While it is doubtful that the outcome of the court case will set the PCI standard back on its heels, it does have the potential to cause a minor tremor throughout the PCI community for a couple of reasons:
- The fine schema by the card processors for breaches appears (note word!) to be inconsistent. As the article points out, Mastercard hit Genesco up for $2 million in fines for the same data breach that Visa asked for $13 million. This may or may not be an indicator of the ratio of card numbers/accounts that were exposed.
- If Genesco can credibly demonstrate that it was, indeed, in compliance with the PCI-DSS at the time of the breach then it may (again, note word :) ) cause folks to awake to the notion that PCI compliance does not mean that an organization is secure. If this happens, then retailers and merchants may question the validity of the standard only insofar as pertains to the fines and penalties levied by the card brands. If this occurs, it could open the floodgates regarding more sharing of the pain around data breaches between merchants, payment processors, and the brands themselves.
You can read the full article here. Enjoy!
No comments:
Post a Comment