Another PCI Suggestion

PCI back where it belongs: really low. Questions for companies would be: - You'‘re compliant now, but what about tomorrow? - Are you barely compliant or very compliant? - You just had an incident, now what? Are you still compliant? - Got some money? I'‘ll rubber-stamp you compliant on the list. Here's a Hack..err..PCI-Safe Seal for you to display… The media, and thus to a lesser extent the general public, don'‘t understand that security is not absolute. The public may not really care, but the media really loves to report sensational stories about how so-and-so was broken into…but that's just how it is. There will always be fodder for the media, always be some level of insecurity. It can'‘t be solved. The more PCI is thrown out there, the more it will be devalued. But for us, this is good! The value of PCI is already over-inflated due to our hyper-sensitivity to data breaches, indentity theft, fraud, and companies that are behind in keeping up with preventing/detecting such things.

Amen. While you'‘re at it, let's provide details on breaches instead of keeping it behind closed doors - especially fines. Money makes the world go round and most companies won'‘t or can'‘t react without some financial reason to do so. Due diligence is like bigfoot. It's been spotted, but can'‘t be proven to exist :)

If there was a list published of who is compliant and who isn'‘t, would that not allow individuals to know who to target and who not to. Years ago it was an issue of popularity and now an issue of money. I think coming up with the list would allow those who want to bring popularity back would so enjoy reading the list. Imagine a company that is compliant intentionlly coming under attack just because they have done due diligence with the PCI DSS mandate.

Wed, March 19, 2008 8:51pm Ah yes, the PCI Hall of Fame and Hall of Shame. Not a bad idea, but to be honest, I don'‘t think consumers care *that* much. Or rather, as much as we don'‘t want to admit it, there are other factors that go into selecting a store to shop at, and security of your card data is just one piece of that. Now if you were to tie it off with somebody like Consumer Reports or other consumer-related groups, then you'‘re talking nummie goodness on many different levels.