Friday, April 03, 2009

Does PCI Works?

This is a news from Computer World.

Payment card industry's data security rules aren't working, critics say; (and of course ) VISA, PCI council continue to defend stand.

Some evidences:
  • Hannaford was certified as PCI-compliant by a 3rd-party assessor in Feb 2008, just 1 day after the company was informed of the system intrusions (which had begun 2 months ago).
  • RBS WorldPay was certified as PCI-compliant prior to breaches that the payment processors disclosed in Dec 2007 and Jan 2008 respectively.