The Network Hub

A SearchNetworking.com blog

» VIEW ALL POSTS Jan 15 2009   6:47PM GMT

PCI Compliance: Not easy, but not optional



Posted by: Michael Morisy
Tags:
compliance
Security
WEP
Wireless

While working on a story about how updates to PCI compliance rules will phase out WEP for retailers who process credit cards, I came across one of the more interesting takes on PCI compliance, by Anton Chuvakin, whose written or contributed to a number of books on the subject and now works at compliance solutions company Qualys.

As Anton sees it, there are two camps in the compliance world:

1. “Please, please make PCI easier by letting us skip the requirements; or, better, just let us ‘SAY YES ON THE SAQ!’” camp.
2. “We know that our security program makes us PCI –compliant; please make it easier for us to prove it!” camp.

For the former, Anton recommends ScanlessPCI*, a simple, quick banner that shows your customers you are PCI compliant — while actually proving, and doing, nothing.

The latter camp, in which I hope (pray?) most of our readers fall, might be better served by investigating tools and techniques to help prove that their security passes muster, which is exactly the advice Petco’s vice president of network and store systems J. Smith gave me.

“All vendors are definitely not created equal,” he said. “And all you have to do is ask your vendor where they stand in terms of upcoming compliance.”

If you’re looking for some more insight into how you can make sure you’re headed down the right path, you’re in luck, because TechTarget has just launched a brand new IT Compliance Advisor Blog, and SearchCompliance.com is launching tomorrow for all your PCI — and other — compliance needs (a sneak preview is up today in case you can’t wait).

But the takeaway message? Even as everything else in the world seems to be getting cut back, the cost of PCI violation fines or, worse, an actual intrusion, is too great to risk. Trying to go the ScanlessPCI route is as deluded as thinking you’ll get money for nothing …

[kml_flashembed movie="http://www.youtube.com/v/aNaKWXqXkhw" width="425" height="350" wmode="transparent" /]


*NB: ScanlessPCI is, of course, a joke service, legitimate as the page may look. Don’t expect your compliance officer to be pleased if you try and pass it off!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: