Payment card industry's data security rules aren't working, critics say; (and of course ) VISA, PCI council continue to defend stand.
Some evidences:
- Hannaford was certified as PCI-compliant by a 3rd-party assessor in Feb 2008, just 1 day after the company was informed of the system intrusions (which had begun 2 months ago).
- RBS WorldPay was certified as PCI-compliant prior to breaches that the payment processors disclosed in Dec 2007 and Jan 2008 respectively.