Security Standards, a group that devises data security measures for the five major credit card companies, said almost all data breaches are the fault of the merchant."Everybody that has been breached has been noncompliant with the standard," he said, noting that the circumstances of the Hannaford breach are still too murky for him to render a judgment about. "If you follow the standards to the letter, it puts enough of a hard shell around the data that it is hard to get to."
Full story here.
My question, what about all those emails from the PCI Council, the card brands, acquiring banks and payment processors that purport to resolve ambiguities and which may not be "to the letter" of the PCI Standard? And that question reveals the potential problem from a legal standpoint.
Trackbacks (0)
Links to blogs that reference this article
Trackback URL
http://www.infolawgroup.com/admin/trackback/163564
http://www.infolawgroup.com/admin/trackback/163564
Comments (0)
Read through and enter the discussion with the form at the end
Post A Comment / Question
Use this form to add a comment to this entry.
Send To A Friend
Use this form to send this entry to a friend via email.
