My Fast Cash Instant Approval
Credit Cards
Travel Reward
Credit Cards
Prepaid
Debit Cards
Bad Credit
Credit Card
Business
Credit Card
Student
Credit Cards

February 20,2009

  • Is PCI Compliance Defunct Already?, Pt.2
      Who's to Blame?

    Previous...

    What is known, at this point, is that enough information has been compromised to manufacture counterfeit credit cards. Not enough information has been compromised for identity theft. So, by closely monitoring their credit card statements, the risk to consumers is very limited. The risk to merchants, however is not. The risk to banks and credit card associations could have been substantial but now, the greatest loss seems to be the overhead of replacement accounts. The number of incidences seems incredibly small considering that, nominally, the profiles of 100 million credit card transactions have just been stolen.

    That does raise the question of what the ultimate total number of credit card transactions involved will turn out to be when the tally is finally publicized. How long was the ‘sniffer malware' in operation? We do know that Heartland has a very large number of small clientele and that about 195.000 of their merchant-customers have been notified of possible risk. As far as listing them all to the public, that would be tantamount to an even greater security breach. Forty percent of the credit card transactions were from these smaller businesses, most of them in the restaurant industry.

    Knowing all this, can we blame PCI compliance security or, even Heartland? We could fairly state that neither of these is perfect. But consider that, not so long ago, security was much, much worse. Of course, evil diabolicals weren't as sophisticated either. When PCI became mandatory, the whole industry shuddered under the weight. It seemed like overnight, the standard 10 levels of password security on a workstation weren't nearly enough to take a coffee break. Suddenly, it was grounds for immediate termination for just leaving one single credit card number (just the number, nothing more) unencrypted anywhere on your 20kazillion byte hard drive for a coffee break. These people were serious. So, where-in lies the problem? Gretchen Hellman, vice president of security solutions at Vormetric, sums it up when she explains that "every organization's risk profile, processes and systems are different."

    Continued...
    Back to Articles Main Page