Jan 18 2010

The Great PCI Security Debate of 2010: Part 2

Published by at 7:48 am under PCI,Podcast

This is part 2 of a conversation that CSO Online Senior Editor Bill Brenner agreed to record with Martin, sparked by a few comments Joshua Corman made likening PCI to ‘No Child Left Behind”.  In Part 1, our cast of characters outlined some of their basic ideas on how PCI and compliance in general is affecting security.  Here in Part 2 we have a chance to rebut some of the points made in the first half.  This was a lot of fun for us and you may be seeing (hearing?) a smaller group of us get together on a monthly basis to keep this conversation going.

Network Security Podcast, PCI Debate Part 2
Time:  37:29

Show Notes:

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “The Great PCI Security Debate of 2010: Part 2”

  1. Sebastian K├╝beckon 24 Jan 2010 at 9:14 am

    Thanks for recording the debate! Really enjoyed it!

    For me, the result of this debate is clearly that the PCI DSS has a levelling effect on merchants (including PSPs). Merchants with bad security practices get better while merchants with excellent security practices get worse.
    As the group of merchants bad security practices is by far bigger than the other one, we will likely see less merchants getting breached in total.
    On the other hand, I guess that the majority of merchants with excellent security practices prior to PCI DSS are also the ones that process most credit card data. This will likely end in a situation where we have less breached merchants but more breached records.
    The Verizon breach report is already pointing in that direction (by far most breached records at major Level 1 merchants). The question is if this is what card brands and customers really want from the PCI DSS?

%d bloggers like this: