Posted by:
admin
14 years, 10 months ago
According to this article on InformationWeek:
The Payment Card Industry Data Security Standard--known as PCI DSS, or just PCI--is meant to safeguard cardholder data. Yet, 67% of PCI-regulated companies are still not in full compliance with the standard.
At the same time, the PCI Council has pointed out that if you have a call-center that processes credit card data, it needs to be in scope.
I'm firmly in the camp that PCI is "raising the security floor". We know from experience that organizations that never would have before are deploying two-factor authentication to their infrastructure. I think that two-factor authentication is, in particular, a technology that indicates a change in the market. Deploying strong authentication affects end-users, as opposed to deploying an application firewall, for example. While great strides have been made, clearly, the PCI effort still has a long way to go.