What does being PCI DSS compliant really mean?
Posted by: Scot Petersen
PCI DSS, compliance, Visa, data leakage, podcast
There is a big difference between being PCI DSS compliant and being “certified” as PCI DSS compliant, says e-commerce expert Evan Schuman of StorefrontBacktalk.com in this edition of the IT Compliance Advisor weekly podcast. Because audit results can sometimes be subjective, the results could mean that some retailers may not really be compliant even though someone says they are, he says.
The PCI DSS specification is under fire for enabling such ambiguity. The House Committee on Emerging Threats, Cybersecurity and Science and Technology recently held a hearing on PCI and concluded that it has been inadequate in stopping credit card transaction data leakage. The administration of PCI DSS by credit card giant Visa is one reason, Schuman says. Find out more in this podcast.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=db1ae10c-29a1-4d6b-b859-a17129e25c49)
Comment
RSS Feed
Email a friend
You must be logged-in to post a comment. Log-in/Register