Today, the American Hotel & Lodging Association (AH&LA), along with several other similar trade associations, sent a formal written joint request to the Payment Card Industry (PCI) Security Standards Council.  In that request, they listed several recommendations that they believed would make their use of the PCI credit, debit and gift card usage more cost effective and, at the same time, a more efficient process.

As we have seen in several prior postings on this blog concerning the credit card industry, information security and privacy requirements of that industry, there is a growing concern by federal, state and local regulatory agencies that more needs to be done to secure the rights of an individual’s privacy whenever they transact purchases with their credit and debit cards.

The presented recommendations for change in this article are a great listing of continuous improvements that should, if implemented, reduce costs of compliance for all parties involved.

In this article, it was implied that if the PCI Council does not heed their concerns, then full agreement was reached to pursue other available options — i.e. legislative action(s) in Congress or regulatory changes. 

Do you agree with this action by the AH&LA?

Click here to read this article.

We believe that the new government website www.govinfosecurity.com is a useful tool for obtaining securityand privacy related activities.  The central theme in a recent article by Eric Chabrow, Managing Editor, stated that quick notification of breaches of computer systems must be given to law enforcement officials.  The point was made because surveys and experience indicate that data breaches are significantly underreported.    

 The example of a recent data breach at the restaurant chain Dave & Buster was cited and explored for reasons why Congress should now enact legislation to compel such action.

Do you agree with this recommendation to Congress?  Or, do you believe that the levels of security provided by the PCI-DSS requirements are already enough to have in place to deal with the data breach problem?

Click here to read this article.

This posting addresses the author’s efforts to argue that we need to keep PCI-DSS alive.   And, with all of the concern lately about increasing government regulation efforts, and the growing number of data breaches in the Payment Card Industry (PCI), the question is a valid one to discuss — whether you agree with the author or not.

There are strong opinions today that the attempts to protect our rights to privacy and personal identity by the PCI-DSS (Payment Card Industry Data Security Standard) have been falling short of expectations.  Many feel there is a need for a change.  We believe the author makes a strong argument for favoring a continuation of some form of self regulated approach. 

Click here to read this opinion.