An article relating to this blog post on Finextra:
Visa calls for collaboration and investment to fight card fraud
Visa (NYSE: V) chief enterprise risk officer Ellen Richey told security experts today that payment card data fraud rates remain near historic lows despite economic woes and high-profile compromises, a...
See article
This whole PCI DSS compliance thing is beginning to make my head hurt.
Here, Visa chief enterprise risk officer Ellen Richey says: "PCI DSS remains an effective security tool when implemented properly - and remains the best defense against the loss of sensitive data. No compromised entity to date has been found to be in compliance
with PCI DSS at the time of the breach."
So neither Hearltand Payment Systems or RBS WorldPay were PCI-compliant when they were looted by Internet criminals earlier this year?
Well, er, yes...and no. Both had received certification from Visa, but that certification measures compliance only at the time of the audit.
It's a clever get-out for Visa, fearing repercussion from future legal tussles with banks and card customers. On the one hand, it can claim that the industry is working to clean up its act by enforcing the standard - and on the other, that compliance certification
is worthless after the fact.
It's a distinction that would make Lewis Carroll proud.