IT Compliance Advisor

Apr 13 2009   7:08PM GMT

What does being PCI DSS compliant really mean?

Scot Petersen Scot Petersen Profile: Scot Petersen

There is a big difference between being PCI DSS compliant and being “certified” as PCI DSS compliant, says e-commerce expert Evan Schuman of in this edition of the IT Compliance Advisor weekly podcast. Because audit results can sometimes be subjective, the results could mean that some retailers may not really be compliant even though someone says they are, he says.

The PCI DSS specification is under fire for enabling such ambiguity. The House Committee on Emerging Threats, Cybersecurity and Science and Technology recently held a hearing on PCI and concluded that it has been inadequate in stopping credit card transaction data leakage. The administration of PCI DSS by credit card giant Visa is one reason, Schuman says. Find out more in this podcast.

Reblog this post [with Zemanta]

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: