This posting addresses the author’s efforts to argue that we need to keep PCI-DSS alive.   And, with all of the concern lately about increasing government regulation efforts, and the growing number of data breaches in the Payment Card Industry (PCI), the question is a valid one to discuss — whether you agree with the author or not.

There are strong opinions today that the attempts to protect our rights to privacy and personal identity by the PCI-DSS (Payment Card Industry Data Security Standard) have been falling short of expectations.  Many feel there is a need for a change.  We believe the author makes a strong argument for favoring a continuation of some form of self regulated approach. 

Click here to read this opinion.

In this recent article published by the Associated Press (AP), Jordan Robertson, AP Technology Writer we can read about conflicting status reports about the credit card industry.  The basis of this article comes from the results of the AP’s analysis of data breaches going back to 2005 — bottom line findings — the rules of the credit card industry’s efforts, as contained in their PCI-DSS policies,  are  cursory at best and all but meaningless at worst.

Another claim made  in this article also states that a key reason the industry established the PCI-DSS policies was that the banks and card brands really don’t want the government regulating credit card security.  These companies also want to be sure that their transactions keep working will throughout their systems — which at the same time, could be a reason why those same banks and card brands are willing to tolerate certain percentage levels of fraud within their systems.  To some degree, fraud is seen as a cost of doing business and if too many security measures are added, then the “gears of the payment system” — which is built on speed, convenience and low cost — would not work at the current levels of requiered efficiency.  Result — these motivations and drivers seem to be  at odds with the levels of security required by recent surveys from consumer groups and from the current language of consumer protection coming from the federal government.

Yet, there seems to be no debate that identity theft, data breach and consumer data protection in general are on the rise, and, that the credit card industry is one of the areas where these increases of breach activity have occurred over the last few years. 

We welcome your thoughts, comments and opinions on this controversial topic ….

Click here to read this article.

These tips can help you make sure you are PCI compliant and tell you what it may cost your company if you aren’t.

June 26, 2008 — CIO — CIO.com and CSOonline.com team together to bring you the most pertinent information on PCI compliance. Whether you think you’re already in compliance or you’re in complete denial of the June 30, 2008 deadline, these tips can help you make sure you are compliant and tell you what it may cost your company if you aren’t.

FUD Watch: Vendor Hype Escalates Over PCI Deadline
Monday is the day merchants must be in compliance with PCI DSS Requirement 6.6. That means the security vendor PR machine is in overdrive.

PCI Is Security Simplicity, Not Complexity
Payment card industry data security: the standard that makes people stupid.

All About the PCI Data Security Standard
More than just another data-security standard, the PCI program is corporate America’s most ambitious effort yet to prove that it can self-regulate. But even a standard with everything going for it might not be enough to stop the loss of credit card data.

A Guide to Practical PCI Compliance
Myriad merchants find themselves at the end of the PCI compliance barrel and are spending significant amounts of time, money and effort in achieving PCI compliance. Advice from companies that have been there can help smooth your path.

Acceptance Growing for PCI Security Standard
PCI chief says the PCI DSS security requirements have gained considerable momentum in the US and globally.

PCI: Smart or Stupid?
The data security standard isn’t as complex as some would have you believe.

PCI Standards Body Moves Ahead on Payment-Application
PCI Security Standards Council releases list of certified payment applications under Payment Application Data Security Standard.

Does the PCI Standards Council Have a Clue?
In version 1.1. of the PCI DSS (Payment Card Industry Data Security Standard), there are requirements for securing the application layer of a credit card.

The PCI Data Security Standard
Learn about the validation requirements of the payment card industry’s data security standard (PCI DSS), including administrative and technical elements of the program, and the potential sanctions for failure to comply.

Building a Strategic, Comprehensive Solution for PCI-DSS Compliance
Security trends and hacking techniques are continually changing and, as a result, the PCI-DSS continues to evolve. To stay ahead of these trends and prove compliance, your organization needs a powerful solution for collecting and monitoring user activity. Learn more about how you can use compliance as a means of competitive differentiation.

Industry View: Calculating the True Cost of PCI Non-Compliance
Compliance costs, but the cost of non-compliance may be more.

Payment Card Industry Compliance
Ignoring the PCI Data Security Standard is risky business. Here’s how you can prepare for compliance.

Do We Need Whistle-Blower Laws in Security?
Security laws aren’t all black and white.

PCI Is Security Simplicity, Not Complexity
The payment card industry data security standard seems to make relatively smart people instantly dim-witted as they complain about its so-called complexity.

Can Mid-Market Merchants Comply with PCI Standards In Time?
If you want to transact business with credit cards, you have to follow the rules: the payment card industry security standards. Companies that don’t comply face fines or worse. So why aren’t more mid-market merchants already in compliance?

One-third of Visa Merchants Missed Security Deadline
Companies face fines for non-compliance.

Why Should Merchants Keep Credit Card Data?
The retail industry advocates keeping a bare minimum of customer financial information. Just enough to still serve your customers without providing potential thieves what they need.

Crushed by Compliance Tyrants
Are you beset by compliance regulations that just don’t make sense? Cutting back on important security measures to pay for them?.

Tear Down that Silo: Compliance in the Executive Suite
Treating compliance as a one-time project costs far more for IT measures than if you take a proactive and integrated approach.

I’ve Got My CrankyPants on Again
Will PCI’s PA-DSS (Payment Application Data Security Standard) be a mess?
 

© 2008 CXO Media Inc.